22
Node v13.8.0 (Current)
source link: https://nodejs.org/en/blog/release/v13.8.0/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
This is a security release.
Vulnerabilities fixed:
- CVE-2019-15606 : HTTP header values do not have trailing OWS trimmed.
- CVE-2019-15605 : HTTP request smuggling using malformed Transfer-Encoding header.
- CVE-2019-15604 : Remotely trigger an assertion on a TLS server with a malformed certificate string.
Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the --insecure-http-parser
command line flag, or the insecureHTTPParser
http option. Using the insecure HTTP parser should be avoided.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK