Message from JavaScript discussions

November 2016

— November 23, 2016, 4:38 AM

Please be aware that Node.js v7.2.0 was released today and includes a small security update arising from libuv:

libuv v1.10.1 reverts a change that was introduced in v1.10.0, included in Node.js v7.1.0. The reverted code was found to contain a potential buffer overflow in output written to the console. We are not aware of any exploit of this flaw and it only impacts Windows 10 (November update and later). This flaw has been assigned the identifier CVE-2016-9551 and was originally discovered and reported by Hitesh Kanwathirtha of Microsoft.

Users of the v7 release line running on Windows 10 should upgrade to Node.js v7.2.0 at their earliest convenience.

No other version of Node.js is known to be impacted by this flaw

Message permanent page


"Last month, npm version 4 was released, and after several weeks of debugging and fixes by the npm CLI team, the recent release of v.4.0.2 means npm4 has been promoted to npmlatest." - via NPM Newsletter

— Thanks for the heads up elxris :)

— +1

— You're welcome :)
And, if any of you think there's a important news to share, don't hesitate. :)

— Hello everyone I'm Julian :)

— Hi Julian! Welcome to the party 🎉

— Thanks, I hope to contribute a lot :)

— We would be pleased 😁

— Welcome to the party 🎉

— Ok

— Https://

Message permanent page