2017-12-08, Version 8.9.3 'Carbon' (LTS), @MylesBorins

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

• CVE-2017-15896
• CVE-2017-15897
• CVE-2017-3738 (from the openssl project)

Notable Changes

• buffer:
  • buffer allocated with an invalid content will now be zero filled (Anna Henningsen) #17428
• deps:
  • openssl updated to 1.0.2n (Shigeki Ohtsu) #17526

Commits

• [b05ef978d3] - buffer: zero-fill buffer allocated with invalid content (Anna Henningsen) #17428
• [18652b6860] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #17526
• [e6c308e237] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [a85f94bd59] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [b5552c854c] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [afad1f23a2] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #17526
• [9fdd3bddf5] - deps: upgrade openssl sources to 1.0.2n (Shigeki Ohtsu) #17526
• [db09f245bf] - doc: warn against filling buffer with invalid data (Anna Henningsen) #17428
• [42f09ed461] - http2: use correct connect event for TLS Socket (James M Snell) #17328
• [aba3544b50] - http2: use 'close' event instead of 'streamClosed' (James M Snell) #17328
• [bd035d75bd] - http2: general cleanups in core.js (James M Snell) #17209
• [a5e3ba2cb3] - http2: major update to internals (James M Snell) #17105
• [d7f37cebed] - http2: simplify subsequent rstStream calls (Anatoli Papirovski) #16753
• [22ee960775] - http2: refactor multiple internals (James M Snell) #16676
• [319beaf45b] - http2: allocate on every chunk send (James M Snell) #16669
• [7d68488524] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
• [8e8fac29de] - src: fix -Winconsistent-missing-override warning (Ben Noordhuis) #16726
• [26b43c87ee] - src: add method to compute storage in WriteWrap (Anna Henningsen) #16727
• [99d775ca07] - test: fix flaky test-http2-create-client-connect (David Benjamin) #16130

2017-12-08, Version 6.12.2 'Boron' (LTS), @MylesBorins

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

• CVE-2017-15896
• CVE-2017-3738 (from the openssl project)

Notable Changes

• deps:
  • openssl updated to 1.0.2n (Shigeki Ohtsu) #17526

Commits

• [6314a46c48] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #17526
• [f2121a8583] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [741651cc4b] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [5956aead33] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [ac53d01646] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #17526
• [03651ad9d6] - deps: upgrade openssl sources to 1.0.2n (Shigeki Ohtsu) #17526
• [eb30387c6d] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389

2017-12-08, Version 4.8.7 'Argon' (Maintenance), @MylesBorins

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

• CVE-2017-15896
• CVE-2017-3738 (from the openssl project)

Notable Changes

• deps:
  • openssl updated to 1.0.2n (Shigeki Ohtsu) #17526

Commits

• [4f8fae3493] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #17526
• [eacd090e7b] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [3e6b0b0d13] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [b0ed4c52af] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [dd6a2dff1e] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #17526
• [b3afedfbe9] - deps: upgrade openssl sources to 1.0.2n (Shigeki Ohtsu) #17526
• [f7eb162d0d] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389

2017-12-05, Version 8.9.2 'Carbon' (LTS), @gibfahn

Notable Changes

• console:
  • avoid adding infinite error listeners (Matteo Collina) #16770
• http2:
  • improve errors thrown in header validation (Joyee Cheung) #16718

Commits

• [1bf6250b99] - doc : mention constant-time in crypto doc (Mithun Sasidharan) #16604
• [585f8698af] - build: include src\tracing when linting on win (Daniel Bevenius) #16720
• [d9a18beaa6] - build: suppress lint-md output (Gibson Fahnestock) #16551
• [4e848d4afb] - build: add missing comma in sources list (Daniel Bevenius) #16613
• [9df1e8f10e] - console: avoid adding infinite error listeners (Matteo Collina) #16770
• [7ba037592d] - deps: cherry-pick cc55747 from V8 upstream (Franziska Hinkelmann) #16890
• [c3c9a8d4bf] - doc: recommend node-core-utils for metadata (Rich Trott) #16978
• [891ddad93c] - doc: fix typo in http2 doc (Gus Caplan) #16993
• [ccd36467f8] - doc: reorganize COLLABORATOR_GUIDE.md (Rich Trott) #15710
• [8f0793ff93] - doc: clarify the prerequisites for building with VS2017 (Nikolai Vavilov) #16903
• [6e7a444a91] - doc: outline commit message for breaking changes (Maton Anthony) #16846
• [6eb550da34] - doc: remove duplicate 'the' from http2 API doc (Vipin Menon) #16924
• [0b8a400cad] - doc: correct the spelling of omitting in dgram.md (Vidya Subramanyam) #16910
• [adb8f08c36] - doc: fix a typo in the documentation (Mamatha J V) #16909
• [d721c0bb5e] - doc: improve documentation for the vm module (Franziska Hinkelmann) #16867
• [360f40354e] - doc: fix typo in assert.md (Andres Kalle) #16866
• [c4634bf506] - doc: update subprocess.killed (cjihrig) #16748
• [eafc0a1314] - doc: fix a link in dgram.md (Vse Mozhet Byt) #16854
• [fab55980be] - doc: add isTTY property documentation (SonaySevik) #16828
• [f2a9c024ed] - doc: fix json generator warnings (Luigi Pinca) #16742
• [3319b2092f] - doc: update license to include node-inspect (Myles Borins) #16659
• [7618567b4f] - doc: add docs for Zlib#close() (Luigi Pinca) #16592
• [2cc05e0657] - doc: add nodejs/gyp team for GYP related issues (Gibson Fahnestock) #16638
• [542f3b9cc0] - doc: add details about rss on process.memoryUsage (Anthony Nandaa) #16566
• [13866b8b1b] - doc: add windowsVerbatimArguments docs (Andrew Stucki) #16299
• [d2e4a87321] - doc: howto decode buffers extending from Writable (dicearr) #16403
• [a2fd9a3cf2] - doc: add *-inl.h include rule to C++ style guide (Joyee Cheung) #16548
• [9b8e2a68d8] - http: use arrow fns for lexical this in Agent (Bryan English) #16475
• [29efb02f12] - http2: multiple smaller code cleanups (James M Snell) #16764
• [658301664f] - http2: improve errors thrown in header validation (Joyee Cheung) #16718
• [8cf8a327c8] - http2: refactor settings handling (James M Snell) #16668
• [4faf2ec783] - lib: replace string concatenation with template (Suryanarayana Murthy N) #16933
• [14f8cee401] - lib: guard inspector console using process var (Daniel Bevenius) #15008
• [2ad051d62c] - lib: change concatenated string to template (Pawan Jangid) #16930
• [28f036045b] - lib: change concatenated string to template (Nayana Das K) #16925
• [134c2f31f2] - lib: replace string concatenation with template (subrahmanya chari p) #16917
• [dc14c25ee9] - loader: test search module (Cyril Lakech) #16795
• [d27ec13cd3] - repl: avoid crashing from null and undefined errors (cPhost) #16574
• [40880897fe] - src: use unrefed async for GC tracking (Anna Henningsen) #16758
• [f7411b5df7] - src: make StreamBase prototype accessors robust (Joyee Cheung) #16860
• [8d31294b3b] - src: CHECK() for argument overflow in Spawn() (cjihrig) #16761
• [57b377ef93] - src: improve module loader readability (Anna Henningsen) #16536
• [82076ed91f] - src: pass context to Get() operations for cares_wrap (Evan Lucas) #16641
• [79e1d7719d] - src: remove unused includes in string_bytes.h (Daniel Bevenius) #16606
• [cecd1e3def] - src: fix etw provider include on Windows (Joyee Cheung) #16639
• [255fffbbc8] - src: do not include x.h if x-inl.h is included (Joyee Cheung) #16548
• [efdd7c8cae] - test: reuse existing PassThrough implementation (Tobias Nießen) #16936
• [375bec00a4] - test: use fixtures module for path resolve (sercan yersen) #16842
• [6ab706d7f0] - test: refactor comments in test-child-process-spawnsync-maxbuf (ChrBergert) #16829
• [315fba8bfd] - test: used fixturesDir from fixtures modules (Klemen Kogovsek) #16813
• [5c8fb6a976] - test: refactor fs.write() test (Patrick Heneise) #16827
• [4f587e5a30] - test: add a test description (Grant Gasparyan) #16833
  ...

2017-12-05, Version 6.12.1 'Boron' (LTS), @MylesBorins

This LTS release comes with 263 commits. This includes 173 which are test related,
41 which are doc related, 18 which are build / tool related and 1 commit which is an update to a dependency.

