2017-12-08, Version 4.8.7 'Argon' (Maintenance), @MylesBorins

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

• CVE-2017-15896
• CVE-2017-3738 (from the openssl project)

Notable Changes

• deps:
  • openssl updated to 1.0.2n (Shigeki Ohtsu) #17526

Commits

• [4f8fae3493] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #17526
• [eacd090e7b] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [3e6b0b0d13] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [b0ed4c52af] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [dd6a2dff1e] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #17526
• [b3afedfbe9] - deps: upgrade openssl sources to 1.0.2n (Shigeki Ohtsu) #17526
• [f7eb162d0d] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389

2017-12-05, Version 8.9.2 'Carbon' (LTS), @gibfahn

Notable Changes

• console:
  • avoid adding infinite error listeners (Matteo Collina) #16770
• http2:
  • improve errors thrown in header validation (Joyee Cheung) #16718

Commits

• [1bf6250b99] - doc : mention constant-time in crypto doc (Mithun Sasidharan) #16604
• [585f8698af] - build: include src\tracing when linting on win (Daniel Bevenius) #16720
• [d9a18beaa6] - build: suppress lint-md output (Gibson Fahnestock) #16551
• [4e848d4afb] - build: add missing comma in sources list (Daniel Bevenius) #16613
• [9df1e8f10e] - console: avoid adding infinite error listeners (Matteo Collina) #16770
• [7ba037592d] - deps: cherry-pick cc55747 from V8 upstream (Franziska Hinkelmann) #16890
• [c3c9a8d4bf] - doc: recommend node-core-utils for metadata (Rich Trott) #16978
• [891ddad93c] - doc: fix typo in http2 doc (Gus Caplan) #16993
• [ccd36467f8] - doc: reorganize COLLABORATOR_GUIDE.md (Rich Trott) #15710
• [8f0793ff93] - doc: clarify the prerequisites for building with VS2017 (Nikolai Vavilov) #16903
• [6e7a444a91] - doc: outline commit message for breaking changes (Maton Anthony) #16846
• [6eb550da34] - doc: remove duplicate 'the' from http2 API doc (Vipin Menon) #16924
• [0b8a400cad] - doc: correct the spelling of omitting in dgram.md (Vidya Subramanyam) #16910
• [adb8f08c36] - doc: fix a typo in the documentation (Mamatha J V) #16909
• [d721c0bb5e] - doc: improve documentation for the vm module (Franziska Hinkelmann) #16867
• [360f40354e] - doc: fix typo in assert.md (Andres Kalle) #16866
• [c4634bf506] - doc: update subprocess.killed (cjihrig) #16748
• [eafc0a1314] - doc: fix a link in dgram.md (Vse Mozhet Byt) #16854
• [fab55980be] - doc: add isTTY property documentation (SonaySevik) #16828
• [f2a9c024ed] - doc: fix json generator warnings (Luigi Pinca) #16742
• [3319b2092f] - doc: update license to include node-inspect (Myles Borins) #16659
• [7618567b4f] - doc: add docs for Zlib#close() (Luigi Pinca) #16592
• [2cc05e0657] - doc: add nodejs/gyp team for GYP related issues (Gibson Fahnestock) #16638
• [542f3b9cc0] - doc: add details about rss on process.memoryUsage (Anthony Nandaa) #16566
• [13866b8b1b] - doc: add windowsVerbatimArguments docs (Andrew Stucki) #16299
• [d2e4a87321] - doc: howto decode buffers extending from Writable (dicearr) #16403
• [a2fd9a3cf2] - doc: add *-inl.h include rule to C++ style guide (Joyee Cheung) #16548
• [9b8e2a68d8] - http: use arrow fns for lexical this in Agent (Bryan English) #16475
• [29efb02f12] - http2: multiple smaller code cleanups (James M Snell) #16764
• [658301664f] - http2: improve errors thrown in header validation (Joyee Cheung) #16718
• [8cf8a327c8] - http2: refactor settings handling (James M Snell) #16668
• [4faf2ec783] - lib: replace string concatenation with template (Suryanarayana Murthy N) #16933
• [14f8cee401] - lib: guard inspector console using process var (Daniel Bevenius) #15008
• [2ad051d62c] - lib: change concatenated string to template (Pawan Jangid) #16930
• [28f036045b] - lib: change concatenated string to template (Nayana Das K) #16925
• [134c2f31f2] - lib: replace string concatenation with template (subrahmanya chari p) #16917
• [dc14c25ee9] - loader: test search module (Cyril Lakech) #16795
• [d27ec13cd3] - repl: avoid crashing from null and undefined errors (cPhost) #16574
• [40880897fe] - src: use unrefed async for GC tracking (Anna Henningsen) #16758
• [f7411b5df7] - src: make StreamBase prototype accessors robust (Joyee Cheung) #16860
• [8d31294b3b] - src: CHECK() for argument overflow in Spawn() (cjihrig) #16761
• [57b377ef93] - src: improve module loader readability (Anna Henningsen) #16536
• [82076ed91f] - src: pass context to Get() operations for cares_wrap (Evan Lucas) #16641
• [79e1d7719d] - src: remove unused includes in string_bytes.h (Daniel Bevenius) #16606
• [cecd1e3def] - src: fix etw provider include on Windows (Joyee Cheung) #16639
• [255fffbbc8] - src: do not include x.h if x-inl.h is included (Joyee Cheung) #16548
• [efdd7c8cae] - test: reuse existing PassThrough implementation (Tobias Nießen) #16936
• [375bec00a4] - test: use fixtures module for path resolve (sercan yersen) #16842
• [6ab706d7f0] - test: refactor comments in test-child-process-spawnsync-maxbuf (ChrBergert) #16829
• [315fba8bfd] - test: used fixturesDir from fixtures modules (Klemen Kogovsek) #16813
• [5c8fb6a976] - test: refactor fs.write() test (Patrick Heneise) #16827
• [4f587e5a30] - test: add a test description (Grant Gasparyan) #16833
  ...

