Notable changes
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record with a larger number of responses.
Commits
- [
2a44836eeb] - deps: cherry-pick 0d252eb from upstream c-ares (Michael Dawson) nodejs-private/node-private#231 - [
b1f5518a0a] - doc: fixevents.getEventListenersexample (Dmitry Semigradsky) #36085 - [
b477447a55] - doc: fixadded:info forstream.\_construct()(Luigi Pinca) #36067 - [
df211208c0] - test: add missing test coverage for setLocalAddress() (Rich Trott) #36039 - [
f5191f5bd2] - test: remove flaky designation for fixed test (Rich Trott) #35961 - [
a2f652f7c5] - test: move test-worker-eventlooputil to sequential (Rich Trott) #35996 - [
b0b43b27d6] - test: fix unreliable test-fs-write-file.js (Rich Trott) #36102