Re: [nodejs] Node v0.8.17 (Stable)

Wed, 09 Jan 2013 17:29:39 -0800 

On Thu, Jan 10, 2013 at 2:20 AM, Isaac Schlueter <[email protected]> wrote:
> This release addresses a potential security vulnerability.
>
> If you do not use TypedArrays, then you're fine (but should still
> upgrade for other reasons, like better performance and npm
> peerDependencies.)
>
> If you use TypedArrays, you should upgrade to v0.8.17 as soon as
> possible.  If user input can affect the size parameter in a
> TypedArray, an integer overflow vulnerability could allow an attacker
> to write to areas of memory outside the intended buffer.  Please
> upgrade ASAP.
>
>
> 2012.01.09, Version 0.8.17 (Stable)
>
> * npm: Upgrade to v1.2.0
>   - peerDependencies (Domenic Denicola)
>   - node-gyp v0.8.2 (Nathan Rajlich)
>   - Faster installs from github user/project shorthands (Nathan Zadoks)
>
> * typed arrays: fix 32 bit size/index overflow (Ben Noordhuis)
>
> * http: Improve performance of single-packet responses (Ben Noordhuis)
>
> * install: fix openbsd man page location (Ben Noordhuis)
>
> * http: bubble up parser errors to ClientRequest (Brian White)
>
>
> Source Code: http://nodejs.org/dist/v0.8.17/node-v0.8.17.tar.gz
>
> Macintosh Installer (Universal): 
> http://nodejs.org/dist/v0.8.17/node-v0.8.17.pkg
>
> Windows Installer: http://nodejs.org/dist/v0.8.17/node-v0.8.17-x86.msi
>
> Windows x64 Installer: http://nodejs.org/dist/v0.8.17/x64/node-v0.8.17-x64.msi
>
> Windows x64 Files: http://nodejs.org/dist/v0.8.17/x64/
>
> Linux 32-bit Binary:
> http://nodejs.org/dist/v0.8.17/node-v0.8.17-linux-x86.tar.gz
>
> Linux 64-bit Binary:
> http://nodejs.org/dist/v0.8.17/node-v0.8.17-linux-x64.tar.gz
>
> Solaris 32-bit Binary:
> http://nodejs.org/dist/v0.8.17/node-v0.8.17-sunos-x86.tar.gz
>
> Solaris 64-bit Binary:
> http://nodejs.org/dist/v0.8.17/node-v0.8.17-sunos-x64.tar.gz
>
> Other release files: http://nodejs.org/dist/v0.8.17/
>
> Website: http://nodejs.org/docs/v0.8.17/
>
> Documentation: http://nodejs.org/docs/v0.8.17/api/
>
> Shasums:
>
> ```
> 1efb55f154e6079c7f2a8991ed73b5069307576a  node-v0.8.17-darwin-x64.tar.gz
> d9e3f502b9121b14743fedc7d48ed15cbda3a3da  node-v0.8.17-darwin-x86.tar.gz
> de5d5d32ef97081b57b652289e097a332e9cc8af  node-v0.8.17-linux-x64.tar.gz
> 44824481dbb3ed278e613f805f597e8d14f68d11  node-v0.8.17-linux-x86.tar.gz
> 6f3ee5e3a3515f79478c18ad61666bdaf73f8485  node-v0.8.17-sunos-x64.tar.gz
> 3bcd62169201e8c6223eeef09633998901692da1  node-v0.8.17-sunos-x86.tar.gz
> befea571ebdf67fa47ef84826334599feb3ed7a3  node-v0.8.17-x86.msi
> 65d22e4e183cee8888c797300d8fdbb5c530c740  node-v0.8.17.tar.gz
> 8bf4e9699d41bcc0fcf822af095c2a944aea3e95  node.exe
> 2b659a6864682d6613a94a8c187618a3893401bc  node.exp
> 082995b6fc667af51aae11b612390800c8e9636c  node.lib
> bbbab14038a29fa67dfcabfd27802c39428e8f8e  node.pdb
> 7323002e28da3247646123373dbbe33a95280803  x64/node-v0.9.5-x64.msi
> 909b7dcf74af66f3fe4633b6a61460dc46c93221  x64/node.exe
> 1950770534f0e725a6fafac5c94a7fe474925ecc  x64/node.exp
> caa79b82404b750df4c18e461b770c6c2b51cb62  x64/node.lib
> 7034390b9aa174f1e39d8d5680af645c581b0b8a  x64/node.pdb
> ```

Another reason to upgrade is that certain kinds of HTTP responses are
immensely faster now.  Quoting the commit log:

    http: pack response body buffer in first tcp packet

    Apply the same optimization to res.end(buf) that is applied to res.end(str).

    Speeds up `node benchmark/http_simple_auto -k -c 1 -n 25000 buffer/1`
    (non-chunked response body) by about 750x. That's not a typo.

    Chunked responses:

      $ cat tmp/http-chunked-client.js
      // Run `node benchmark/http_simple` in another terminal.
      var http = require('http'), url = require('url');
      var options = url.parse('http://127.0.0.1:8000/buffer/1/1');
      options.agent = new http.Agent({ maxSockets: 1 });
      for (var i = 0; i < 25000; ++i) http.get(options);

    Before:

      $ time out/Release/node tmp/http-chunked-client.js
      real    16m40.411s
      user    0m9.184s
      sys     0m0.604s

    After:

      $ time out/Release/node tmp/http-chunked-client.js
      real    0m5.386s
      user    0m2.768s
      sys     0m0.728s

    That's still a 185x speed-up.

-- 
Job Board: http://jobs.nodejs.org/
Posting guidelines: 
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en

Reply via email to