Notable changes
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record with a larger number of responses.
Commits
- [
2a44836eeb
] - deps: cherry-pick 0d252eb from upstream c-ares (Michael Dawson) nodejs-private/node-private#231 - [
b1f5518a0a
] - doc: fixevents.getEventListeners
example (Dmitry Semigradsky) #36085 - [
b477447a55
] - doc: fixadded:
info forstream.\_construct()
(Luigi Pinca) #36067 - [
df211208c0
] - test: add missing test coverage for setLocalAddress() (Rich Trott) #36039 - [
f5191f5bd2
] - test: remove flaky designation for fixed test (Rich Trott) #35961 - [
a2f652f7c5
] - test: move test-worker-eventlooputil to sequential (Rich Trott) #35996 - [
b0b43b27d6
] - test: fix unreliable test-fs-write-file.js (Rich Trott) #36102