2017-12-05, Version 6.12.1 'Boron' (LTS), @MylesBorins

This LTS release comes with 263 commits. This includes 173 which are test related,
41 which are doc related, 18 which are build / tool related and 1 commit which is an update to a dependency.

Notable Changes

• build:
  • fix npm install with --shared (Ben Noordhuis) #16438
• build:
  • building with python 3 is now supported (Emily Marigold Klassen) #16058
• src:
  • v8 options can be specified with either '_' or '-' in NODE_OPTIONS (Sam Roberts) #14093

Commits

• [575a920a16] - assert: fix actual and expected order (Steve Jenkins) #15866
• [a0c1d10e91] - build: remove cctest extension (Yihong Wang) #16680
• [c287f1235c] - build: include src\tracing when linting on win (Daniel Bevenius) #16720
• [706812bc2f] - build: skip bin override on windows (Hitesh Kanwathirtha) #16460
• [f4627603aa] - build: fix npm install with --shared (Ben Noordhuis) #16438
• [6d63612e93] - build: correct minor typo in lttng help message (Daniel Bevenius) #16101
• [de82db7f85] - build: ignore empty folders in test-addons (Gregor) #16031
• [ac1beb0fb0] - build: use bin override if no python in PATH (Bradley T. Hughes) #16241
• [d4b3b633d8] - build: allow build with system python 3 (Emily Marigold Klassen) #16058
• [fc2ab06014] - build, windows: use /bigobj for debug builds (Nikolai Vavilov) #16289
• [ccca11d026] - build,win: set /MP separately in Debug and Release (Nikolai Vavilov) #16415
• [a14f564686] - build,win: use /MP for debug builds (Nikolai Vavilov) #16333
• [8813867577] - child_process: set shell to false in fork() (Alex Gresnel) #15352
• [f2cafff9b0] - crypto: fix error of createCipher in wrap mode (Shigeki Ohtsu) #15037
• [7115079c4f] - crypto: warn if counter mode used in createCipher (Shigeki Ohtsu) #13821
• [50c3dabc0f] - deps: backport 4af8029 from upstream V8 (Michaël Zasso) #17290
• [101eb981fe] - doc: mention constant-time in crypto doc (Mithun Sasidharan) #16604
• [1bc5c3836c] - doc: recommend node-core-utils for metadata (Rich Trott) #16978
• [4583f1be0c] - doc: reorganize COLLABORATOR_GUIDE.md (Rich Trott) #15710
• [fce790285f] - doc: improve documentation for the vm module (Franziska Hinkelmann) #16867
• [727a0fe641] - doc: update subprocess.killed (cjihrig) #16748
• [44c0385b04] - doc: more accurate zlib windowBits information (Anna Henningsen) #16511
• [732af9b8a4] - doc: add Gibson Fahnestock to Release team (Gibson Fahnestock) #16620
• [935b15285f] - doc: slightly relax 50 character rule (James M Snell) #16523
• [39c63da6d2] - doc: add note to releases.md (Jon Moss) #16507
• [60ae428f30] - doc: add dot in documentations (erwinwahyura) #16542
• [7ae23b744b] - doc: fix missing newline character (Daijiro Wachi) #16447
• [af869f03c1] - doc: add recommendations for first timers (Refael Ackermann) #16350
• [b7d609c2f8] - doc: replace undocumented encoding aliases (Vse Mozhet Byt) #16368
• [2cbf75da7e] - doc: replace methods used in the example code (Damian) #16416
• [0b5a0ada2a] - doc: fix comment in assert.md (umatoma) #16335
• [4fbc490704] - doc: add space after period (Diego Rodríguez Baquero) #16334
• [c3cc0fd258] - doc: minor correction to note on process section (Daniel Bevenius) #16311
• [47bf494979] - doc: add apapirovski to collaborators (Anatoli Papirovski) #16302
• [9c96d7f4fd] - doc: clarify os.cpus() returns logical CPU cores (Luke Childs) #16282
• [ba62b0e48a] - doc: support multidimensional arrays in type link (Vse Mozhet Byt) #16207
• [aefaed40f0] - doc: move Shigeki to TSC Emeritus (Rich Trott) #16195
• [1fdcf75f9c] - doc: Update a typo in module.js' comments (Orta) #16205
• [799c6fdc1c] - doc: add missing comma (Jon Moss) #16204
• [8c070f9ed5] - doc: added note to fs.watchFile on previousStat (NiveditN) #16099
• [2515cad90e] - doc: ensure collaborators validate commits (Bradley Farias) #16162
• [7647d41da1] - doc: move 8 collaborators to emeriti (Rich Trott) #16173
• [de8155ebf2] - doc: include V8 commit URL in V8 backport guide (Gibson Fahnestock) #16054
• [6f1ba792d7] - doc: add pronoun for fhinkel (F. Hinkelmann) #16069
• [8da3b51472] - doc: document windows shell support (Tim Ermilov) #16104
• [281023b20d] - doc: exempt test/doc only changes from 48-hr rule (Anna Henningsen) #16135
• [04d5835722] - doc: rename good first contrib label (Jeremiah Senkpiel) #16150
• [1064258f9d] - doc: remove bold typography from STYLE_GUIDE.md (Rich Trott) #16085
• [23e9bba9c8] - doc: ctc -> tsc in onboarding extras (Bryan English) #15621
• [ff66d63642] - doc: fix emitKeypressEvents stream type (Oblosys) #15399
• [1bd6962842] - doc: make stream.Readable consistent (Sakthipriyan Va...

2017-11-14, Version 9.2.0 (Current), @evanlucas

Notable Changes

• crypto:
  • Support building with both 1.1.0 and 1.0.2 (David Benjamin) #16130
• fs:
  • fs.realpathSync.native and fs.realpath.native are now exposed (Ben Noordhuis) #15776
• process:
  • expose process.ppid (cjihrig) #16839

Commits

• [02ea0ee507] - build: fix cctest compilation (Daniel Bevenius) #16887
• [a4557f294a] - build: remove cctest extension (Yihong Wang) #16680
• [1dc4fc1390] - build: include src\tracing when linting on win (Daniel Bevenius) #16720
• [4c11801ed7] - build: add missing options to help message (Daniel Bevenius) #16707
• [bed0560fb5] - console: avoid adding infinite error listeners (Matteo Collina) #16770
• [31dadd2007] - (SEMVER-MINOR) crypto: deprecate {ecdhCurve: false} (David Benjamin) #16130
• [f952caa677] - (SEMVER-MINOR) crypto: clear some SSL_METHOD deprecation warnings (David Benjamin) #16130
• [a5e7255385] - (SEMVER-MINOR) crypto: make ALPN the same for OpenSSL 1.0.2 & 1.1.0 (David Benjamin) #16130
• [07102ace9e] - (SEMVER-MINOR) crypto: remove deprecated ECDH calls w/ OpenSSL 1.1 (David Benjamin) #16130
• [627a15f9e5] - (SEMVER-MINOR) crypto: emulate OpenSSL 1.0 ticket scheme in 1.1 (David Benjamin) #16130
• [8a8ac8ce4d] - (SEMVER-MINOR) crypto: hard-code tlsSocket.getCipher().version (David Benjamin) #16130
• [c42935b79c] - (SEMVER-MINOR) crypto: add compat logic for "DSS1" and "dss1" (David Benjamin) #16130
• [5c24fc32c9] - (SEMVER-MINOR) crypto: Make Hmac 1.1.0-compatible (David Benjamin) #16130
• [fa1fc16c3e] - (SEMVER-MINOR) crypto: make SignBase compatible with OpenSSL 1.1.0 (David Benjamin) #16130
• [abe3dc48cc] - (SEMVER-MINOR) crypto: make Hash 1.1.0-compatible (David Benjamin) #16130
• [59acd27409] - (SEMVER-MINOR) crypto: make CipherBase 1.1.0-compatible (David Benjamin) #16130
• [6c3ae36cab] - (SEMVER-MINOR) crypto: remove locking callbacks for OpenSSL 1.1.0 (David Benjamin) #16130
• [81760ffea9] - (SEMVER-MINOR) crypto: use RSA and DH accessors (David Benjamin) #16130
• [568d9d0eac] - (SEMVER-MINOR) crypto: test DH keys work without a public half (David Benjamin) #16130
• [6a9c528a50] - (SEMVER-MINOR) crypto: account for new 1.1.0 SSL APIs (David Benjamin) #16130
• [cc744b9b26] - (SEMVER-MINOR) crypto: remove unnecessary SSLerr calls (David Benjamin) #16130
• [201393f655] - (SEMVER-MINOR) crypto: estimate kExternalSize (David Benjamin) #16130
• [efd9bc36fa] - (SEMVER-MINOR) crypto: make node_crypto_bio compat w/ OpenSSL 1.1 (David Benjamin) #16130
• [8da4983cb4] - (SEMVER-MINOR) crypto: use X509_STORE_CTX_new (David Benjamin) #16130
• [9c6f63bf3b] - deps: cherry-pick 3c8195d from V8 upstream (Franziska Hinkelmann) #16897
• [6ddba2e08e] - deps: patch V8 to 6.2.414.44 (Myles Borins) #16848
• [f82d3e44c8] - deps: upgrade libuv to 1.16.1 (cjihrig) #16835
• [38ac50a084] - deps: cherry-pick cc55747 from V8 upstream (Franziska Hinkelmann) #16890
• [75405a1481] - deps: ICU 60 bump (Steven R. Loomis) #16876
• [28b7bf062a] - deps: cherry-pick b8331cc030 from upstream V8 (Daniel Bevenius) #16900
• [2266cafba5] - Revert "deps: cherry-pick b8331cc030 from upstream V8" (Daniel Bevenius) #16899
• [81f14bffff] - deps: cherry-pick b8331cc030 from upstream V8 (Daniel Bevenius) #16743
• [6922fda1b5] - doc: recommend node-core-utils for metadata (Rich Trott) #16978
• [ccf1f6aa13] - doc: fix typo in http2 doc (Gus Caplan) #16993
• [54768f5094] - doc: reorganize COLLABORATOR_GUIDE.md (Rich Trott) #15710
• [c4e2343bfb] - doc: drop support for VS2015 (Nikolai Vavilov) #16868
• [74f33724a2] - doc: clarify the prerequisites for building with VS2017 (Nikolai Vavilov) #16903
• [1510fda1b0] - doc: outline commit message for breaking changes (Maton Anthony) #16846
• [1fcd95e517] - doc: remove duplicate 'the' from http2 API doc (Vipin Menon) #16924
• [b46714c023] - doc: fix typos in N-API (Swathi Kalahastri) #16911
• [3ba52c1582] - doc: correct the spelling of omitting in dgram.md (Vidya Subramanyam) #16910
• [e60eff6c01] - doc: fix a typo in the documentation (Mamatha J V) #16909
• [6e9973e912] - doc: improve documentation for the vm module (Franziska Hinkelmann) #16867
• [15dcb96b28] - doc: fix a typo in n-api documentation (Vipin Menon) #16879
• [928647c77c] - doc: fix typo in assert.md (Andres Kalle) #16866
• [a184dbcb2c] - doc: update subprocess.killed (cjihrig) #16748
• [deff9f5527] - events: remove emit micro-optimizations (Anatoli Papirovski) #16869
• [8611e3b93b] - (SEMVER-MINOR) fs: expose realpath(3) bindings (Ben Noordhuis) #15776
• [8dfd5a515a] - http2: multiple smaller code cleanups (James M Snell) #16764
• [8245e5a2d4] - http2: simplify subsequent rstStr...

2017-11-07, Version 9.1.0 (Current), @cjihrig

Notable Changes

• CLI:
  • NODE_OPTIONS now supports the --stack-trace-limit option. #16495
• deps:
  • OpenSSL is upgraded to 1.0.2m #16691
• http:
  • A 'connect' event handler leak has been fixed. #16725
  • The 103 Early Hints status code is now supported. #16644

Commits

• [32417999ac] - build: suppress lint-md output (Gibson Fahnestock) #16551
• [433745e7eb] - build: add missing comma in sources list (Daniel Bevenius) #16613
• [8bc5249223] - build: make test-doc and lint addon docs (Joyee Cheung) #16377
• [88ad01fce7] - build: make doc target quiet (Daniel Bevenius) #16516
• [f3e01618f1] - build,src: Add CloudABI as a POSIX-like runtime environment. (Ed Schouten) #16612
• [7349d42945] - (SEMVER-MINOR) cli: add --stack-trace-limit to NODE_OPTIONS (Anna Henningsen) #16495
• [ed0fbd8d72] - deps: cherry-pick e7f4e9e from upstream libuv (Bartosz Sosnowski) #16724
• [185229e258] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #16691
• [162686f5f4] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [e0f6dee961] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [3d7eea5da8] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [3438765781] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #16691
• [b130febd1d] - deps: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
• [90e8e81bbb] - doc: mention constant-time in crypto doc (Mithun Sasidharan) #16604
• [dee7800ae8] - doc: add links to EventEmitter in errors.md (Delapouite) #16861
• [f097e2775b] - doc: fix a link in dgram.md (Vse Mozhet Byt) #16854
• [978aa8476b] - doc: add isTTY property documentation (SonaySevik) #16828
• [6739f41f2d] - doc: fix json generator warnings (Luigi Pinca) #16742
• [2bb148f7bb] - doc: make stream.Readable consistent (Sakthipriyan Vairamani (thefourtheye)) #16786
• [e05d4f43b6] - doc: correct effects to affects (gowpen) #16794
• [d7df4dfa1c] - doc: correct EventEmitter reference (gowpen) #16791
• [77e4ec8c51] - doc: update license to include node-inspect (Myles Borins) #16659
• [7388144dbc] - doc: add 9.x to version picker and mark 8.x as LTS (Chris Young) #16672
• [e585c41487] - doc: add docs for Zlib#close() (Luigi Pinca) #16592
• [d5ea177652] - doc: add nodejs/gyp team for GYP related issues (Gibson Fahnestock) #16638
• [09181eb976] - doc: add details about rss on process.memoryUsage (Anthony Nandaa) #16566
• [3fd7eddb44] - doc: add windowsVerbatimArguments docs (Andrew Stucki) #16299
• [1771bb5039] - doc: fix Changelog link order (Gibson Fahnestock) #16632
• [6ee28b2823] - doc: util.isDeepStrictEqual returns boolean (Lucas Azzola) #16653
• [59a4789eee] - doc: howto decode buffers extending from Writable (dicearr) #16403
• [d733dd9468] - doc: add *-inl.h include rule to C++ style guide (Joyee Cheung) #16548
• [1cef9ef1de] - doc: make default values and periods consistent (Matej Krajčovič) #16563
• [77f0359708] - http: use 'connect' event only if socket is connecting (Luigi Pinca) #16725
• [9c39d79908] - http: use arrow fns for lexical this in Agent (Bryan English) #16475
• [1b090c9b66] - http, http2: add 103 Early Hints status code (Yosuke Furukawa) #16644
• [d6d461003f] - http, tls: better support for IPv6 addresses (Mattias Holmlund) #14772
• [762a11fab3] - http2: improve errors thrown in header validation (Joyee Cheung) #16718
• [72d0e7e70b] - http2: refactor multiple internals (James M Snell) #16676
• [e3283c71ce] - http2: allocate on every chunk send (James M Snell) #16669
• [dfe56847ac] - http2: refactor settings handling (James M Snell) #16668
• [bf7dc38ae4] - http2: make sessions garbage-collectible (Anna Henningsen) #16461
• [3f529620cc] - http2: remove unused assignment (Anna Henningsen) #16461
• [b50c33470e] - http2: track async state for sending (Anna Henningsen) #16461
• [224ea159ae] - http2: move uv_prepare handle to Http2Session (Anna Henningsen) #16461
• [6074c8cdbb] - inspector: include node_platform.h header (Alexey Kuzmin) #16677
• [e0c7b3d13f] - lib: shuffle v8_prof_polyfill.js for unit testing (Ben Noordhuis) #16769
• [c14030ec7a] - lib: fix version check in tick processor (Ben Noordhuis) #16769
• [a0b94f4e12] - lib: refactor ES module loader for readability (Anna Henningsen) #16579
• [083a6e3830] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
• [05f90478fc] - repl: avoid crashing from null and undefined errors (cPhost) #16574
• [da66610798] - src: fix -Win...

