-
Notifications
You must be signed in to change notification settings - Fork 6.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sec: upcoming security announcement #1496
Conversation
@nodejs/website please review, would like to publish within the next hour (Although I'm in a meeting 3-4 so it may be 4 before I get back to it, so feel free to land if it looks ok) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Should we also update the main header? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one quick nit
--- | ||
date: 2017-12-04T19:30:00.617Z | ||
category: vulnerability | ||
title: Data Confidentiality/Integrity Vulnerability, September 2017 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
December 2017
@maclover7 thanks, good catch. Updated. |
@MylesBorins we should probably define our policy on that. If we should do it as part of the announce and release I'll update the instructions to reflect that. |
|
||
# Data Confidentiality/Integrity Vulnerability | ||
|
||
All versions of 4.x, 6.x, 8.x and 9.x are vulnerable to an issue to be fixed in the forthcoming OpenSSL-1.0.2n released on Dec 7 see https://mta.openssl.org/pipermail/openssl-announce/2017-December/000108.html for more details. The severity of this vulnerability of Node.js is HIGH (due to the way Node.js uses the OpenSSL APIs) and users of the affected versions should plan to upgrade when a fix is made available. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: add a comma after Dec 7?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
Also added to banner. |
PR-URL: #1496 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com>
Landed as e552ce4 |
Oops, I was a few minutes too late. Oh, well, they were very small nits. |
No description provided.