2017-11-14, Version 9.2.0 (Current), @evanlucas

Notable Changes

• crypto:
  • Support building with both 1.1.0 and 1.0.2 (David Benjamin) #16130
• fs:
  • fs.realpathSync.native and fs.realpath.native are now exposed (Ben Noordhuis) #15776
• process:
  • expose process.ppid (cjihrig) #16839

Commits

• [02ea0ee507] - build: fix cctest compilation (Daniel Bevenius) #16887
• [a4557f294a] - build: remove cctest extension (Yihong Wang) #16680
• [1dc4fc1390] - build: include src\tracing when linting on win (Daniel Bevenius) #16720
• [4c11801ed7] - build: add missing options to help message (Daniel Bevenius) #16707
• [bed0560fb5] - console: avoid adding infinite error listeners (Matteo Collina) #16770
• [31dadd2007] - (SEMVER-MINOR) crypto: deprecate {ecdhCurve: false} (David Benjamin) #16130
• [f952caa677] - (SEMVER-MINOR) crypto: clear some SSL_METHOD deprecation warnings (David Benjamin) #16130
• [a5e7255385] - (SEMVER-MINOR) crypto: make ALPN the same for OpenSSL 1.0.2 & 1.1.0 (David Benjamin) #16130
• [07102ace9e] - (SEMVER-MINOR) crypto: remove deprecated ECDH calls w/ OpenSSL 1.1 (David Benjamin) #16130
• [627a15f9e5] - (SEMVER-MINOR) crypto: emulate OpenSSL 1.0 ticket scheme in 1.1 (David Benjamin) #16130
• [8a8ac8ce4d] - (SEMVER-MINOR) crypto: hard-code tlsSocket.getCipher().version (David Benjamin) #16130
• [c42935b79c] - (SEMVER-MINOR) crypto: add compat logic for "DSS1" and "dss1" (David Benjamin) #16130
• [5c24fc32c9] - (SEMVER-MINOR) crypto: Make Hmac 1.1.0-compatible (David Benjamin) #16130
• [fa1fc16c3e] - (SEMVER-MINOR) crypto: make SignBase compatible with OpenSSL 1.1.0 (David Benjamin) #16130
• [abe3dc48cc] - (SEMVER-MINOR) crypto: make Hash 1.1.0-compatible (David Benjamin) #16130
• [59acd27409] - (SEMVER-MINOR) crypto: make CipherBase 1.1.0-compatible (David Benjamin) #16130
• [6c3ae36cab] - (SEMVER-MINOR) crypto: remove locking callbacks for OpenSSL 1.1.0 (David Benjamin) #16130
• [81760ffea9] - (SEMVER-MINOR) crypto: use RSA and DH accessors (David Benjamin) #16130
• [568d9d0eac] - (SEMVER-MINOR) crypto: test DH keys work without a public half (David Benjamin) #16130
• [6a9c528a50] - (SEMVER-MINOR) crypto: account for new 1.1.0 SSL APIs (David Benjamin) #16130
• [cc744b9b26] - (SEMVER-MINOR) crypto: remove unnecessary SSLerr calls (David Benjamin) #16130
• [201393f655] - (SEMVER-MINOR) crypto: estimate kExternalSize (David Benjamin) #16130
• [efd9bc36fa] - (SEMVER-MINOR) crypto: make node_crypto_bio compat w/ OpenSSL 1.1 (David Benjamin) #16130
• [8da4983cb4] - (SEMVER-MINOR) crypto: use X509_STORE_CTX_new (David Benjamin) #16130
• [9c6f63bf3b] - deps: cherry-pick 3c8195d from V8 upstream (Franziska Hinkelmann) #16897
• [6ddba2e08e] - deps: patch V8 to 6.2.414.44 (Myles Borins) #16848
• [f82d3e44c8] - deps: upgrade libuv to 1.16.1 (cjihrig) #16835
• [38ac50a084] - deps: cherry-pick cc55747 from V8 upstream (Franziska Hinkelmann) #16890
• [75405a1481] - deps: ICU 60 bump (Steven R. Loomis) #16876
• [28b7bf062a] - deps: cherry-pick b8331cc030 from upstream V8 (Daniel Bevenius) #16900
• [2266cafba5] - Revert "deps: cherry-pick b8331cc030 from upstream V8" (Daniel Bevenius) #16899
• [81f14bffff] - deps: cherry-pick b8331cc030 from upstream V8 (Daniel Bevenius) #16743
• [6922fda1b5] - doc: recommend node-core-utils for metadata (Rich Trott) #16978
• [ccf1f6aa13] - doc: fix typo in http2 doc (Gus Caplan) #16993
• [54768f5094] - doc: reorganize COLLABORATOR_GUIDE.md (Rich Trott) #15710
• [c4e2343bfb] - doc: drop support for VS2015 (Nikolai Vavilov) #16868
• [74f33724a2] - doc: clarify the prerequisites for building with VS2017 (Nikolai Vavilov) #16903
• [1510fda1b0] - doc: outline commit message for breaking changes (Maton Anthony) #16846
• [1fcd95e517] - doc: remove duplicate 'the' from http2 API doc (Vipin Menon) #16924
• [b46714c023] - doc: fix typos in N-API (Swathi Kalahastri) #16911
• [3ba52c1582] - doc: correct the spelling of omitting in dgram.md (Vidya Subramanyam) #16910
• [e60eff6c01] - doc: fix a typo in the documentation (Mamatha J V) #16909
• [6e9973e912] - doc: improve documentation for the vm module (Franziska Hinkelmann) #16867
• [15dcb96b28] - doc: fix a typo in n-api documentation (Vipin Menon) #16879
• [928647c77c] - doc: fix typo in assert.md (Andres Kalle) #16866
• [a184dbcb2c] - doc: update subprocess.killed (cjihrig) #16748
• [deff9f5527] - events: remove emit micro-optimizations (Anatoli Papirovski) #16869
• [8611e3b93b] - (SEMVER-MINOR) fs: expose realpath(3) bindings (Ben Noordhuis) #15776
• [8dfd5a515a] - http2: multiple smaller code cleanups (James M Snell) #16764
• [8245e5a2d4] - http2: simplify subsequent rstStr...