2017-11-07, Version 8.9.1 'Carbon' (LTS), @gibfahn

Notable Changes

• openssl:
  • upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
• Revert "https:
  • refactor to use http internals" (Myles Borins) #16660

Commits

• [6a7e5ceaa9] - deps: V8: cherry-pick 32141e9 from upstream (Ali Ijaz Sheikh) #16704
• [a815e1b6a2] - deps: cherry-pick e7f4e9e from upstream libuv (Bartosz Sosnowski) #16724
• [7f86e8190c] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #16691
• [1af2244020] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [9d98dcc395] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [99319efc45] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [151a8da4b7] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #16691
• [d68e53452c] - deps: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
• [a3be5bc560] - doc: add 9.x to version picker and mark 8.x as LTS (Chris Young) #16672
• [08b75c1591] - Revert "https: refactor to use http internals" (Myles Borins) #16660
• [d334a95834] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
• [bf26b96fd6] - src: add 'dynamic' process.release.lts property (Rod Vagg) #16656
• [dfac6cc0bb] - test: update process-release for Node 8 Carbon (Jeremiah Senkpiel) #16656

2017-11-07, Version 6.12.0 'Boron' (LTS), @MylesBorins

This LTS release comes with 127 commits. This includes 45 which are test related,
33 which are doc related, 13 which are updates to dependencies and 7 commits which are related to build / tools.

This release includes a security update to openssl that has been deemed low severity for the Node.js project.

Notable Changes

• assert:
  • assert.fail() can now take one or two arguments (Rich Trott) #12293
• crypto:
  • add sign/verify support for RSASSA-PSS (Tobias Nießen) #11705
• deps:
  • upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
  • upgrade libuv to 1.15.0 (cjihrig) #15745
  • upgrade libuv to 1.14.1 (cjihrig) #14866
  • upgrade libuv to 1.13.1 (cjihrig) #14117
  • upgrade libuv to 1.12.0 (cjihrig) #13306
• fs:
  • Add support for fs.write/fs.writeSync(fd, buffer, cb) and fs.write/fs.writeSync(fd, buffer, offset, cb) as documented (Andreas Lind) #7856
• inspector:
  • enable --inspect-brk (Refael Ackermann) #12615
• process:
  • add --redirect-warnings command line argument (James M Snell) #10116
• src:
  • allow CLI args in env with NODE_OPTIONS (Sam Roberts) #12028
  • --abort-on-uncaught-exception in NODE_OPTIONS (Sam Roberts) #13932
  • allow --tls-cipher-list in NODE_OPTIONS (Sam Roberts) #13172
  • use SafeGetenv() for NODE_REDIRECT_WARNINGS (Sam Roberts) #12677
• test:
  • remove common.fail() (Rich Trott) #12293

Commits

• [4917d8cfef] - (SEMVER-MINOR) assert: improve assert.fail() API (Rich Trott) #12293
• [5522bdf825] - benchmark: use smaller n value in some http tests (Peter Marshall) #14002
• [252d08ab77] - build: use generic names for linting tasks (Nikolai Vavilov) #15272
• [78dc92860f] - build: fix shared installing target (Yorkie Liu) #15148
• [6c9a9ff25c] - build: don't fail make test on source tarballs (Gibson Fahnestock) #15441
• [af63b38142] - crypto: use X509V3_EXT_d2i (David Benjamin) #15348
• [6b0812860d] - crypto: use SSL_SESSION_get_id (David Benjamin) #15348
• [46695703b6] - crypto: only try to set FIPS mode if different (Gibson Fahnestock) #12210
• [10a70353b2] - crypto: fix Node_SignFinal (David Benjamin) #15024
• [a7d4cade46] - (SEMVER-MINOR) crypto: add sign/verify support for RSASSA-PSS (Tobias Nießen) #11705
• [b98fa82de6] - deps: cherry-pick e7f4e9e from upstream libuv (Bartosz Sosnowski) #16724
• [748d3e5d04] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #16691
• [5da4ceba86] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [ef57db81ac] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [7b93a2fd63] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [265d948b30] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #16691
• [8386ce7645] - deps: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
• [02e4303c13] - (SEMVER-MINOR) deps: upgrade libuv to 1.15.0 (cjihrig) #15745
• [f22132e8f7] - deps: v8: fix potential segfault in profiler (Ali Ijaz Sheikh) #15498
• [08d683053f] - deps: upgrade libuv to 1.14.1 (cjihrig) #14866
• [a38755d0a4] - deps: upgrade libuv to 1.13.1 (cjihrig) #14117
• [3265840504] - (SEMVER-MINOR) deps: upgrade libuv to 1.12.0 (cjihrig) #13306
• [2d3e735783] - deps: V8: backport e560815 from upstream (Ali Ijaz Sheikh) #16133
• [a776639987] - doc: add 9.x to version picker and mark 8.x as LTS (Chris Young) #16672
• [0f3901a905] - doc: standardize function param/object prop style (Gibson Fahnestock) #13769
• [b0fadbe54f] - doc: fix typo in zlib.md (Luigi Pinca) #16480
• [37b93724ff] - doc: fix types and description for dns.resolveTxt (Tobias Nießen) #15472
• [6e06d0e1b5] - doc: add callback function signatures in fs.md (Matej Krajčovič) #13424
• [f1eda4a391] - doc: fix external links with 404 status (Vse Mozhet Byt) #15463
• [c64603fbb5] - doc: add kfarnung to collaborators (Kyle Farnung) #16108
• [da160cfda0] - doc: mention collaboration summit in onboarding.md (Joyee Cheung) #16079
• [699cfa1ee0] - doc: fix macosx-firewall suggestion BUILDING (suraiyah) #15829
• [547217346c] - doc: add clearer setup description (Emily Platzer) #15962
• [291b9c55cb] - doc: update style guide for markdown extension (Rich Trott) #15786
• [eaec35db9f] - doc: fix incorrect vm.createContext usage (tshemsedinov) #16059
• [ddee71afff] - doc: fix typo in tls.md (kohta ito) #15738
• [62ea82b73e] - doc: add 'git clean -xfd' to backport guide (Lance Ball) #15715
• [6d41c850b2] - doc: alphabetize TSC Emeriti in README.md (Rich Trott) #15722
• [6b1ce97196] - doc: fix dead link in doc/releases.md (Luigi Pinca) #15733
• [e865fcbb07] - doc: edit COLLABORATORS_GUIDE.md for readability (Rich Trott) #15629
• [af1863218c] - doc: fix links in some intra-repository docs (Vse Mozhet Byt) #15675
• [926b46c138] - doc: update libuv license (Timothy Gu) #15649
• [[f29f20f3f9](https://github.com/nodejs/node/commi...

2017-11-07, Version 4.8.6 'Argon' (Maintenance), @MylesBorins

This Maintenance release comes with 47 commits. This includes 26 commits which are updates to dependencies,
8 which are build / tool related, 4 which are doc related, and 2 which are test related.

This release includes a security update to openssl that has been deemed low severity for the Node.js project.

Notable Changes

• crypto:
  • update root certificates (Ben Noordhuis) #13279
  • update root certificates (Ben Noordhuis) #12402
• deps:
  • add support for more modern versions of INTL (Bruno Pagani) #13040
  • upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
  • upgrade openssl sources to 1.0.2l (Daniel Bevenius) #13233

Commits

• [e064ae62e4] - build: fix make test-v8 (Ben Noordhuis) #15562
• [a7f7a87a1b] - build: run test-hash-seed at the end of test-v8 (Michaël Zasso) #14219
• [05e8b1b7d9] - build: codesign tarball binary on macOS (Evan Lucas) #14179
• [e2b6fdf93e] - build: avoid /docs/api and /docs/doc/api upload (Rod Vagg) #12957
• [59d35c0775] - build,tools: do not force codesign prefix (Evan Lucas) #14179
• [210fa72e9e] - crypto: update root certificates (Ben Noordhuis) #13279
• [752b46a259] - crypto: update root certificates (Ben Noordhuis) #12402
• [3640ba4acb] - crypto: clear err stack after ECDH::BufferToPoint (Ryan Kelly) #13275
• [545235fc4b] - deps: add missing #include "unicode/normlzr.h" (Bruno Pagani) #13040
• [ea09a1c3e6] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #16691
• [68661a95b5] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [bdcb2525fb] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [3f93ffee89] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [16fbd9da0d] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #16691
• [55e15ec820] - deps: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
• [9c3e246ffe] - deps: backport 4e18190 from V8 upstream (jshin) #15562
• [43d1ac3a62] - deps: backport bff3074 from V8 upstream (Myles Borins) #15562
• [b259fd3bd5] - deps: cherry pick d7f813b4 from V8 upstream (akos.palfi) #15562
• [85800c4ba4] - deps: backport e28183b5 from upstream V8 (karl) #15562
• [06eb181916] - deps: update openssl asm and asm_obsolete files (Daniel Bevenius) #13233
• [c0fe1fccc3] - deps: update openssl config files (Daniel Bevenius) #13233
• [523eb60424] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [0aacd5a8cd] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [80c48c0720] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [bbd92b4676] - deps: copy all openssl header files to include dir (Daniel Bevenius) #13233
• [8507f0fb5d] - deps: upgrade openssl sources to 1.0.2l (Daniel Bevenius) #13233
• [9bfada8f0c] - deps: add example of comparing OpenSSL changes (Daniel Bevenius) #13234
• [71f9cdf241] - deps: cherry-pick 09db540,686558d from V8 upstream (Jesse Rosenberger) #14829
• [751f1ac08e] - Revert "deps: backport e093a04, 09db540 from upstream V8" (Jesse Rosenberger) #14829
• [ed6298c7de] - deps: cherry-pick 18ea996 from c-ares upstream (Anna Henningsen) #13883
• [639180adfa] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #12913
• [9ba73e1797] - deps: cherry-pick 4ae5993 from upstream OpenSSL (Shigeki Ohtsu) #12913
• [f8e282e51c] - doc: fix typo in zlib.md (Luigi Pinca) #16480
• [532a2941cb] - doc: add missing make command to UPGRADING.md (Daniel Bevenius) #13233
• [1db33296cb] - doc: add entry for subprocess.killed property (Rich Trott) #14578
• [0fa09dfd77] - doc: change child to subprocess (Rich Trott) #14578
• [43bbfafaef] - docs: Fix broken links in crypto.md (Zuzana Svetlikova) #15182
• [1bde7f5cef] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
• [e69f47b686] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
• [cb92f93cd5] - test: remove internal headers from addons (Gibson Fahnestock) #7947
• [5d9164c315] - test: move test-cluster-debug-port to sequential (Oleksandr Kushchak) #16292
• [07c912e849] - tools: update certdata.txt (Ben Noordhuis) #13279
• [c40bffcb88] - tools: update certdata.txt (Ben Noordhuis) #12402
• [161162713f] - tools: be explicit about including key-id (Myles Borins) #13309
• [0c820c092b] - v8: fix stack overflow in recursive method (Ben Noordhuis) #12460
• [a1f992975f] - zlib: fix crash when initializing failed (Anna Henningsen) #14666
• [31bf595b94] - zlib: fix node crashing on invalid options (Alexey Orlenko) #13098