Notable Changes

• build:
  • fix npm install with --shared (Ben Noordhuis) #16438
• build:
  • building with python 3 is now supported (Emily Marigold Klassen) #16058
• src:
  • v8 options can be specified with either '_' or '-' in NODE_OPTIONS (Sam Roberts) #14093

Commits

• [575a920a16] - assert: fix actual and expected order (Steve Jenkins) #15866
• [a0c1d10e91] - build: remove cctest extension (Yihong Wang) #16680
• [c287f1235c] - build: include src\tracing when linting on win (Daniel Bevenius) #16720
• [706812bc2f] - build: skip bin override on windows (Hitesh Kanwathirtha) #16460
• [f4627603aa] - build: fix npm install with --shared (Ben Noordhuis) #16438
• [6d63612e93] - build: correct minor typo in lttng help message (Daniel Bevenius) #16101
• [de82db7f85] - build: ignore empty folders in test-addons (Gregor) #16031
• [ac1beb0fb0] - build: use bin override if no python in PATH (Bradley T. Hughes) #16241
• [d4b3b633d8] - build: allow build with system python 3 (Emily Marigold Klassen) #16058
• [fc2ab06014] - build, windows: use /bigobj for debug builds (Nikolai Vavilov) #16289
• [ccca11d026] - build,win: set /MP separately in Debug and Release (Nikolai Vavilov) #16415
• [a14f564686] - build,win: use /MP for debug builds (Nikolai Vavilov) #16333
• [8813867577] - child_process: set shell to false in fork() (Alex Gresnel) #15352
• [f2cafff9b0] - crypto: fix error of createCipher in wrap mode (Shigeki Ohtsu) #15037
• [7115079c4f] - crypto: warn if counter mode used in createCipher (Shigeki Ohtsu) #13821
• [50c3dabc0f] - deps: backport 4af8029 from upstream V8 (Michaël Zasso) #17290
• [101eb981fe] - doc: mention constant-time in crypto doc (Mithun Sasidharan) #16604
• [1bc5c3836c] - doc: recommend node-core-utils for metadata (Rich Trott) #16978
• [4583f1be0c] - doc: reorganize COLLABORATOR_GUIDE.md (Rich Trott) #15710
• [fce790285f] - doc: improve documentation for the vm module (Franziska Hinkelmann) #16867
• [727a0fe641] - doc: update subprocess.killed (cjihrig) #16748
• [44c0385b04] - doc: more accurate zlib windowBits information (Anna Henningsen) #16511
• [732af9b8a4] - doc: add Gibson Fahnestock to Release team (Gibson Fahnestock) #16620
• [935b15285f] - doc: slightly relax 50 character rule (James M Snell) #16523
• [39c63da6d2] - doc: add note to releases.md (Jon Moss) #16507
• [60ae428f30] - doc: add dot in documentations (erwinwahyura) #16542
• [7ae23b744b] - doc: fix missing newline character (Daijiro Wachi) #16447
• [af869f03c1] - doc: add recommendations for first timers (Refael Ackermann) #16350
• [b7d609c2f8] - doc: replace undocumented encoding aliases (Vse Mozhet Byt) #16368
• [2cbf75da7e] - doc: replace methods used in the example code (Damian) #16416
• [0b5a0ada2a] - doc: fix comment in assert.md (umatoma) #16335
• [4fbc490704] - doc: add space after period (Diego Rodríguez Baquero) #16334
• [c3cc0fd258] - doc: minor correction to note on process section (Daniel Bevenius) #16311
• [47bf494979] - doc: add apapirovski to collaborators (Anatoli Papirovski) #16302
• [9c96d7f4fd] - doc: clarify os.cpus() returns logical CPU cores (Luke Childs) #16282
• [ba62b0e48a] - doc: support multidimensional arrays in type link (Vse Mozhet Byt) #16207
• [aefaed40f0] - doc: move Shigeki to TSC Emeritus (Rich Trott) #16195
• [1fdcf75f9c] - doc: Update a typo in module.js' comments (Orta) #16205
• [799c6fdc1c] - doc: add missing comma (Jon Moss) #16204
• [8c070f9ed5] - doc: added note to fs.watchFile on previousStat (NiveditN) #16099
• [2515cad90e] - doc: ensure collaborators validate commits (Bradley Farias) #16162
• [7647d41da1] - doc: move 8 collaborators to emeriti (Rich Trott) #16173
• [de8155ebf2] - doc: include V8 commit URL in V8 backport guide (Gibson Fahnestock) #16054
• [6f1ba792d7] - doc: add pronoun for fhinkel (F. Hinkelmann) #16069
• [8da3b51472] - doc: document windows shell support (Tim Ermilov) #16104
• [281023b20d] - doc: exempt test/doc only changes from 48-hr rule (Anna Henningsen) #16135
• [04d5835722] - doc: rename good first contrib label (Jeremiah Senkpiel) #16150
• [1064258f9d] - doc: remove bold typography from STYLE_GUIDE.md (Rich Trott) #16085
• [23e9bba9c8] - doc: ctc -> tsc in onboarding extras (Bryan English) #15621
• [ff66d63642] - doc: fix emitKeypressEvents stream type (Oblosys) #15399
• [1bd6962842] - doc: make stream.Readable consistent (Sakthipriyan Va...

2017-11-14, Version 9.2.0 (Current), @evanlucas

Notable Changes

• crypto:
  • Support building with both 1.1.0 and 1.0.2 (David Benjamin) #16130
• fs:
  • fs.realpathSync.native and fs.realpath.native are now exposed (Ben Noordhuis) #15776
• process:
  • expose process.ppid (cjihrig) #16839

Commits

• [02ea0ee507] - build: fix cctest compilation (Daniel Bevenius) #16887
• [a4557f294a] - build: remove cctest extension (Yihong Wang) #16680
• [1dc4fc1390] - build: include src\tracing when linting on win (Daniel Bevenius) #16720
• [4c11801ed7] - build: add missing options to help message (Daniel Bevenius) #16707
• [bed0560fb5] - console: avoid adding infinite error listeners (Matteo Collina) #16770
• [31dadd2007] - (SEMVER-MINOR) crypto: deprecate {ecdhCurve: false} (David Benjamin) #16130
• [f952caa677] - (SEMVER-MINOR) crypto: clear some SSL_METHOD deprecation warnings (David Benjamin) #16130
• [a5e7255385] - (SEMVER-MINOR) crypto: make ALPN the same for OpenSSL 1.0.2 & 1.1.0 (David Benjamin) #16130
• [07102ace9e] - (SEMVER-MINOR) crypto: remove deprecated ECDH calls w/ OpenSSL 1.1 (David Benjamin) #16130
• [627a15f9e5] - (SEMVER-MINOR) crypto: emulate OpenSSL 1.0 ticket scheme in 1.1 (David Benjamin) #16130
• [8a8ac8ce4d] - (SEMVER-MINOR) crypto: hard-code tlsSocket.getCipher().version (David Benjamin) #16130
• [c42935b79c] - (SEMVER-MINOR) crypto: add compat logic for "DSS1" and "dss1" (David Benjamin) #16130
• [5c24fc32c9] - (SEMVER-MINOR) crypto: Make Hmac 1.1.0-compatible (David Benjamin) #16130
• [fa1fc16c3e] - (SEMVER-MINOR) crypto: make SignBase compatible with OpenSSL 1.1.0 (David Benjamin) #16130
• [abe3dc48cc] - (SEMVER-MINOR) crypto: make Hash 1.1.0-compatible (David Benjamin) #16130
• [59acd27409] - (SEMVER-MINOR) crypto: make CipherBase 1.1.0-compatible (David Benjamin) #16130
• [6c3ae36cab] - (SEMVER-MINOR) crypto: remove locking callbacks for OpenSSL 1.1.0 (David Benjamin) #16130
• [81760ffea9] - (SEMVER-MINOR) crypto: use RSA and DH accessors (David Benjamin) #16130
• [568d9d0eac] - (SEMVER-MINOR) crypto: test DH keys work without a public half (David Benjamin) #16130
• [6a9c528a50] - (SEMVER-MINOR) crypto: account for new 1.1.0 SSL APIs (David Benjamin) #16130
• [cc744b9b26] - (SEMVER-MINOR) crypto: remove unnecessary SSLerr calls (David Benjamin) #16130
• [201393f655] - (SEMVER-MINOR) crypto: estimate kExternalSize (David Benjamin) #16130
• [efd9bc36fa] - (SEMVER-MINOR) crypto: make node_crypto_bio compat w/ OpenSSL 1.1 (David Benjamin) #16130
• [8da4983cb4] - (SEMVER-MINOR) crypto: use X509_STORE_CTX_new (David Benjamin) #16130
• [9c6f63bf3b] - deps: cherry-pick 3c8195d from V8 upstream (Franziska Hinkelmann) #16897
• [6ddba2e08e] - deps: patch V8 to 6.2.414.44 (Myles Borins) #16848
• [f82d3e44c8] - deps: upgrade libuv to 1.16.1 (cjihrig) #16835
• [38ac50a084] - deps: cherry-pick cc55747 from V8 upstream (Franziska Hinkelmann) #16890
• [75405a1481] - deps: ICU 60 bump (Steven R. Loomis) #16876
• [28b7bf062a] - deps: cherry-pick b8331cc030 from upstream V8 (Daniel Bevenius) #16900
• [2266cafba5] - Revert "deps: cherry-pick b8331cc030 from upstream V8" (Daniel Bevenius) #16899
• [81f14bffff] - deps: cherry-pick b8331cc030 from upstream V8 (Daniel Bevenius) #16743
• [6922fda1b5] - doc: recommend node-core-utils for metadata (Rich Trott) #16978
• [ccf1f6aa13] - doc: fix typo in http2 doc (Gus Caplan) #16993
• [54768f5094] - doc: reorganize COLLABORATOR_GUIDE.md (Rich Trott) #15710
• [c4e2343bfb] - doc: drop support for VS2015 (Nikolai Vavilov) #16868
• [74f33724a2] - doc: clarify the prerequisites for building with VS2017 (Nikolai Vavilov) #16903
• [1510fda1b0] - doc: outline commit message for breaking changes (Maton Anthony) #16846
• [1fcd95e517] - doc: remove duplicate 'the' from http2 API doc (Vipin Menon) #16924
• [b46714c023] - doc: fix typos in N-API (Swathi Kalahastri) #16911
• [3ba52c1582] - doc: correct the spelling of omitting in dgram.md (Vidya Subramanyam) #16910
• [e60eff6c01] - doc: fix a typo in the documentation (Mamatha J V) #16909
• [6e9973e912] - doc: improve documentation for the vm module (Franziska Hinkelmann) #16867
• [15dcb96b28] - doc: fix a typo in n-api documentation (Vipin Menon) #16879
• [928647c77c] - doc: fix typo in assert.md (Andres Kalle) #16866
• [a184dbcb2c] - doc: update subprocess.killed (cjihrig) #16748
• [deff9f5527] - events: remove emit micro-optimizations (Anatoli Papirovski) #16869
• [8611e3b93b] - (SEMVER-MINOR) fs: expose realpath(3) bindings (Ben Noordhuis) #15776
• [8dfd5a515a] - http2: multiple smaller code cleanups (James M Snell) #16764
• [8245e5a2d4] - http2: simplify subsequent rstStr...

