Release proposal: v6.15.1 (expedited, single commit fix) (!24803) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge v6.15.1-proposal into v6.x Dec 03, 2018

Ref: https://github.com/nodejs/node/pull/24796 Ref: https://github.com/nodejs/node/issues/24760

The single commit needs to be fixed up once properly landed with metadata (and changelog altered with new commit hash). I think we can expedite that though.

Keeping this to just the one commit because it fixes the security release so we should apply the same stability via this as well rather than increasing risk with the additional items on staging.

@nodejs/tsc @nodejs/release

2018-12-03, Version 6.15.1 'Boron' (LTS), @rvagg

Notable Changes

This is a patch release to fix a bad backport of the fix for "Slowloris HTTP Denial of Service" (CVE-2018-12122). Node.js 6.15.0 misapplies the headers timeout to the entire keep-alive HTTP session, resulting in prematurely disconnected sockets.

Commits

[0b9ee5fd6f] - http: fix backport of Slowloris headers (Matteo Collina)

Admin message

Admin message

Release proposal: v6.15.1 (expedited, single commit fix)

2018-12-03, Version 6.15.1 'Boron' (LTS), @rvagg

Notable Changes

Commits

Merge request reports