2017-10-31, Version 9.0.0 (Current), @jasnell

Notable Changes

• Async hooks

  • Older experimental APIs have been removed. [d731369b1d] #14414

• Errors

  • Improvements have been made to buffer module error messages. [9e0f771224] #14975
  • The assignment of static error codes to Node.js error continues:
    • buffer: [e79a61cf80] #16352, [dbfe8c4ea2] #13976
    • child_process: [fe730d34ce] #14009
    • console: [0ecdf29340] #11340
    • crypto: [ee76f3153b] #16428, [df8c6c3651] #16453, [0a03e350fb] #16454, [eeada6ca63] #16448, [a78327f48b] #16429, [b8bc652869] #15757, [7124b466d9] #15746, [3ddc88b5c2] #15756
    • dns: [9cb390d899] #14212
    • events: [e5ad5456a2] #15623
    • fs: [219932a9f7] #15043, [b61cab2234] #11317
    • http: [11a2ca29ba] #14735, [a9f798ebcc] #13301, [bdfbce9241] #14423, [4843c2f415] #15603
    • inspector: [4cf56ad6f2] #15619
    • net: [a03d8cee1f] #11356, [7f55349079] #14782
    • path: [dcfbbacba8] #11319
    • process: [a0f7284346] #13739, [062071a9c3] #13285, [3129b2c035] #13982
    • querystring: [9788e96836] #15565
    • readline: [7f3f72c19b] #11390
    • repl: [aff8d358fa] #11347, [28227963fa] #13299
    • streams: [d50a802feb] #13310, [d2913384aa] #13291, [6e86a6651c] #16589, [88fb359c57] #15042, [db7d1339c3] #15665
    • string_decoder: [eb4940e2d2] #14682
    • timers: [4d893e093a] #14659
    • tls: [f67aa566a6] #13476, [3ccfeb483d] #13994
    • url: [473f0eff29] #13963
    • util: [de4a749788] #11301, [1609899142] #13293
    • v8: [ef238fb485] #16535
    • zlib: [896eaf6820] #16540, [74891412f1] #15618

• Child Processes

  • Errors are emitted on process nextTick. [f2b01cba7b] #4670

• Domains

  • The long-deprecated .dispose() method has been removed [602fd36d95] #15412

• fs

  • The fs.ReadStream and fs.WriteStream classes now use destroy(). [e5c290bed9] #15407
  • fs module callbacks are now invoked with an undefined context. [2249234fee] #14645

• HTTP/1

  • A 400 Bad Request response will now be sent when parsing fails. [f2f391e575] #15324
  • Socket timeout will be set when the socket connects. [10be20a0e8] #8895
  • A bug causing the request 'error' event to fire twice was fixed. [620ba41694] #14659
  • HTTP clients may now use generic Duplex streams in addition to net.Socket. [3e25e4d00f] #16267

• Intl

  • The deprecated Intl.v8BreakIterator has been removed. [668ad44922] #15238

• OS

  • The os.EOL property is now read-only [f6caeb9526] #14622

• Timers

  • setTimeout() will emit a warning if the timeout is larger that the maximum 32-bit unsigned integer. [ce3586da31] #15627

Commits

Semver-Major

• [de4a749788] - (SEMVER-MAJOR) internal/util: use internal/errors.js (Sebastian Van Sande) #11301
• [db2e093e05] - (SEMVER-MAJOR) assert: handle enumerable symbol keys (Ruben Bridgewater) #15169
• [b0d3bec95c] - (SEMVER-MAJOR) assert: use Same-value equality in deepStrictEqual (Ruben Bridgewater) #15398
• [e13d1df89b] - (SEMVER-MAJOR) assert: support custom errors (geek) #15304
• [ea2e6363f2] - (SEMVER-MAJOR) assert: use SameValueZero in deepStrictEqual (Ruben Bridgewater) #15036
• [c53db1e8e9] - (SEMVER-MAJOR) assert: show thrown message in doesNotThrow() (Ruslan Bekenev) #12167
• [fc463639fa] - (SEMVER-MAJOR) assert: fix assert.fail with zero arguments (Ruben Bridgewater) [#13974](https://github.com/nodejs/no...

