Uploaded image for project: 'GPII - Global Public Inclusive Infrastructure'
  1. GPII - Global Public Inclusive Infrastructure
  2. GPII-1782

Update Node.js version used to 0.10.45 due to security issues

    XMLWordPrintable

    Details

      Description

      https://nodejs.org/en/blog/release/v0.10.45/

      npm: Correct erroneous version number in v2.15.1 code (Forrest L Norvell) https://github.com/nodejs/node/pull/5987
      openssl: Upgrade to v1.0.1t, addressing security vulnerabilities (Shigeki Ohtsu) https://github.com/nodejs/node/pull/6553
      Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
      See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details

      Once we're targetting a more modern version of Node.js, we will point GPII/universal to the 'latest' tag so it uses the latest version available in the LTS branch. For now we have to keep updating the version numbers every time there is a new 0.10.x release. At this time, latest == 4.4.4

        Attachments

          Activity

            People

            Assignee:
            gtirloni Giovanni Tirloni
            Reporter:
            gtirloni Giovanni Tirloni
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: