惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
B
Blog RSS Feed
宝玉的分享
宝玉的分享
腾讯CDC
博客园_首页
T
Tailwind CSS Blog
月光博客
月光博客
博客园 - 司徒正美
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
M
MIT News - Artificial intelligence
A
About on SuperTechFans
云风的 BLOG
云风的 BLOG
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
有赞技术团队
有赞技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
大猫的无限游戏
大猫的无限游戏
MongoDB | Blog
MongoDB | Blog
博客园 - 聂微东
V
Visual Studio Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
SecWiki News
SecWiki News
美团技术团队
P
Privacy International News Feed
H
Help Net Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Microsoft Security Blog
Microsoft Security Blog
Know Your Adversary
Know Your Adversary
Y
Y Combinator Blog
D
DataBreaches.Net
Project Zero
Project Zero
T
The Blog of Author Tim Ferriss
Cyberwarzone
Cyberwarzone
C
Cybersecurity and Infrastructure Security Agency CISA
C
Cisco Blogs
S
Schneier on Security
G
GRAHAM CLULEY
博客园 - 三生石上(FineUI控件)
Cisco Talos Blog
Cisco Talos Blog
小众软件
小众软件
Forbes - Security
Forbes - Security
D
Docker
T
Tenable Blog
S
Secure Thoughts
雷峰网
雷峰网
S
Security @ Cisco Blogs
T
The Exploit Database - CXSecurity.com
The Cloudflare Blog
博客园 - 【当耐特】
Spread Privacy
Spread Privacy
阮一峰的网络日志
阮一峰的网络日志