2017-11-07, Version 9.1.0 (Current), @cjihrig

Notable Changes

• CLI:
  • NODE_OPTIONS now supports the --stack-trace-limit option. #16495
• deps:
  • OpenSSL is upgraded to 1.0.2m #16691
• http:
  • A 'connect' event handler leak has been fixed. #16725
  • The 103 Early Hints status code is now supported. #16644

Commits

• [32417999ac] - build: suppress lint-md output (Gibson Fahnestock) #16551
• [433745e7eb] - build: add missing comma in sources list (Daniel Bevenius) #16613
• [8bc5249223] - build: make test-doc and lint addon docs (Joyee Cheung) #16377
• [88ad01fce7] - build: make doc target quiet (Daniel Bevenius) #16516
• [f3e01618f1] - build,src: Add CloudABI as a POSIX-like runtime environment. (Ed Schouten) #16612
• [7349d42945] - (SEMVER-MINOR) cli: add --stack-trace-limit to NODE_OPTIONS (Anna Henningsen) #16495
• [ed0fbd8d72] - deps: cherry-pick e7f4e9e from upstream libuv (Bartosz Sosnowski) #16724
• [185229e258] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #16691
• [162686f5f4] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [e0f6dee961] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [3d7eea5da8] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [3438765781] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #16691
• [b130febd1d] - deps: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
• [90e8e81bbb] - doc: mention constant-time in crypto doc (Mithun Sasidharan) #16604
• [dee7800ae8] - doc: add links to EventEmitter in errors.md (Delapouite) #16861
• [f097e2775b] - doc: fix a link in dgram.md (Vse Mozhet Byt) #16854
• [978aa8476b] - doc: add isTTY property documentation (SonaySevik) #16828
• [6739f41f2d] - doc: fix json generator warnings (Luigi Pinca) #16742
• [2bb148f7bb] - doc: make stream.Readable consistent (Sakthipriyan Vairamani (thefourtheye)) #16786
• [e05d4f43b6] - doc: correct effects to affects (gowpen) #16794
• [d7df4dfa1c] - doc: correct EventEmitter reference (gowpen) #16791
• [77e4ec8c51] - doc: update license to include node-inspect (Myles Borins) #16659
• [7388144dbc] - doc: add 9.x to version picker and mark 8.x as LTS (Chris Young) #16672
• [e585c41487] - doc: add docs for Zlib#close() (Luigi Pinca) #16592
• [d5ea177652] - doc: add nodejs/gyp team for GYP related issues (Gibson Fahnestock) #16638
• [09181eb976] - doc: add details about rss on process.memoryUsage (Anthony Nandaa) #16566
• [3fd7eddb44] - doc: add windowsVerbatimArguments docs (Andrew Stucki) #16299
• [1771bb5039] - doc: fix Changelog link order (Gibson Fahnestock) #16632
• [6ee28b2823] - doc: util.isDeepStrictEqual returns boolean (Lucas Azzola) #16653
• [59a4789eee] - doc: howto decode buffers extending from Writable (dicearr) #16403
• [d733dd9468] - doc: add *-inl.h include rule to C++ style guide (Joyee Cheung) #16548
• [1cef9ef1de] - doc: make default values and periods consistent (Matej Krajčovič) #16563
• [77f0359708] - http: use 'connect' event only if socket is connecting (Luigi Pinca) #16725
• [9c39d79908] - http: use arrow fns for lexical this in Agent (Bryan English) #16475
• [1b090c9b66] - http, http2: add 103 Early Hints status code (Yosuke Furukawa) #16644
• [d6d461003f] - http, tls: better support for IPv6 addresses (Mattias Holmlund) #14772
• [762a11fab3] - http2: improve errors thrown in header validation (Joyee Cheung) #16718
• [72d0e7e70b] - http2: refactor multiple internals (James M Snell) #16676
• [e3283c71ce] - http2: allocate on every chunk send (James M Snell) #16669
• [dfe56847ac] - http2: refactor settings handling (James M Snell) #16668
• [bf7dc38ae4] - http2: make sessions garbage-collectible (Anna Henningsen) #16461
• [3f529620cc] - http2: remove unused assignment (Anna Henningsen) #16461
• [b50c33470e] - http2: track async state for sending (Anna Henningsen) #16461
• [224ea159ae] - http2: move uv_prepare handle to Http2Session (Anna Henningsen) #16461
• [6074c8cdbb] - inspector: include node_platform.h header (Alexey Kuzmin) #16677
• [e0c7b3d13f] - lib: shuffle v8_prof_polyfill.js for unit testing (Ben Noordhuis) #16769
• [c14030ec7a] - lib: fix version check in tick processor (Ben Noordhuis) #16769
• [a0b94f4e12] - lib: refactor ES module loader for readability (Anna Henningsen) #16579
• [083a6e3830] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
• [05f90478fc] - repl: avoid crashing from null and undefined errors (cPhost) #16574
• [da66610798] - src: fix -Win...

2017-11-07, Version 8.9.1 'Carbon' (LTS), @gibfahn

Notable Changes

• openssl:
  • upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
• Revert "https:
  • refactor to use http internals" (Myles Borins) #16660

Commits

• [6a7e5ceaa9] - deps: V8: cherry-pick 32141e9 from upstream (Ali Ijaz Sheikh) #16704
• [a815e1b6a2] - deps: cherry-pick e7f4e9e from upstream libuv (Bartosz Sosnowski) #16724
• [7f86e8190c] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #16691
• [1af2244020] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [9d98dcc395] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [99319efc45] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [151a8da4b7] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #16691
• [d68e53452c] - deps: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
• [a3be5bc560] - doc: add 9.x to version picker and mark 8.x as LTS (Chris Young) #16672
• [08b75c1591] - Revert "https: refactor to use http internals" (Myles Borins) #16660
• [d334a95834] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
• [bf26b96fd6] - src: add 'dynamic' process.release.lts property (Rod Vagg) #16656
• [dfac6cc0bb] - test: update process-release for Node 8 Carbon (Jeremiah Senkpiel) #16656

2017-11-07, Version 6.12.0 'Boron' (LTS), @MylesBorins

This LTS release comes with 127 commits. This includes 45 which are test related,
33 which are doc related, 13 which are updates to dependencies and 7 commits which are related to build / tools.

This release includes a security update to openssl that has been deemed low severity for the Node.js project.

Notable Changes

• assert:
  • assert.fail() can now take one or two arguments (Rich Trott) #12293
• crypto:
  • add sign/verify support for RSASSA-PSS (Tobias Nießen) #11705
• deps:
  • upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
  • upgrade libuv to 1.15.0 (cjihrig) #15745
  • upgrade libuv to 1.14.1 (cjihrig) #14866
  • upgrade libuv to 1.13.1 (cjihrig) #14117
  • upgrade libuv to 1.12.0 (cjihrig) #13306
• fs:
  • Add support for fs.write/fs.writeSync(fd, buffer, cb) and fs.write/fs.writeSync(fd, buffer, offset, cb) as documented (Andreas Lind) #7856
• inspector:
  • enable --inspect-brk (Refael Ackermann) #12615
• process:
  • add --redirect-warnings command line argument (James M Snell) #10116
• src:
  • allow CLI args in env with NODE_OPTIONS (Sam Roberts) #12028
  • --abort-on-uncaught-exception in NODE_OPTIONS (Sam Roberts) #13932
  • allow --tls-cipher-list in NODE_OPTIONS (Sam Roberts) #13172
  • use SafeGetenv() for NODE_REDIRECT_WARNINGS (Sam Roberts) #12677
• test:
  • remove common.fail() (Rich Trott) #12293

