2020-11-16, Version 15.2.1 (Current), @targos

targos released this 16 Nov 16:24

1b0d17d

Notable changes

This is a security release.

Vulnerabilities fixed:

CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record with a larger number of responses.

Commits

[2a44836eeb] - deps: cherry-pick 0d252eb from upstream c-ares (Michael Dawson) nodejs-private/node-private#231
[b1f5518a0a] - doc: fix events.getEventListeners example (Dmitry Semigradsky) #36085
[b477447a55] - doc: fix added: info for stream.\_construct() (Luigi Pinca) #36067
[df211208c0] - test: add missing test coverage for setLocalAddress() (Rich Trott) #36039
[f5191f5bd2] - test: remove flaky designation for fixed test (Rich Trott) #35961
[a2f652f7c5] - test: move test-worker-eventlooputil to sequential (Rich Trott) #35996
[b0b43b27d6] - test: fix unreliable test-fs-write-file.js (Rich Trott) #36102

Assets 2