2017-11-07, Version 9.1.0 (Current), @cjihrig

Notable Changes

• CLI:
  • NODE_OPTIONS now supports the --stack-trace-limit option. #16495
• deps:
  • OpenSSL is upgraded to 1.0.2m #16691
• http:
  • A 'connect' event handler leak has been fixed. #16725
  • The 103 Early Hints status code is now supported. #16644

Commits

• [32417999ac] - build: suppress lint-md output (Gibson Fahnestock) #16551
• [433745e7eb] - build: add missing comma in sources list (Daniel Bevenius) #16613
• [8bc5249223] - build: make test-doc and lint addon docs (Joyee Cheung) #16377
• [88ad01fce7] - build: make doc target quiet (Daniel Bevenius) #16516
• [f3e01618f1] - build,src: Add CloudABI as a POSIX-like runtime environment. (Ed Schouten) #16612
• [7349d42945] - (SEMVER-MINOR) cli: add --stack-trace-limit to NODE_OPTIONS (Anna Henningsen) #16495
• [ed0fbd8d72] - deps: cherry-pick e7f4e9e from upstream libuv (Bartosz Sosnowski) #16724
• [185229e258] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #16691
• [162686f5f4] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [e0f6dee961] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [3d7eea5da8] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [3438765781] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #16691
• [b130febd1d] - deps: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
• [90e8e81bbb] - doc: mention constant-time in crypto doc (Mithun Sasidharan) #16604
• [dee7800ae8] - doc: add links to EventEmitter in errors.md (Delapouite) #16861
• [f097e2775b] - doc: fix a link in dgram.md (Vse Mozhet Byt) #16854
• [978aa8476b] - doc: add isTTY property documentation (SonaySevik) #16828
• [6739f41f2d] - doc: fix json generator warnings (Luigi Pinca) #16742
• [2bb148f7bb] - doc: make stream.Readable consistent (Sakthipriyan Vairamani (thefourtheye)) #16786
• [e05d4f43b6] - doc: correct effects to affects (gowpen) #16794
• [d7df4dfa1c] - doc: correct EventEmitter reference (gowpen) #16791
• [77e4ec8c51] - doc: update license to include node-inspect (Myles Borins) #16659
• [7388144dbc] - doc: add 9.x to version picker and mark 8.x as LTS (Chris Young) #16672
• [e585c41487] - doc: add docs for Zlib#close() (Luigi Pinca) #16592
• [d5ea177652] - doc: add nodejs/gyp team for GYP related issues (Gibson Fahnestock) #16638
• [09181eb976] - doc: add details about rss on process.memoryUsage (Anthony Nandaa) #16566
• [3fd7eddb44] - doc: add windowsVerbatimArguments docs (Andrew Stucki) #16299
• [1771bb5039] - doc: fix Changelog link order (Gibson Fahnestock) #16632
• [6ee28b2823] - doc: util.isDeepStrictEqual returns boolean (Lucas Azzola) #16653
• [59a4789eee] - doc: howto decode buffers extending from Writable (dicearr) #16403
• [d733dd9468] - doc: add *-inl.h include rule to C++ style guide (Joyee Cheung) #16548
• [1cef9ef1de] - doc: make default values and periods consistent (Matej Krajčovič) #16563
• [77f0359708] - http: use 'connect' event only if socket is connecting (Luigi Pinca) #16725
• [9c39d79908] - http: use arrow fns for lexical this in Agent (Bryan English) #16475
• [1b090c9b66] - http, http2: add 103 Early Hints status code (Yosuke Furukawa) #16644
• [d6d461003f] - http, tls: better support for IPv6 addresses (Mattias Holmlund) #14772
• [762a11fab3] - http2: improve errors thrown in header validation (Joyee Cheung) #16718
• [72d0e7e70b] - http2: refactor multiple internals (James M Snell) #16676
• [e3283c71ce] - http2: allocate on every chunk send (James M Snell) #16669
• [dfe56847ac] - http2: refactor settings handling (James M Snell) #16668
