Hi, to answer your question: no, we're not backporting, the 0.x releases has been unsupported by upstream for months. Dropping packages was the plan, but there are/were still some packages that depend on node, so we let it just sit there. Unfortunately we're not able to update to a newer version either (and el7 is now stuck on v6 too).
My advice is to use software collections[0] which now provide v6 for el6. Regards Zuzka [0] https://wiki.centos.org/AdditionalResources/Repositories/SCL On Mon, Jul 31, 2017 at 11:38 PM, Jeff Hickson <[email protected]> wrote: > Hello all, > > First, I hope I'm posting this in the right place. I did a good deal of > looking, and here seemed like the best place. > > I've done some significant looking through various sources of information, > including asking on IRC, though I wasn't able to find any real direct > answers to my question. > > The best I could find was a link to https://fedoramagazine.org/ > node-js-6-x-lts-coming-epel-7/ which stated that for EL7, nodejs-0.10 was > being just changed to 6.x. This doesn't explicitly say anything about EL6 > though, which brings me to the actual question. > > Since CVE-2017-11499 covers pretty much every version of NodeJS ( source: > https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/ ) I > was wondering if the fix was going to be backported, or if the > NodeJS-0.10 (and 0.12) line was going to be completely dropped, with > removal of the packages from the repo, or something else entirely? > > I'm more just hoping to find a more official word on the plans for this. I > can look through Koji and see that it's been untouched since October last > year, and I can look through mailing list posts for the last 12 months, but > I can't really find anything stating the plans for the package. > > Cheers, > > _______________________________________________ > nodejs mailing list -- [email protected] > To unsubscribe send an email to [email protected] > >
_______________________________________________ nodejs mailing list -- [email protected] To unsubscribe send an email to [email protected]