Commits

• [4917d8cfef] - (SEMVER-MINOR) assert: improve assert.fail() API (Rich Trott) #12293
• [5522bdf825] - benchmark: use smaller n value in some http tests (Peter Marshall) #14002
• [252d08ab77] - build: use generic names for linting tasks (Nikolai Vavilov) #15272
• [78dc92860f] - build: fix shared installing target (Yorkie Liu) #15148
• [6c9a9ff25c] - build: don't fail make test on source tarballs (Gibson Fahnestock) #15441
• [af63b38142] - crypto: use X509V3_EXT_d2i (David Benjamin) #15348
• [6b0812860d] - crypto: use SSL_SESSION_get_id (David Benjamin) #15348
• [46695703b6] - crypto: only try to set FIPS mode if different (Gibson Fahnestock) #12210
• [10a70353b2] - crypto: fix Node_SignFinal (David Benjamin) #15024
• [a7d4cade46] - (SEMVER-MINOR) crypto: add sign/verify support for RSASSA-PSS (Tobias Nießen) #11705
• [b98fa82de6] - deps: cherry-pick e7f4e9e from upstream libuv (Bartosz Sosnowski) #16724
• [748d3e5d04] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #16691
• [5da4ceba86] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [ef57db81ac] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [7b93a2fd63] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [265d948b30] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #16691
• [8386ce7645] - deps: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
• [02e4303c13] - (SEMVER-MINOR) deps: upgrade libuv to 1.15.0 (cjihrig) #15745
• [f22132e8f7] - deps: v8: fix potential segfault in profiler (Ali Ijaz Sheikh) #15498
• [08d683053f] - deps: upgrade libuv to 1.14.1 (cjihrig) #14866
• [a38755d0a4] - deps: upgrade libuv to 1.13.1 (cjihrig) #14117
• [3265840504] - (SEMVER-MINOR) deps: upgrade libuv to 1.12.0 (cjihrig) #13306
• [2d3e735783] - deps: V8: backport e560815 from upstream (Ali Ijaz Sheikh) #16133
• [a776639987] - doc: add 9.x to version picker and mark 8.x as LTS (Chris Young) #16672
• [0f3901a905] - doc: standardize function param/object prop style (Gibson Fahnestock) #13769
• [b0fadbe54f] - doc: fix typo in zlib.md (Luigi Pinca) #16480
• [37b93724ff] - doc: fix types and description for dns.resolveTxt (Tobias Nießen) #15472
• [6e06d0e1b5] - doc: add callback function signatures in fs.md (Matej Krajčovič) #13424
• [f1eda4a391] - doc: fix external links with 404 status (Vse Mozhet Byt) #15463
• [c64603fbb5] - doc: add kfarnung to collaborators (Kyle Farnung) #16108
• [da160cfda0] - doc: mention collaboration summit in onboarding.md (Joyee Cheung) #16079
• [699cfa1ee0] - doc: fix macosx-firewall suggestion BUILDING (suraiyah) #15829
• [547217346c] - doc: add clearer setup description (Emily Platzer) #15962
• [291b9c55cb] - doc: update style guide for markdown extension (Rich Trott) #15786
• [eaec35db9f] - doc: fix incorrect vm.createContext usage (tshemsedinov) #16059
• [ddee71afff] - doc: fix typo in tls.md (kohta ito) #15738
• [62ea82b73e] - doc: add 'git clean -xfd' to backport guide (Lance Ball) #15715
• [6d41c850b2] - doc: alphabetize TSC Emeriti in README.md (Rich Trott) #15722
• [6b1ce97196] - doc: fix dead link in doc/releases.md (Luigi Pinca) #15733
• [e865fcbb07] - doc: edit COLLABORATORS_GUIDE.md for readability (Rich Trott) #15629
• [af1863218c] - doc: fix links in some intra-repository docs (Vse Mozhet Byt) #15675
• [926b46c138] - doc: update libuv license (Timothy Gu) #15649
• [[f29f20f3f9](https://github.com/nodejs/node/commi...

2017-11-07, Version 4.8.6 'Argon' (Maintenance), @MylesBorins

This Maintenance release comes with 47 commits. This includes 26 commits which are updates to dependencies,
8 which are build / tool related, 4 which are doc related, and 2 which are test related.

This release includes a security update to openssl that has been deemed low severity for the Node.js project.

Notable Changes

• crypto:
  • update root certificates (Ben Noordhuis) #13279
  • update root certificates (Ben Noordhuis) #12402
• deps:
  • add support for more modern versions of INTL (Bruno Pagani) #13040
  • upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
  • upgrade openssl sources to 1.0.2l (Daniel Bevenius) #13233

Commits

• [e064ae62e4] - build: fix make test-v8 (Ben Noordhuis) #15562
• [a7f7a87a1b] - build: run test-hash-seed at the end of test-v8 (Michaël Zasso) #14219
• [05e8b1b7d9] - build: codesign tarball binary on macOS (Evan Lucas) #14179
• [e2b6fdf93e] - build: avoid /docs/api and /docs/doc/api upload (Rod Vagg) #12957
• [59d35c0775] - build,tools: do not force codesign prefix (Evan Lucas) #14179
• [210fa72e9e] - crypto: update root certificates (Ben Noordhuis) #13279
• [752b46a259] - crypto: update root certificates (Ben Noordhuis) #12402
• [3640ba4acb] - crypto: clear err stack after ECDH::BufferToPoint (Ryan Kelly) #13275
• [545235fc4b] - deps: add missing #include "unicode/normlzr.h" (Bruno Pagani) #13040
• [ea09a1c3e6] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #16691
• [68661a95b5] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [bdcb2525fb] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [3f93ffee89] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [16fbd9da0d] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #16691
• [55e15ec820] - deps: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
• [9c3e246ffe] - deps: backport 4e18190 from V8 upstream (jshin) #15562
• [43d1ac3a62] - deps: backport bff3074 from V8 upstream (Myles Borins) #15562
• [b259fd3bd5] - deps: cherry pick d7f813b4 from V8 upstream (akos.palfi) #15562
• [85800c4ba4] - deps: backport e28183b5 from upstream V8 (karl) #15562
• [06eb181916] - deps: update openssl asm and asm_obsolete files (Daniel Bevenius) #13233
• [c0fe1fccc3] - deps: update openssl config files (Daniel Bevenius) #13233
• [523eb60424] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [0aacd5a8cd] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [80c48c0720] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [bbd92b4676] - deps: copy all openssl header files to include dir (Daniel Bevenius) #13233
• [8507f0fb5d] - deps: upgrade openssl sources to 1.0.2l (Daniel Bevenius) #13233
• [9bfada8f0c] - deps: add example of comparing OpenSSL changes (Daniel Bevenius) #13234
• [71f9cdf241] - deps: cherry-pick 09db540,686558d from V8 upstream (Jesse Rosenberger) #14829
• [751f1ac08e] - Revert "deps: backport e093a04, 09db540 from upstream V8" (Jesse Rosenberger) #14829
• [ed6298c7de] - deps: cherry-pick 18ea996 from c-ares upstream (Anna Henningsen) #13883
• [639180adfa] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #12913
• [9ba73e1797] - deps: cherry-pick 4ae5993 from upstream OpenSSL (Shigeki Ohtsu) #12913
• [f8e282e51c] - doc: fix typo in zlib.md (Luigi Pinca) #16480
• [532a2941cb] - doc: add missing make command to UPGRADING.md (Daniel Bevenius) #13233
• [1db33296cb] - doc: add entry for subprocess.killed property (Rich Trott) #14578
• [0fa09dfd77] - doc: change child to subprocess (Rich Trott) #14578
• [43bbfafaef] - docs: Fix broken links in crypto.md (Zuzana Svetlikova) #15182
• [1bde7f5cef] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
• [e69f47b686] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
• [cb92f93cd5] - test: remove internal headers from addons (Gibson Fahnestock) #7947
• [5d9164c315] - test: move test-cluster-debug-port to sequential (Oleksandr Kushchak) #16292
• [07c912e849] - tools: update certdata.txt (Ben Noordhuis) #13279
• [c40bffcb88] - tools: update certdata.txt (Ben Noordhuis) #12402
• [161162713f] - tools: be explicit about including key-id (Myles Borins) #13309
• [0c820c092b] - v8: fix stack overflow in recursive method (Ben Noordhuis) #12460
• [a1f992975f] - zlib: fix crash when initializing failed (Anna Henningsen) #14666
• [31bf595b94] - zlib: fix node crashing on invalid options (Alexey Orlenko) #13098

2017-10-31, Version 9.0.0 (Current), @jasnell

Notable Changes

• Async hooks

  • Older experimental APIs have been removed. [d731369b1d] #14414

• Errors

  • Improvements have been made to buffer module error messages. [9e0f771224] #14975
  • The assignment of static error codes to Node.js error continues:
    • buffer: [e79a61cf80] #16352, [dbfe8c4ea2] #13976
    • child_process: [fe730d34ce] #14009
    • console: [0ecdf29340] #11340
    • crypto: [ee76f3153b] #16428, [df8c6c3651] #16453, [0a03e350fb] #16454, [eeada6ca63] #16448, [a78327f48b] #16429, [b8bc652869] #15757, [7124b466d9] #15746, [3ddc88b5c2] #15756
    • dns: [9cb390d899] #14212
    • events: [e5ad5456a2] #15623
    • fs: [219932a9f7] #15043, [b61cab2234] #11317
    • http: [11a2ca29ba] #14735, [a9f798ebcc] #13301, [bdfbce9241] #14423, [4843c2f415] #15603
    • inspector: [4cf56ad6f2] #15619
    • net: [a03d8cee1f] #11356, [7f55349079] #14782
    • path: [dcfbbacba8] #11319
    • process: [a0f7284346] #13739, [062071a9c3] #13285, [3129b2c035] #13982
    • querystring: [9788e96836] #15565
    • readline: [7f3f72c19b] #11390
    • repl: [aff8d358fa] #11347, [28227963fa] #13299
    • streams: [d50a802feb] #13310, [d2913384aa] #13291, [6e86a6651c] #16589, [88fb359c57] #15042, [db7d1339c3] #15665
    • string_decoder: [eb4940e2d2] #14682
    • timers: [4d893e093a] #14659
    • tls: [f67aa566a6] #13476, [3ccfeb483d] #13994
    • url: [473f0eff29] #13963
    • util: [de4a749788] #11301, [1609899142] #13293
    • v8: [ef238fb485] #16535
    • zlib: [896eaf6820] #16540, [74891412f1] #15618