• [bf7dc38ae4] - http2: make sessions garbage-collectible (Anna Henningsen) #16461
• [3f529620cc] - http2: remove unused assignment (Anna Henningsen) #16461
• [b50c33470e] - http2: track async state for sending (Anna Henningsen) #16461
• [224ea159ae] - http2: move uv_prepare handle to Http2Session (Anna Henningsen) #16461
• [6074c8cdbb] - inspector: include node_platform.h header (Alexey Kuzmin) #16677
• [e0c7b3d13f] - lib: shuffle v8_prof_polyfill.js for unit testing (Ben Noordhuis) #16769
• [c14030ec7a] - lib: fix version check in tick processor (Ben Noordhuis) #16769
• [a0b94f4e12] - lib: refactor ES module loader for readability (Anna Henningsen) #16579
• [083a6e3830] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
• [05f90478fc] - repl: avoid crashing from null and undefined errors (cPhost) #16574
• [da66610798] - src: fix -Win...

2017-11-07, Version 8.9.1 'Carbon' (LTS), @gibfahn

Notable Changes

• openssl:
  • upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
• Revert "https:
  • refactor to use http internals" (Myles Borins) #16660

Commits

• [6a7e5ceaa9] - deps: V8: cherry-pick 32141e9 from upstream (Ali Ijaz Sheikh) #16704
• [a815e1b6a2] - deps: cherry-pick e7f4e9e from upstream libuv (Bartosz Sosnowski) #16724
• [7f86e8190c] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #16691
• [1af2244020] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [9d98dcc395] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [99319efc45] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [151a8da4b7] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #16691
• [d68e53452c] - deps: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
• [a3be5bc560] - doc: add 9.x to version picker and mark 8.x as LTS (Chris Young) #16672
• [08b75c1591] - Revert "https: refactor to use http internals" (Myles Borins) #16660
• [d334a95834] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
• [bf26b96fd6] - src: add 'dynamic' process.release.lts property (Rod Vagg) #16656
• [dfac6cc0bb] - test: update process-release for Node 8 Carbon (Jeremiah Senkpiel) #16656

2017-11-07, Version 6.12.0 'Boron' (LTS), @MylesBorins

This LTS release comes with 127 commits. This includes 45 which are test related,
33 which are doc related, 13 which are updates to dependencies and 7 commits which are related to build / tools.

This release includes a security update to openssl that has been deemed low severity for the Node.js project.

Notable Changes

• assert:
  • assert.fail() can now take one or two arguments (Rich Trott) #12293
• crypto:
  • add sign/verify support for RSASSA-PSS (Tobias Nießen) #11705
• deps:
  • upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
  • upgrade libuv to 1.15.0 (cjihrig) #15745
  • upgrade libuv to 1.14.1 (cjihrig) #14866
  • upgrade libuv to 1.13.1 (cjihrig) #14117
  • upgrade libuv to 1.12.0 (cjihrig) #13306
• fs:
  • Add support for fs.write/fs.writeSync(fd, buffer, cb) and fs.write/fs.writeSync(fd, buffer, offset, cb) as documented (Andreas Lind) #7856
• inspector:
  • enable --inspect-brk (Refael Ackermann) #12615
• process:
  • add --redirect-warnings command line argument (James M Snell) #10116
• src:
  • allow CLI args in env with NODE_OPTIONS (Sam Roberts) #12028
  • --abort-on-uncaught-exception in NODE_OPTIONS (Sam Roberts) #13932
  • allow --tls-cipher-list in NODE_OPTIONS (Sam Roberts) #13172
  • use SafeGetenv() for NODE_REDIRECT_WARNINGS (Sam Roberts) #12677
• test:
  • remove common.fail() (Rich Trott) #12293

