Security patches for io.js 1.8 and 2.3 and upcoming events.
io.js 1.8 and 2.3 Releases
- openssl: Upgrade to 1.0.2d, fixes CVE-2015–1793 (Alternate Chains Certificate Forgery) #2141.
- openssl: Upgrade to 1.0.2d, fixes CVE-2015–1793 (Alternate Chains Certificate Forgery) (Shigeki Ohtsu) #2141.
- npm: Upgraded to v2.12.1, release notes can be found in https://github.com/npm/npm/releases/tag/v2.12.0 andhttps://github.com/npm/npm/releases/tag/v2.12.1 (Kat Marchán) #2112.
See https://github.com/nodejs/io.js/labels/confirmed-bug for complete and current list of known issues.
- Some problems with unreferenced timers running during beforeExit are still to be resolved. See #1264.
- Surrogate pair in REPL can freeze terminal. #690
- process.send() is not synchronous as the docs suggest, a regression introduced in 1.0.2, see #760.
- Calling dns.setServers() while a DNS query is in progress can cause the process to crash on a failed assertion.#894
- url.resolve may transfer the auth portion of the url when resolving between two full hosts, see #1435.
- OpenSSL published a high severity security issue, io.js and Node.js have upgraded OpenSSL version and fixed the problem on latest version.
- Node.js LTS WG has updated their proposed LTS plan. They need some feedbacks from Noders.
- ReactNative required io.js as their test platform.
- BrazilJS Conf tickets are on sale, August 21st — 22nd at Shopping Center BarraShoppingSul
- NodeConf EU tickets are on sale, September 6th — 9th at Waterford, Ireland
- Node.js Italian Conference tickets are on sale, October 10th at Desenzano — Brescia, Italy
- JSConf CO, October 16th — 17th at Ruta N, Medellin