Node.js Blog

Node.js — Security Bug Bounty Program Paused Due to Loss of Funding Node.js — Node.js 25.9.0 (Current) Node.js — Developing a minimally HashDoS resistant, yet quickly reversible integer hash for V8 Node.js — Node.js 25.8.2 (Current) Node.js — Node.js 24.14.1 (LTS) Node.js — Node.js 22.22.2 (LTS) Node.js — Node.js 20.20.2 (LTS) Node.js — Tuesday, March 24, 2026 Security Releases Node.js — Node.js 25.8.1 (Current) Node.js — Evolving the Node.js Release Schedule Node.js — Node.js 22.22.1 (LTS) Node.js — Node.js 20.20.1 (LTS) Node.js — Node.js 25.8.0 (Current) Node.js — Node.js 25.7.0 (Current) Node.js — Node.js 24.14.0 (LTS) Node.js — New HackerOne Signal Requirement for Vulnerability Reports Node.js — Node.js 25.6.1 (Current) Node.js — Node.js 24.13.1 (LTS) Node.js — Node.js 25.6.0 (Current) Node.js — OpenSSL Security Advisory Assessment, January 2026 Node.js — Node.js 25.5.0 (Current) Node.js — Chalk to Node.js util styleText Node.js — Node.js 25.4.0 (Current) Node.js — Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users Node.js — Node.js 22.22.0 (LTS) Node.js — Node.js 25.3.0 (Current) Node.js — Node.js 24.13.0 (LTS) Node.js — Node.js 20.20.0 (LTS) Node.js — Tuesday, January 13, 2026 Security Releases Node.js — Node.js 24.12.0 (LTS) Node.js — Node.js 20.19.6 (LTS) Node.js — Node.js 25.2.1 (Current) Node.js — Node.js 24.11.1 (LTS) Node.js — Node.js 25.2.0 (Current) Node.js — Node.js 25.1.0 (Current) Node.js — Node.js 22.21.1 (LTS) Node.js — Node.js 24.11.0 (LTS) Node.js — Node.js v22 to v24 Node.js — Node.js v20 to v22 Node.js — Node.js v14 to v16 Node.js — Node.js v12 to v14 Node.js — Node.js 22.21.0 (LTS) Node.js — Node.js 25.0.0 (Current) Node.js — Node.js 24.10.0 (Current) Node.js — Node.js 24.9.0 (Current) Node.js — Node.js 22.20.0 (LTS) Node.js — Node.js 24.8.0 (Current) Node.js — Node.js 20.19.5 (LTS) Node.js — Node.js 22.19.0 (LTS) Node.js — Node.js 24.7.0 (Current) Node.js — Node.js 24.6.0 (Current) Node.js — Node.js 22.18.0 (LTS) Node.js — Node.js 24.5.0 (Current) Node.js — Node.js 20.19.4 (LTS) Node.js — Node.js 22.17.1 (LTS) Node.js — Node.js 24.4.1 (Current) Node.js — Tuesday, July 15, 2025 Security Releases Node.js — Node.js 24.4.0 (Current) Node.js — Node.js LGBTQIA+ Stories: Emelia Smith Node.js — Open sourced identity Node.js — Node.js 22.17.0 (LTS) Node.js — Node.js 24.3.0 (Current) Node.js — Node.js 20.19.3 (LTS) Node.js — In Memory of Mikeal Rogers: A Builder of Communities Node.js — Node.js 24.2.0 (Current) Node.js — Beware of End-of-Life Node.js Versions - Upgrade or Seek Post-EOL Support Node.js — Trip report: Node.js collaboration summit (2025 Paris) Node.js — Node.js 22.16.0 (LTS) Node.js — Node.js 24.1.0 (Current) Node.js — Node.js 24.0.2 (Current) Node.js — Node.js 23.11.1 (Current) Node.js — Node.js 22.15.1 (LTS) Node.js — Node.js 20.19.2 (LTS) Node.js — Wednesday, May 14, 2025 Security Releases Node.js — Node.js 24.0.1 (Current) Node.js — Node.js 24.0.0 (Current) Node.js — Node.js Test CI Security Incident Node.js — Node.js 22.15.0 (LTS) Node.js — Node.js 20.19.1 (LTS) Node.js — Making Node.js Downloads Reliable Node.js — Node.js 23.11.0 (Current) Node.js — Node.js 23.10.0 (Current) Node.js — Node.js 20.19.0 (LTS) Node.js — Updates on CVE for End-of-Life Versions Node.js — Node.js 23.9.0 (Current) Node.js — Node.js 18.20.7 (LTS) Node.js — Node.js 20.18.3 (LTS) Node.js — Node.js 9.3.0 (Current) Node.js — Data Confidentiality/Integrity Vulnerability, December 2017 Node.js — Node.js 9.2.1 (Current) Node.js — Node.js 8.9.3 (LTS) Node.js — Node.js 4.8.7 (Maintenance) Node.js — Node.js 8.9.2 (LTS) Node.js — Node.js 6.12.1 (LTS) Node.js — Node.js 9.2.0 (Current) Node.js — Node.js 8.9.1 (LTS) Node.js — Node.js 9.1.0 (Current) Node.js — Node.js 0.10.35 (Stable) Node.js — Node.js 0.10.34 (Stable) Node.js — Node.js 0.10.29 (Stable)
Node.js — Node.js 11.3.0 (Current)
2018-11-28 · via Node.js Blog

Rod Vagg

This is a security release. All Node.js users should consult the security release summary at /blog/vulnerability/november-2018-security-releases/ for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  • Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
  • Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
  • Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123)
  • OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
  • OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735)

Notable Changes

  • deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735
  • http:
    • Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina)
    • A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach (liebdich.com). (CVE-2018-12122 / Matteo Collina)
  • url: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. Reported by Martin Bajanik (Kentico). (CVE-2018-12123 / Matteo Collina)