Commits

• [4917d8cfef] - (SEMVER-MINOR) assert: improve assert.fail() API (Rich Trott) #12293
• [5522bdf825] - benchmark: use smaller n value in some http tests (Peter Marshall) #14002
• [252d08ab77] - build: use generic names for linting tasks (Nikolai Vavilov) #15272
• [78dc92860f] - build: fix shared installing target (Yorkie Liu) #15148
• [6c9a9ff25c] - build: don't fail make test on source tarballs (Gibson Fahnestock) #15441
• [af63b38142] - crypto: use X509V3_EXT_d2i (David Benjamin) #15348
• [6b0812860d] - crypto: use SSL_SESSION_get_id (David Benjamin) #15348
• [46695703b6] - crypto: only try to set FIPS mode if different (Gibson Fahnestock) #12210
• [10a70353b2] - crypto: fix Node_SignFinal (David Benjamin) #15024
• [a7d4cade46] - (SEMVER-MINOR) crypto: add sign/verify support for RSASSA-PSS (Tobias Nießen) #11705
• [b98fa82de6] - deps: cherry-pick e7f4e9e from upstream libuv (Bartosz Sosnowski) #16724
• [748d3e5d04] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #16691
• [5da4ceba86] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [ef57db81ac] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [7b93a2fd63] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [265d948b30] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #16691
• [8386ce7645] - deps: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
• [02e4303c13] - (SEMVER-MINOR) deps: upgrade libuv to 1.15.0 (cjihrig) #15745
• [f22132e8f7] - deps: v8: fix potential segfault in profiler (Ali Ijaz Sheikh) #15498
• [08d683053f] - deps: upgrade libuv to 1.14.1 (cjihrig) #14866
• [a38755d0a4] - deps: upgrade libuv to 1.13.1 (cjihrig) #14117
• [3265840504] - (SEMVER-MINOR) deps: upgrade libuv to 1.12.0 (cjihrig) #13306
• [2d3e735783] - deps: V8: backport e560815 from upstream (Ali Ijaz Sheikh) #16133
• [a776639987] - doc: add 9.x to version picker and mark 8.x as LTS (Chris Young) #16672
• [0f3901a905] - doc: standardize function param/object prop style (Gibson Fahnestock) #13769
• [b0fadbe54f] - doc: fix typo in zlib.md (Luigi Pinca) #16480
• [37b93724ff] - doc: fix types and description for dns.resolveTxt (Tobias Nießen) #15472
• [6e06d0e1b5] - doc: add callback function signatures in fs.md (Matej Krajčovič) #13424
• [f1eda4a391] - doc: fix external links with 404 status (Vse Mozhet Byt) #15463
• [c64603fbb5] - doc: add kfarnung to collaborators (Kyle Farnung) #16108
• [da160cfda0] - doc: mention collaboration summit in onboarding.md (Joyee Cheung) #16079
• [699cfa1ee0] - doc: fix macosx-firewall suggestion BUILDING (suraiyah) #15829
• [547217346c] - doc: add clearer setup description (Emily Platzer) #15962
• [291b9c55cb] - doc: update style guide for markdown extension (Rich Trott) #15786
• [eaec35db9f] - doc: fix incorrect vm.createContext usage (tshemsedinov) #16059
• [ddee71afff] - doc: fix typo in tls.md (kohta ito) #15738
• [62ea82b73e] - doc: add 'git clean -xfd' to backport guide (Lance Ball) #15715
• [6d41c850b2] - doc: alphabetize TSC Emeriti in README.md (Rich Trott) #15722
• [6b1ce97196] - doc: fix dead link in doc/releases.md (Luigi Pinca) #15733
• [e865fcbb07] - doc: edit COLLABORATORS_GUIDE.md for readability (Rich Trott) #15629
• [af1863218c] - doc: fix links in some intra-repository docs (Vse Mozhet Byt) #15675
• [926b46c138] - doc: update libuv license (Timothy Gu) #15649
• [[f29f20f3f9](https://github.com/nodejs/node/commi...

2017-11-07, Version 4.8.6 'Argon' (Maintenance), @MylesBorins

This Maintenance release comes with 47 commits. This includes 26 commits which are updates to dependencies,
8 which are build / tool related, 4 which are doc related, and 2 which are test related.

This release includes a security update to openssl that has been deemed low severity for the Node.js project.

Notable Changes

• crypto:
  • update root certificates (Ben Noordhuis) #13279
  • update root certificates (Ben Noordhuis) #12402
• deps:
  • add support for more modern versions of INTL (Bruno Pagani) #13040
  • upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
  • upgrade openssl sources to 1.0.2l (Daniel Bevenius) #13233

Commits

• [e064ae62e4] - build: fix make test-v8 (Ben Noordhuis) #15562
• [a7f7a87a1b] - build: run test-hash-seed at the end of test-v8 (Michaël Zasso) #14219
• [05e8b1b7d9] - build: codesign tarball binary on macOS (Evan Lucas) #14179
• [e2b6fdf93e] - build: avoid /docs/api and /docs/doc/api upload (Rod Vagg) #12957
• [59d35c0775] - build,tools: do not force codesign prefix (Evan Lucas) #14179
• [210fa72e9e] - crypto: update root certificates (Ben Noordhuis) #13279
• [752b46a259] - crypto: update root certificates (Ben Noordhuis) #12402
• [3640ba4acb] - crypto: clear err stack after ECDH::BufferToPoint (Ryan Kelly) #13275
• [545235fc4b] - deps: add missing #include "unicode/normlzr.h" (Bruno Pagani) #13040
• [ea09a1c3e6] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #16691
• [68661a95b5] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [bdcb2525fb] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [3f93ffee89] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [16fbd9da0d] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #16691
• [55e15ec820] - deps: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
• [9c3e246ffe] - deps: backport 4e18190 from V8 upstream (jshin) #15562
• [43d1ac3a62] - deps: backport bff3074 from V8 upstream (Myles Borins) #15562
• [b259fd3bd5] - deps: cherry pick d7f813b4 from V8 upstream (akos.palfi) #15562
• [85800c4ba4] - deps: backport e28183b5 from upstream V8 (karl) #15562
• [06eb181916] - deps: update openssl asm and asm_obsolete files (Daniel Bevenius) #13233
• [c0fe1fccc3] - deps: update openssl config files (Daniel Bevenius) #13233
• [523eb60424] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [0aacd5a8cd] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [80c48c0720] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [bbd92b4676] - deps: copy all openssl header files to include dir (Daniel Bevenius) #13233
• [8507f0fb5d] - deps: upgrade openssl sources to 1.0.2l (Daniel Bevenius) #13233
• [9bfada8f0c] - deps: add example of comparing OpenSSL changes (Daniel Bevenius) #13234
• [71f9cdf241] - deps: cherry-pick 09db540,686558d from V8 upstream (Jesse Rosenberger) #14829
• [751f1ac08e] - Revert "deps: backport e093a04, 09db540 from upstream V8" (Jesse Rosenberger) #14829
• [ed6298c7de] - deps: cherry-pick 18ea996 from c-ares upstream (Anna Henningsen) #13883
• [639180adfa] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #12913
• [9ba73e1797] - deps: cherry-pick 4ae5993 from upstream OpenSSL (Shigeki Ohtsu) #12913
• [f8e282e51c] - doc: fix typo in zlib.md (Luigi Pinca) #16480
• [532a2941cb] - doc: add missing make command to UPGRADING.md (Daniel Bevenius) #13233
• [1db33296cb] - doc: add entry for subprocess.killed property (Rich Trott) #14578
• [0fa09dfd77] - doc: change child to subprocess (Rich Trott) #14578
• [43bbfafaef] - docs: Fix broken links in crypto.md (Zuzana Svetlikova) #15182
• [1bde7f5cef] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
• [e69f47b686] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
• [cb92f93cd5] - test: remove internal headers from addons (Gibson Fahnestock) #7947
• [5d9164c315] - test: move test-cluster-debug-port to sequential (Oleksandr Kushchak) #16292
• [07c912e849] - tools: update certdata.txt (Ben Noordhuis) #13279
• [c40bffcb88] - tools: update certdata.txt (Ben Noordhuis) #12402
• [161162713f] - tools: be explicit about including key-id (Myles Borins) #13309
• [0c820c092b] - v8: fix stack overflow in recursive method (Ben Noordhuis) #12460
• [a1f992975f] - zlib: fix crash when initializing failed (Anna Henningsen) #14666
• [31bf595b94] - zlib: fix node crashing on invalid options (Alexey Orlenko) #13098