2017-10-31, Version 8.9.0 'Carbon' (LTS), @gibfahn

This release marks the transition of Node.js v8 into Long Term Support (LTS) with the codename 'Carbon'. The v8 release line now moves in to "Active LTS" and will remain so until April 2019. After that time it will move in to "Maintenance" until end of life in December 2019.

Notable Changes

• doc:
  • add Gibson Fahnestock to Release team (Gibson Fahnestock) #16620
• deps:
  • update npm to 5.5.1 (Myles Borins) #16509
• http2:
  • The exposed http2 socket is no longer manipulatable (Anatoli Papirovski) #16330
• module:
  • support custom paths to require.resolve() (cjihrig) #16397
• util:
  • util.TextEncoder and util.TextDecoder are no longer experimental. There will no longer be a warning when they are used (James M Snell) #15743

Commits

• [d576e17691] - build: make test-doc and lint addon docs (Joyee Cheung) #16377
• [63e33ac327] - build: make doc target quiet (Daniel Bevenius) #16516
• [528edb2ea8] - build: ignore empty folders in test-addons-napi (Anna Henningsen) #16380
• [c8a3b2d171] - build: run linter before running tests (Joyee Cheung) #16284
• [a763fcd7a7] - build: improve make clean (Refael Ackermann) #16372
• [0a1f7fefc6] - build: skip bin override on windows (Hitesh Kanwathirtha) #16460
• [3b64fa451e] - build: fix npm install with --shared (Ben Noordhuis) #16438
• [9185cfef9c] - build: add lint-md-build (Daijiro Wachi) #12756
• [22ec800b20] - build: do not include deleted directory (Jon Moss) #16384
• [b5c6d596ca] - build,win: set /MP separately in Debug and Release (Nikolai Vavilov) #16415
• [9bea207e83] - child_process: fix memory leak in .fork() (Ben Noordhuis) #15679
• [bf2564df0d] - deps: V8: backport b1cd96e from upstream (Ali Ijaz Sheikh) #16308
• [ad692074a4] - deps: cherry-pick e0d64dc from upstream V8 (Michaël Zasso) #16490
• [7bdb8db440] - deps: cherry-pick 676c413 from upstream V8 (Michaël Zasso) #16490
• [5787f5331f] - deps: cherry-pick 2c75616 from upstream V8 (Michaël Zasso) #16490
• [0d7e4d2bdc] - deps: update npm to 5.5.1 (Myles Borins) #16509
• [4d9c1bedbd] - doc: add Gibson Fahnestock to Release team (Gibson Fahnestock) #16620
• [d6619b9ad4] - doc: document missing error codes (George Bezerra) #15160
• [fdc072bd9c] - doc: fix inconsistent server.listen documentation (Martin Michaelis) #16020
• [a6b3cd8166] - doc: more accurate zlib windowBits information (Anna Henningsen) #16511
• [e5c2059f88] - doc: make default values and periods consistent (Matej Krajčovič) #16563
• [b93275e1a3] - doc: slightly relax 50 character rule (James M Snell) #16523
• [1b08ae853e] - doc: http2.connect accepts net & tls options (Anatoli Papirovski) #16576
• [04602109e8] - doc: add note to releases.md (Jon Moss) #16507
• [03b233ed40] - doc: fix CHANGELOG_V8 indentation (Jon Moss) #16507
• [a7540d59e8] - doc: remove http2 pushStream weight option (Sebastiaan Deckers) #16451
• [4ba06d07cc] - doc: add dot in documentations (erwinwahyura) #16542
• [83902e6e02] - doc: add multiple build guide to benchmarking doc (Peter Marton) #16142
• [04fac61fdd] - doc: improve http2 documentation (Jacob Hoffman-Andrews) #16366
• [fe5d4535c9] - doc, win: remove note about resize (Bartosz Sosnowski) #16320
• [54ebf91394] - http2: make sessions garbage-collectible (Anna Henningsen) #16461
• [bfc1ad07a3] - http2: remove unused assignment (Anna Henningsen) #16461
• [56dd734a6a] - http2: track async state for sending (Anna Henningsen) #16461
• [5390d7e374] - http2: move uv_prepare handle to Http2Session (Anna Henningsen) #16461
• [95a61cbb1e] - http2: fix stream reading resumption (Anatoli Papirovski) #16580
• [98b9705cb8] - http2: simplify mapToHeaders, stricter validation (Anatoli Papirovski) #16575
• [e592c320ce] - http2: fix several timeout related issues (Anatoli Papirovski) #16525
• [24fd8ff32a] - http2: adjust stream buffer size (Anatoli Papirovski) #16445
• [2c2b6586e7] - http2: fix mapToHeaders() with single string value (Jinwoo Lee) #16458
• [e6e99eb447] - http2: do not allow socket manipulation (Anatoli Papirovski) #16330
• [3638694d8b] - http2: fix errors in debug statements (Anatoli Papirovski) #16373
• [754df71a79] - https: refactor to use http internals (Bryan English) #16395
• [2ea25ad3e2] - inspector: track async stacks when necessary (Ali Ijaz Sheikh) #16308
• [ab0d7a64aa] - lib: refactor wrap_js_stream for ES6/readability (Anna Henningsen) #16158
• [87fd5b798f] - lib: move _stream_wrap into internals (Anna Henningsen) #16158
• [96e82509b0] - lib: use destructuring for some constants (Weijia Wang) #16063
• [6be494251b] - lib: move duplicate spliceOne into internal/util (Weijia Wang) #16221
• [8c0c456c73] - lib: setup IPC channel before console (Nikolai Vavilov) #16562
• [3a230b42f3] -...