Release proposal: v6.15.1 (expedited, single commit fix)
Ref: https://github.com/nodejs/node/pull/24796 Ref: https://github.com/nodejs/node/issues/24760
The single commit needs to be fixed up once properly landed with metadata (and changelog altered with new commit hash). I think we can expedite that though.
Keeping this to just the one commit because it fixes the security release so we should apply the same stability via this as well rather than increasing risk with the additional items on staging.
@nodejs/tsc @nodejs/release
2018-12-03, Version 6.15.1 'Boron' (LTS), @rvagg
Notable Changes
This is a patch release to fix a bad backport of the fix for "Slowloris HTTP Denial of Service" (CVE-2018-12122). Node.js 6.15.0 misapplies the headers timeout to the entire keep-alive HTTP session, resulting in prematurely disconnected sockets.
Commits
- [
0b9ee5fd6f
] - http: fix backport of Slowloris headers (Matteo Collina)