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v11.3.0/node-v11.3.0-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v11.3.0/node-v11.3.0-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v11.3.0/win-x86/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v11.3.0/win-x64/node.exe
macOS 64-bit Installer: https://nodejs.org/dist/v11.3.0/node-v11.3.0.pkg
macOS 64-bit Binary: https://nodejs.org/dist/v11.3.0/node-v11.3.0-darwin-x64.tar.gz
Linux 64-bit Binary: https://nodejs.org/dist/v11.3.0/node-v11.3.0-linux-x64.tar.xz
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v11.3.0/node-v11.3.0-linux-ppc64le.tar.xz
Linux s390x 64-bit Binary: https://nodejs.org/dist/v11.3.0/node-v11.3.0-linux-s390x.tar.xz
AIX 64-bit Binary: https://nodejs.org/dist/v11.3.0/node-v11.3.0-aix-ppc64.tar.gz
SmartOS 64-bit Binary: https://nodejs.org/dist/v11.3.0/node-v11.3.0-sunos-x64.tar.xz
ARMv6 32-bit Binary: https://nodejs.org/dist/v11.3.0/node-v11.3.0-linux-armv6l.tar.xz
ARMv7 32-bit Binary: https://nodejs.org/dist/v11.3.0/node-v11.3.0-linux-armv7l.tar.xz
ARMv8 64-bit Binary: https://nodejs.org/dist/v11.3.0/node-v11.3.0-linux-arm64.tar.xz
Source Code: https://nodejs.org/dist/v11.3.0/node-v11.3.0.tar.gz
Other release files: https://nodejs.org/dist/v11.3.0/
Documentation: https://nodejs.org/docs/v11.3.0/api/

SHASUMS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

37cd261b32d2c6e320d99d9ea5e3d57dc4efd0f279e2366563c2a1c58ea7bf5c  node-v11.3.0-aix-ppc64.tar.gz
54acc7bdeffae79fdd73f959712305aee1d8d487d56813b43cae96d151ec79db  node-v11.3.0-darwin-x64.tar.gz
8b5d9ea204126d01ae77804144f8f1719086b15abf24628a673b14665866f9dc  node-v11.3.0-darwin-x64.tar.xz
ec21aa45c8790e3ab8df531f760458222237a3b8fe61aeef0532d7a11d0aa2bd  node-v11.3.0-headers.tar.gz
7c5a8c50952288f2e059e77b5aa5dcb32d1f52f0bbc07683a77827de6d239589  node-v11.3.0-headers.tar.xz
e6e90080b95f780102980059ac3b2b2f7f6465f13ffa78d946f4c4df9ce97ff1  node-v11.3.0-linux-arm64.tar.gz
642cc3fc94a856ad6d09e76eaf869672bef925308afdad398a58f18eeaf4e4b8  node-v11.3.0-linux-arm64.tar.xz
9ba1cbaa7441173715eef1e81142fc131c609b9218f6168d152e2bae9f0e2875  node-v11.3.0-linux-armv6l.tar.gz
bc0e3cc5adb6360ba23910391b6a5f19b44bf750b24108b7ddd9f62ca2675fe6  node-v11.3.0-linux-armv6l.tar.xz
790a609e3355272ee243f9c9eee5530bf101cf7d2ba1f644de043362fea61dfb  node-v11.3.0-linux-armv7l.tar.gz
d6bce33d832363650bbf4c80367180ebaa8f71c4904acd608fa3e31127275591  node-v11.3.0-linux-armv7l.tar.xz
34b045a84d4731c9464d8c0d37f0fe894ca56e0003bc8cfdaabf69130ec4e490  node-v11.3.0-linux-ppc64le.tar.gz
d0499d85edf3293aa4c965ce0d32eb52249b2bba05142d46583d4d14440b6a06  node-v11.3.0-linux-ppc64le.tar.xz
02c2e8dbbd8ffe8b3b80c51a51545441cf005ac8540a74be787f91e7a02c778d  node-v11.3.0-linux-s390x.tar.gz
bc623c56da1fe9eea8b65571e6d451c70639f592da9191cd9263fca639e6443b  node-v11.3.0-linux-s390x.tar.xz
aac519aac1814e8590cd6b55fb2c6ddc1bbb825fc8c097abce5f5361aea61108  node-v11.3.0-linux-x64.tar.gz
d37fb7fae8a185409bccf106e91d8ffa3450115852795512fc62e6da0b5e3dbb  node-v11.3.0-linux-x64.tar.xz
d9de46dc842b10e0e73e9a8f9b78a891f224763fa943e593937c45666e1f9d78  node-v11.3.0.pkg
467bc51c794a27ef77a1c81128478c7558fcb8cd67edc59f42b6e29d902b29d9  node-v11.3.0-sunos-x64.tar.gz
3f4d37156edb83b70648819499c9184a72fbcb546129a243089ea5ece48c04c4  node-v11.3.0-sunos-x64.tar.xz
9db85052ec091a2a0ff6b928bed5030b6383846e8d677726648d042268169407  node-v11.3.0.tar.gz
08c4a159242af4c68752260d59ed209fc86b073ee669443fa591eecacb6093da  node-v11.3.0.tar.xz
a6a931e8c8f6dfd21f86da1ca14666a21069c4d033e39e734e787e4c50499bc6  node-v11.3.0-win-x64.7z
b801e908ec36a07f06df388845e22e0b7f3cede7a4030896712c8ee28cdb3f05  node-v11.3.0-win-x64.zip
8369634a081e77b5e21344a8dd57add942c760a8d1193175d0ee88b91b8e1902  node-v11.3.0-win-x86.7z
d3f4dbe65060bbec5ce02ea87880c81ec51494dad78b0cdd2bdd2efb29a91654  node-v11.3.0-win-x86.zip
2438bf1a549edfde2a1760692760b7b937533fa7a47b6554d2c28ee999ce03e5  node-v11.3.0-x64.msi
6550cf2519d3c76341900eb0cb0213d59933b7c6fcbcc84ca58691a80c4797c5  node-v11.3.0-x86.msi
cf75c2d68e73ec0b8ed43c437719a890956e3aaafda5b3f3e930a6c868e36098  win-x64/node.exe
9eab50d1f65165a3c9d685c5a05b0a957a46105f0d2179cb40b007e14464bc96  win-x64/node.lib
d49e907a1ca91f9483b8c6430c3323d9da7d30423c92242d29588334d08a4e06  win-x64/node_pdb.7z
1dc81c11fcea581de11f591f32e1b8a0fbd28b8dcf9140ab026cc744d277c568  win-x64/node_pdb.zip
50d631b43f94b7eca57fd5a8615aa74d4127a6188135a3ccc68365973dd33c20  win-x86/node.exe
d434239ba4597aaa820fd31126240bf1b327cf871a6b6108d891147b3112f728  win-x86/node.lib
b2d29aa640da3c70b5b57923d91fa27734776c45d771a9b5a3cb29e28995367a  win-x86/node_pdb.7z
65f5189ad28c9f59c77c4e1ff87763c6fcc0b3d5c39ba4969b1eeb4589b73b84  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE3Y8jOLrnUB491ax4wnN5L32DVF0FAlv95CwACgkQwnN5L32D
VF1Kpwf/TSV8EvpfiR6rYJ3GGdmmfmJregELYXz+Lt90C49jDbitI/8MSWMysGUa
P5qEdRcnSvW0wYNFbaVDFgtuMR7S3VwSKZ39ByKIaCP0e6ihb1IHuGC+0Iiy4vjx
or7cAT+lVe4Y06Vs0BwHlWUFI80V2zzBj2chkiWs6ZSbkxcs0AqCqlpxw+MtAYIz
GekqYj95BDStLJcP2n8Kow31Alkb9QF9NwL8J/8bPtPlBvmP/GRy//Bv5Y3+4GHy
iRJhiyVc8jReu+SpqDhPcS6VhBF9yv4flAGTGAmoM4Ky5xZ2B5AJzKtgYu2Ht94J
i16RRK7XOEeO1+iMLfGheyZ1gI1Jvw==
=62lQ
-----END PGP SIGNATURE-----