• Child Processes

  • Errors are emitted on process nextTick. [f2b01cba7b] #4670

• Domains

  • The long-deprecated .dispose() method has been removed [602fd36d95] #15412

• fs

  • The fs.ReadStream and fs.WriteStream classes now use destroy(). [e5c290bed9] #15407
  • fs module callbacks are now invoked with an undefined context. [2249234fee] #14645

• HTTP/1

  • A 400 Bad Request response will now be sent when parsing fails. [f2f391e575] #15324
  • Socket timeout will be set when the socket connects. [10be20a0e8] #8895
  • A bug causing the request 'error' event to fire twice was fixed. [620ba41694] #14659
  • HTTP clients may now use generic Duplex streams in addition to net.Socket. [3e25e4d00f] #16267

• Intl

  • The deprecated Intl.v8BreakIterator has been removed. [668ad44922] #15238

• OS

  • The os.EOL property is now read-only [f6caeb9526] #14622

• Timers

  • setTimeout() will emit a warning if the timeout is larger that the maximum 32-bit unsigned integer. [ce3586da31] #15627

Commits

Semver-Major

• [de4a749788] - (SEMVER-MAJOR) internal/util: use internal/errors.js (Sebastian Van Sande) #11301
• [db2e093e05] - (SEMVER-MAJOR) assert: handle enumerable symbol keys (Ruben Bridgewater) #15169
• [b0d3bec95c] - (SEMVER-MAJOR) assert: use Same-value equality in deepStrictEqual (Ruben Bridgewater) #15398
• [e13d1df89b] - (SEMVER-MAJOR) assert: support custom errors (geek) #15304
• [ea2e6363f2] - (SEMVER-MAJOR) assert: use SameValueZero in deepStrictEqual (Ruben Bridgewater) #15036
• [c53db1e8e9] - (SEMVER-MAJOR) assert: show thrown message in doesNotThrow() (Ruslan Bekenev) #12167
• [fc463639fa] - (SEMVER-MAJOR) assert: fix assert.fail with zero arguments (Ruben Bridgewater) [#13974](https://github.com/nodejs/no...

2017-10-31, Version 8.9.0 'Carbon' (LTS), @gibfahn

This release marks the transition of Node.js v8 into Long Term Support (LTS) with the codename 'Carbon'. The v8 release line now moves in to "Active LTS" and will remain so until April 2019. After that time it will move in to "Maintenance" until end of life in December 2019.

Notable Changes

• doc:
  • add Gibson Fahnestock to Release team (Gibson Fahnestock) #16620
• deps:
  • update npm to 5.5.1 (Myles Borins) #16509
• http2:
  • The exposed http2 socket is no longer manipulatable (Anatoli Papirovski) #16330
• module:
  • support custom paths to require.resolve() (cjihrig) #16397
• util:
  • util.TextEncoder and util.TextDecoder are no longer experimental. There will no longer be a warning when they are used (James M Snell) #15743

Commits

• [d576e17691] - build: make test-doc and lint addon docs (Joyee Cheung) #16377
• [63e33ac327] - build: make doc target quiet (Daniel Bevenius) #16516
• [528edb2ea8] - build: ignore empty folders in test-addons-napi (Anna Henningsen) #16380
• [c8a3b2d171] - build: run linter before running tests (Joyee Cheung) #16284
• [a763fcd7a7] - build: improve make clean (Refael Ackermann) #16372
• [0a1f7fefc6] - build: skip bin override on windows (Hitesh Kanwathirtha) #16460
• [3b64fa451e] - build: fix npm install with --shared (Ben Noordhuis) #16438
• [9185cfef9c] - build: add lint-md-build (Daijiro Wachi) #12756
• [22ec800b20] - build: do not include deleted directory (Jon Moss) #16384
• [b5c6d596ca] - build,win: set /MP separately in Debug and Release (Nikolai Vavilov) #16415
• [9bea207e83] - child_process: fix memory leak in .fork() (Ben Noordhuis) #15679
• [bf2564df0d] - deps: V8: backport b1cd96e from upstream (Ali Ijaz Sheikh) #16308
• [ad692074a4] - deps: cherry-pick e0d64dc from upstream V8 (Michaël Zasso) #16490
• [7bdb8db440] - deps: cherry-pick 676c413 from upstream V8 (Michaël Zasso) #16490
• [5787f5331f] - deps: cherry-pick 2c75616 from upstream V8 (Michaël Zasso) #16490
• [0d7e4d2bdc] - deps: update npm to 5.5.1 (Myles Borins) #16509
• [4d9c1bedbd] - doc: add Gibson Fahnestock to Release team (Gibson Fahnestock) #16620
• [d6619b9ad4] - doc: document missing error codes (George Bezerra) #15160
• [fdc072bd9c] - doc: fix inconsistent server.listen documentation (Martin Michaelis) #16020
• [a6b3cd8166] - doc: more accurate zlib windowBits information (Anna Henningsen) #16511
• [e5c2059f88] - doc: make default values and periods consistent (Matej Krajčovič) #16563
• [b93275e1a3] - doc: slightly relax 50 character rule (James M Snell) #16523
• [1b08ae853e] - doc: http2.connect accepts net & tls options (Anatoli Papirovski) #16576
• [04602109e8] - doc: add note to releases.md (Jon Moss) #16507
• [03b233ed40] - doc: fix CHANGELOG_V8 indentation (Jon Moss) #16507
• [a7540d59e8] - doc: remove http2 pushStream weight option (Sebastiaan Deckers) #16451
• [4ba06d07cc] - doc: add dot in documentations (erwinwahyura) #16542
• [83902e6e02] - doc: add multiple build guide to benchmarking doc (Peter Marton) #16142
• [04fac61fdd] - doc: improve http2 documentation (Jacob Hoffman-Andrews) #16366
• [fe5d4535c9] - doc, win: remove note about resize (Bartosz Sosnowski) #16320
• [54ebf91394] - http2: make sessions garbage-collectible (Anna Henningsen) #16461
• [bfc1ad07a3] - http2: remove unused assignment (Anna Henningsen) #16461
• [56dd734a6a] - http2: track async state for sending (Anna Henningsen) #16461
• [5390d7e374] - http2: move uv_prepare handle to Http2Session (Anna Henningsen) #16461
• [95a61cbb1e] - http2: fix stream reading resumption (Anatoli Papirovski) #16580
• [98b9705cb8] - http2: simplify mapToHeaders, stricter validation (Anatoli Papirovski) #16575
• [e592c320ce] - http2: fix several timeout related issues (Anatoli Papirovski) #16525
• [24fd8ff32a] - http2: adjust stream buffer size (Anatoli Papirovski) #16445
• [2c2b6586e7] - http2: fix mapToHeaders() with single string value (Jinwoo Lee) #16458
• [e6e99eb447] - http2: do not allow socket manipulation (Anatoli Papirovski) #16330
• [3638694d8b] - http2: fix errors in debug statements (Anatoli Papirovski) #16373
• [754df71a79] - https: refactor to use http internals (Bryan English) #16395
• [2ea25ad3e2] - inspector: track async stacks when necessary (Ali Ijaz Sheikh) #16308
• [ab0d7a64aa] - lib: refactor wrap_js_stream for ES6/readability (Anna Henningsen) #16158
• [87fd5b798f] - lib: move _stream_wrap into internals (Anna Henningsen) #16158
• [96e82509b0] - lib: use destructuring for some constants (Weijia Wang) #16063
• [6be494251b] - lib: move duplicate spliceOne into internal/util (Weijia Wang) #16221
• [8c0c456c73] - lib: setup IPC channel before console (Nikolai Vavilov) #16562
• [3a230b42f3] -...

2017-10-25, Version 8.8.1 (Current), @cjihrig

Notable Changes

• net:
  • Fix timeout with null handle issue. This is a regression in Node 8.8.0 #16489

Commits

• [db8c92fb42] - doc: fix spelling in v8.8.0 changelog (Myles Borins) #16477
• [c8396b8370] - doc: remove loader hooks from unsupported features (Teppei Sato) #16465
• [2b0bb57055] - doc: fix wrong URL (Jon Moss) #16470
• [9ffc32974e] - doc: fix typo in changelog for 8.8.0 (Alec Perkins) #16462
• [7facaa5031] - doc: fix missing newline character (Daijiro Wachi) #16447
• [16eb7d3a5f] - doc: fix doc styles (Daijiro Wachi) #16385
• [99fdc1d04f] - doc: add recommendations for first timers (Refael Ackermann) #16350
• [6fbef7f350] - doc: fix typo in zlib.md (Luigi Pinca) #16480
• [655e017e40] - net: fix timeout with null handle (Anatoli Papirovski) #16489
• [7fad10cc7e] - test: make test-v8-serdes work without stdin (Anna Henningsen)
• [12dc06e3e1] - test: call toLowerCase on the resolved module (Daniel Bevenius) #16486
• [10894c3835] - test: allow for different nsswitch.conf settings (Daniel Bevenius) #16378
• [2a53165aa0] - test: add missing assertion (cjihrig) #15519

2017-10-24, Version 8.8.0 (Current), @MylesBorins

Notable Changes

• crypto:
  • expose ECDH class #8188
• http2:
  • http2 is now exposed by default without the need for a flag #15685
  • a new environment variable NODE_NO_HTTP2 has been added to allow userland http2 to be required #15685
  • support has been added for generic Duplex streams #16269
• module:
  • resolve and instantiate loader pipeline hooks have been added to the ESM lifecycle #15445
• zlib:
  • CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. nodejs-private/node-private#95

Commits

• [c62f2e21c0] - assert: fix actual and expected order (Steve Jenkins) #15866
• [c9715bb9c2] - async_hooks: skip runtime checks when disabled (Andreas Madsen) #15454
• [11b775beb6] - async_hooks: replace concat w template literals (Rob Adelmann) #15968
• [5d34f2f5a7] - benchmark: improve http2 benchmark configs (James M Snell) #16239
• [b1a68f52e2] - benchmark: add util/type-check (Timothy Gu) #15663
• [6f64a4456f] - benchmark: remove writing to benchmark directory (Rich Trott) #16144
• [dc48e9cdaf] - benchmark: remove misc/v8-bench.js (Joyee Cheung) #16126
• [a16d314214] - build: use bin override if no python in PATH (Bradley T. Hughes) #16241
• [6ce04d94f9] - build: revert "call setlocal in vcbuild.bat" (Refael Ackermann) #16270
• [dfaa05722b] - build: use doc-only instead of doc (Rich Trott) #16309
• [2cfcc45ae1] - build: add c++ coverage support on macOS (Evan Lucas) #16163
• [e32b10f469] - build: set disable_glibcxx_debug flag (Anna Henningsen) #16159
• [ea0fec25fe] - build: lint benchmark addon (Ben Noordhuis) #16160
• [c032b5ffe7] - build: use local node-gyp for benchmark addon (Ben Noordhuis) #16160
• [ce2eeb9a0b] - build: restore mistakenly dropped suites (Refael Ackermann) #16132
• [37ab447942] - build: correct minor typo in lttng help message (Daniel Bevenius) #16101
• [f5c0d74eda] - build: ignore empty folders in test-addons (Gregor) #16031
• [152ca1e49b] - build, windows: use /bigobj for debug builds (Nikolai Vavilov) #16289
• [3951c15212] - build,win: use /MP for debug builds (Nikolai Vavilov) #16333
• [c9ec12d3e6] - build,win: enable lint option to run "standalone" (Daniel Bevenius) #16176
• [6e2a6b2c7e] - build,win: include addons-napi in linter (Daniel Bevenius) #16181
• [81d01bccd1] - child_process: add windowsHide option (cjihrig) #15380
• [a5c3143539] - (SEMVER-MINOR) crypto: expose ECDH class (Bryan English) #8188
• [ff25ca70b2] - doc: replace undocumented encoding aliases (Vse Mozhet Byt) #16368
• [8f08d6653d] - doc: async_hooks grammar nits (Jon Moss) #16361
• [b96d76f3a7] - doc: link to async_hooks destroy callback properly (Jon Moss) #16351
• [71e6c6ea9c] - doc: fix some links (Vse Mozhet Byt) #16202
• [fbd3c80316] - doc: replace methods used in the example code (Damian) #16416
• [73915d3ff8] - doc: fix http2 example with rstWithCancel (c0b) #16365
• [ce159f4e10] - doc: improve {readable,writable}._destroy() docs (Luigi Pinca) #16313
• [d57f358225] - doc: remove duplicate options (aayush.a) #16339
• [77e76141ee] - doc: fix comment in assert.md (umatoma) #16335
• [d0fc7ab4d2] - doc: add space after period (Diego Rodríguez Baquero) #16334
• [6c809e0125] - doc: minor correction to note on process section (Daniel Bevenius) #16311
• [49a41d9739] - doc: fix links in http2.md (Vse Mozhet Byt) #16307
• [8b4f1229ac] - doc: document opening hidden files on Windows (Bartosz Sosnowski) #15409
• [0585148c34] - doc: add return value to util.promisify (Supamic) #16040
• [497bfff7b2] - doc: clarify using crlfDelay with fs streams (Vse Mozhet Byt) #16259
• [7bf9878568] - doc: add apapirovski to collaborators (Anatoli Papirovski) #16302
• [97b8271aa4] - doc: add @nodejs/build to onboarding-extras.md (Lance Ball) #16298
• [d92b45ec55] - doc: update test/inspector reference (Jon Moss) #16277
• [e34509e8ed] - doc: public keys don't accept passphrases (Ben Noordhuis) #16087
• [720ea94894] - doc: clarify os.cpus() returns logical CPU cores (Luke Childs) #16282
• [8a8e5c775b] - doc: add return values in crypto documentation (Jeremy Huang) #16229
• [9eccb8479b] - doc: reduce keylen in pbkdf2 examples (Lukas) #16203
• [0776c80606] - doc: support multidimensional arrays in type link (Vse Mozhet Byt) #16207
• [3e7945ad3a] - doc: update to use NAPI_AUTO_LENGTH (Michael Dawson) #16187
• [7218bba916] - doc: move Shigeki to TSC Emeritus (Rich Trott) #16195
• [[c23bf96dbe](https://g...

2017-10-24, Version 6.11.5 'Boron' (LTS), @MylesBorins

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ for details on patched vulnerabilities.

Notable Changes

• zlib:
  • CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. nodejs-private/node-private#95

Commits

• [dd764d9cb6] - zlib: gracefully set windowBits from 8 to 9 (Myles Borins) nodejs-private/node-private#95