Skip to content

Commit

Permalink
2017-01-31, Version 4.7.3 'Argon' (LTS)
Browse files Browse the repository at this point in the history
This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website

https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

Notable Changes:

* deps:
  - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
		#11021

PR-URL: #11083
  • Loading branch information
MylesBorins committed Feb 1, 2017
1 parent 5faaf07 commit 54fef67
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 1 deletion.
3 changes: 2 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,8 @@ release.
<a href="doc/changelogs/CHANGELOG_V5.md#5.0.0">5.0.0</a><br/>
</td>
<td valign="top">
<b><a href="doc/changelogs/CHANGELOG_V4.md#4.7.2">4.7.2</a></b><br/>
<b><a href="doc/changelogs/CHANGELOG_V4.md#4.7.3">4.7.3</a></b><br/>
<a href="doc/changelogs/CHANGELOG_V4.md#4.7.2">4.7.2</a><br/>
<a href="doc/changelogs/CHANGELOG_V4.md#4.7.1">4.7.1</a><br/>
<a href="doc/changelogs/CHANGELOG_V4.md#4.7.0">4.7.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V4.md#4.6.1">4.6.2</a><br/>
Expand Down
25 changes: 25 additions & 0 deletions doc/changelogs/CHANGELOG_V4.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
</tr>
<tr>
<td valign="top">
<a href="#4.7.3">4.7.3</a><br/>
<a href="#4.7.2">4.7.2</a><br/>
<a href="#4.7.1">4.7.1</a><br/>
<a href="#4.7.0">4.7.0</a><br/>
Expand Down Expand Up @@ -56,6 +57,30 @@
[Node.js Long Term Support Plan](https://github.com/nodejs/LTS) and
will be supported actively until April 2017 and maintained until April 2018.

<a id="4.7.3"></a>
## 2017-01-31, Version 4.7.3 'Argon' (LTS), @MylesBorins

This is a security release of the 'Argon' release line to upgrade OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating of "moderate", the Node.js
crypto team (Ben Noordhuis, Shigeki Ohtsu and Fedor Indutny) have determined the impact to Node
users is "low". Details on this determination can be found
[on the Nodejs.org website](https://nodejs.org/en/blog/vulnerability/openssl-january-2017/).

### Notable Changes

* **deps**: upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) [#11021](https://github.com/nodejs/node/pull/11021)

### Commits

* [[`8029f64135`](https://github.com/nodejs/node/commit/8029f64135)] - **deps**: update openssl asm and asm_obsolete files (Shigeki Ohtsu) [#11021](https://github.com/nodejs/node/pull/11021)
* [[`0081659a41`](https://github.com/nodejs/node/commit/0081659a41)] - **deps**: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) [nodejs/io.js#1836](https://github.com/nodejs/io.js/pull/1836)
* [[`e55c3f4e21`](https://github.com/nodejs/node/commit/e55c3f4e21)] - **deps**: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://github.com/iojs/io.js/pull/1389)
* [[`24640f9278`](https://github.com/nodejs/node/commit/24640f9278)] - **deps**: fix openssl assembly error on ia32 win32 (Fedor Indutny) [iojs/io.js#1389](https://github.com/iojs/io.js/pull/1389)
* [[`6c7bdf58e0`](https://github.com/nodejs/node/commit/6c7bdf58e0)] - **deps**: copy all openssl header files to include dir (Shigeki Ohtsu) [#11021](https://github.com/nodejs/node/pull/11021)
* [[`c80844769c`](https://github.com/nodejs/node/commit/c80844769c)] - **deps**: upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) [#11021](https://github.com/nodejs/node/pull/11021)
* [[`e3915a415b`](https://github.com/nodejs/node/commit/e3915a415b)] - **openssl**: fix keypress requirement in apps on win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://github.com/iojs/io.js/pull/1389)

<a id="4.7.2"></a>
## 2017-01-05, Version 4.7.2 'Argon' (LTS), @MylesBorins

Expand Down

0 comments on commit 54fef67

Please sign in to comment.