Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

2017-01-31, Version 4.7.3 'Argon' (LTS) #11083

Merged
merged 1 commit into from
Feb 1, 2017
Merged

2017-01-31, Version 4.7.3 'Argon' (LTS) #11083

merged 1 commit into from
Feb 1, 2017

Conversation

MylesBorins
Copy link
Contributor

2017-01-31, Version 4.7.3 'Argon' (LTS), @MylesBorins

This is a security release of the 'Boron' release line to upgrade OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating of "moderate", the Node.js
crypto team (Ben Noordhuis, Shigeki Ohtsu and Fedor Indutny) have determined the impact to Node
users is "low". Details on this determination can be found
on the Nodejs.org website.

Notable Changes

  • deps: upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) #11021

Commits

@nodejs-github-bot nodejs-github-bot added meta Issues and PRs related to the general management of the project. v4.x labels Jan 31, 2017
@MylesBorins
Copy link
Contributor Author

CHANGELOG.md Outdated
@@ -1,5 +1,28 @@
# Node.js ChangeLog

## 2017-01-31, Version 4.7.3 'Argon' (LTS), @MylesBorins

This is a security release of the 'Boron' release line to upgrade OpenSSL to version 1.0.2k
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/Boron/Argon ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good catch!

This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website

https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

Notable Changes:

* deps:
  - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
		#11021

PR-URL: #11083
@MylesBorins
Copy link
Contributor Author

One more go at CI: https://ci.nodejs.org/job/node-test-pull-request/6133/

the PR for the security update was all green, so I'll move ahead with the release either way after this run

@MylesBorins
Copy link
Contributor Author

MylesBorins commented Jan 31, 2017

Quick run of ws on v4.7.2 to see if ws failure is expected

https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/553/

edit: failure is present on v4.7.2... moving forward with release

@MylesBorins MylesBorins merged commit 79f015a into v4.x Feb 1, 2017
MylesBorins added a commit that referenced this pull request Feb 1, 2017
MylesBorins added a commit that referenced this pull request Feb 1, 2017
This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website

https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

Notable Changes:

* deps:
  - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
		#11021

PR-URL: #11083
imyller added a commit to imyller/meta-nodejs that referenced this pull request Mar 2, 2017
    This is a security release of the 'Boron' release line to upgrade
    OpenSSL to version 1.0.2k

    Although the OpenSSL team have determined a maximum severity rating
    of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
    and Fedor Indutny) have determined the impact to Node users is "low".
    Details on this determination can be found on the Nodejs.org website

    https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

    Notable Changes:

    * deps:
      - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
                    nodejs/node#11021

    PR-URL: nodejs/node#11083

Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>
imyller added a commit to imyller/meta-nodejs that referenced this pull request Mar 2, 2017
    This is a security release of the 'Boron' release line to upgrade
    OpenSSL to version 1.0.2k

    Although the OpenSSL team have determined a maximum severity rating
    of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
    and Fedor Indutny) have determined the impact to Node users is "low".
    Details on this determination can be found on the Nodejs.org website

    https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

    Notable Changes:

    * deps:
      - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
                    nodejs/node#11021

    PR-URL: nodejs/node#11083

Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>
@sam-github sam-github deleted the v4.7.3-proposal branch March 6, 2017 16:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
meta Issues and PRs related to the general management of the project.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants