Node v0.12.13 (LTS)

Rod Vagg

This is a security release, upgrading the bundled version of npm due to a credentials leak vulnerability. Further information can be found in our post: /blog/vulnerability/npm-tokens-leak-march-2016/

Node.js v0.12.13 will be the final Active-LTS release for the v0.12 release line, from next month, v0.12 moves in to Maintenance. This change impacts on the types of changes that will be accepted in to v0.12 releases, restricting them primarily to critical security and stability fixes. v0.12 will remain supported until the end of 2016 but it is important that you begin planning your move to a new release line as soon as possible. v4 (LTS "Argon") is recommended at this stage.

Update: the version of npm included in this release does not have the correct version string. As such executing npm -v will report 2.15.0 rather than 2.15.1, which is incorrect. The source code included in this release is in fact the source for 2.15.1, including the security fix.

Notable changes:

npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) https://github.com/nodejs/node/pull/5967
openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on OPENSSL_NO_WEAK_SSL_CIPHERS to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (https://github.com/nodejs/LTS/issues/85). (Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712

Commits:

[2ce29165a1] - deps: upgrade npm in LTS to 2.15.1 (Forrest L Norvell)
[a115779026] - deps: Disable EXPORT and LOW ciphers in openssl (Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712
[ab907eb5a8] - test: skip cluster-disconnect-race on Windows (Gibson Fahnestock) https://github.com/nodejs/node/pull/5621
[9c06db7444] - test: change tls tests not to use LOW cipher (Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712
[154098a3dc] - test: bp fix for test-http-get-pipeline-problem.js (Michael Dawson) https://github.com/nodejs/node/pull/3013
[ff2bed6e86] - win,build: support Visual C++ Build Tools 2015 (João Reis) https://github.com/nodejs/node/pull/5627

Shasums (GPG signing hash: SHA512, file hash: SHA256):

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

b6e84fce06882ec5da0870d7ed7b70541d9de505e767dc2fbd9605518d27d869  node.exe
efbee64b1c5602f1ef50a26358e3a007c79892070b4500df4c3454635ce4fd9b  node.exp
4edacd81a4df404cded210d35b2fbd28835f2b849bc43dad89252e4f3f2a0a59  node.lib
9a6ef0d67a661253cbdb3fc92f99c5d06e569f6db86407f34df0e47b7a7e923f  node.pdb
e842a8eb8b7658d177675de9d054de4d7fb7d6c77edfcda7d83adb95b029bf3d  node-v0.12.13-darwin-x64.tar.gz
41d2f04872c1c1079856be475bdbdee5c63ac227cc2c08b94a6b48bac0469a2d  node-v0.12.13-darwin-x64.tar.xz
8ecdcd3b29ef0d3264bb48c0834bc024016d19a8f5c040fa6b51328191f39a60  node-v0.12.13-darwin-x86.tar.gz
33aeb892d0d0c044cc2dbfba4a234821ea9dcb09d4310e5b15fe0752d8b87e98  node-v0.12.13-darwin-x86.tar.xz
bf6a8de61b08935e91ac345e2dcd54c95d1def963b5db9a8bb33cf75963e13e6  node-v0.12.13-headers.tar.gz
19f6106b69a442da72ae9cf7f8ca9cef75d9a19348bd8c378ce1df50dad258b3  node-v0.12.13-headers.tar.xz
3e8b6ee32fc9a726bfe6f3961bcccf3d2b6d0ddd68326abb4434039f16e10f09  node-v0.12.13-linux-x64.tar.gz
6953bdca60cb703551d04078090a3347a0a8a820fded61bfb94005462251a7f2  node-v0.12.13-linux-x64.tar.xz
8300b9cbe363bf2a5fd987e7d05a88cb60842ad5b0ea6cbf3f4342eef547feed  node-v0.12.13-linux-x86.tar.gz
5618b0987a3b214c063578aa4e1905ba49ea2546894dd1b3277f659a3d563d03  node-v0.12.13-linux-x86.tar.xz
ca6395291862af79808b42d91a6f6e2ab7ec7ca5187c6de13d9a2cc2b47956f8  node-v0.12.13.pkg
9b40e2b657e560901c6cccf3c93d01a5055cb4d011ccfefe1b977dae7935ea42  node-v0.12.13-sunos-x64.tar.gz
961be780775a91b453c260aca11c4ea24ce64b077ac3ee0970c0faa418a8c865  node-v0.12.13-sunos-x64.tar.xz
83f862b0383ba6c9a15f32a043de48288b087c0f368117eac36d66779491a910  node-v0.12.13-sunos-x86.tar.gz
15eca8c6c3aa8b2e2262b77c6047be97802b5fd6f2e23d73bf0a3daa856cae4f  node-v0.12.13-sunos-x86.tar.xz
0a972ed6442cb526aa7aa1bcb10aa536b65bd90ab4956b5a1aa51b4b7bb071bd  node-v0.12.13.tar.gz
d0a4ebff052016c81184b6b880009f299263fc1a2f2bca35483b67bb886c6556  node-v0.12.13.tar.xz
03502f5cf6d3c6b8dc112558219af0ceba6af5793e1fb8139a6567780eded07d  node-v0.12.13-x86.msi
4288ca4a92e3b79365b4be8fe5bc2d34066db7f1027dbcdfe42b7350eb5e1363  openssl-cli.exe
5588b16ed5e0ad2ddd7b025353922bcedd7567fde3680175dee78046debcdfcd  openssl-cli.pdb
75c0fc30a9454cecd40f43b3da8060eff1d22b1e7e2616afd9625678026a3880  x64/node.exe
fc6a706dda6b96c4c3da96107b48580c4e5c9327667d5234c033f68ae5f54215  x64/node.exp
8bf8cf62ef9629fd686008233fe5a97dff0b093f81cc2979aae9f1490f4b499d  x64/node.lib
71396d3e53c3cfa93e95f81b464f7acd97d1e2454f2bfa7c0a9c407ada2bf18b  x64/node.pdb
0c77dedd115776b7c5e1661a1c9c3ecc4cb5a119820b0919d190ba8fe15137f4  x64/node-v0.12.13-x64.msi
d1ee99c0c37c7ac017725ec69169beba8d9358af9ba61ed0cf3e058cd3dfd224  x64/openssl-cli.exe
7c6ebb541559eedf977109418f017bf035567936efee6f576516580a52a73a3b  x64/openssl-cli.pdb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJW/bxoAAoJEMJzeS99g1Rd258H/Rj9sMrQ7HNLrLJdEGHr7rqW
vxfmkHHX3dWS8IqrsoupeskSJeW4YLW8tB5MYKDJiU5hsjwPR6it4oDs8xvxmsaG
UrZiTqTiFGNJ0Q6atxcBvkKJ0bUKGmyg9sHnFG1YbrfXryAG7usy1Ko2lzrh4WUt
e8FokEoOMVYySJQxg+V8MrrNXwW3T9qPlW3cnPC3lTYS1wh9nTQgBeb8DnWaSMdD
lkE8AmCbsM3KSM5qADbOEgjBP9VGJhFCBAtl5LZjlXs7/fca3GTCfTqPrqI4+pSn
Qlv+t2nQMn5hd1U9oiROKrneVwMQwMBmRjx8m6c4dQ0rpm4paYrp/H2snfW2LHw=
=Gzpx
-----END PGP SIGNATURE-----

PrevNode v4.4.2 (LTS)NextNode v5.9.1 (Current)