• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Node.js 0.10 ChangeLog
2
3<!--lint disable maximum-line-length no-literal-urls prohibited-strings-->
4
5<table>
6<tr>
7<th colspan="2">Stable</th>
8</tr>
9<tr>
10<td valign="top">
11<a href="#0.10.48">0.10.48</a><br/>
12<a href="#0.10.47">0.10.47</a><br/>
13<a href="#0.10.46">0.10.46</a><br/>
14<a href="#0.10.45">0.10.45</a><br/>
15<a href="#0.10.44">0.10.44</a><br/>
16<a href="#0.10.43">0.10.43</a><br/>
17<a href="#0.10.42">0.10.42</a><br/>
18<a href="#0.10.41">0.10.41</a><br/>
19<a href="#0.10.40">0.10.40</a><br/>
20<a href="#0.10.39">0.10.39</a><br/>
21<a href="#0.10.38">0.10.38</a><br/>
22<a href="#0.10.37">0.10.37</a><br/>
23<a href="#0.10.36">0.10.36</a><br/>
24<a href="#0.10.35">0.10.35</a><br/>
25<a href="#0.10.34">0.10.34</a><br/>
26<a href="#0.10.33">0.10.33</a><br/>
27<a href="#0.10.32">0.10.32</a><br/>
28<a href="#0.10.31">0.10.31</a><br/>
29<a href="#0.10.30">0.10.30</a><br/>
30<a href="#0.10.29">0.10.29</a><br/>
31<a href="#0.10.28">0.10.28</a><br/>
32<a href="#0.10.27">0.10.27</a><br/>
33<a href="#0.10.26">0.10.26</a><br/>
34<a href="#0.10.25">0.10.25</a><br/>
35<a href="#0.10.24">0.10.24</a><br/>
36<a href="#0.10.23">0.10.23</a><br/>
37</td>
38<td valign="top">
39<a href="#0.10.22">0.10.22</a><br/>
40<a href="#0.10.21">0.10.21</a><br/>
41<a href="#0.10.20">0.10.20</a><br/>
42<a href="#0.10.19">0.10.19</a><br/>
43<a href="#0.10.18">0.10.18</a><br/>
44<a href="#0.10.17">0.10.17</a><br/>
45<a href="#0.10.16">0.10.16</a><br/>
46<a href="#0.10.15">0.10.15</a><br/>
47<a href="#0.10.14">0.10.14</a><br/>
48<a href="#0.10.13">0.10.13</a><br/>
49<a href="#0.10.12">0.10.12</a><br/>
50<a href="#0.10.11">0.10.11</a><br/>
51<a href="#0.10.10">0.10.10</a><br/>
52<a href="#0.10.9">0.10.9</a><br/>
53<a href="#0.10.8">0.10.8</a><br/>
54<a href="#0.10.7">0.10.7</a><br/>
55<a href="#0.10.6">0.10.6</a><br/>
56<a href="#0.10.5">0.10.5</a><br/>
57<a href="#0.10.4">0.10.4</a><br/>
58<a href="#0.10.3">0.10.3</a><br/>
59<a href="#0.10.2">0.10.2</a><br/>
60<a href="#0.10.1">0.10.1</a><br/>
61<a href="#0.10.0">0.10.0</a><br/>
62</td>
63</tr>
64</table>
65
66* Other Versions
67  * [18.x](CHANGELOG_V18.md)
68  * [17.x](CHANGELOG_V17.md)
69  * [16.x](CHANGELOG_V16.md)
70  * [15.x](CHANGELOG_V15.md)
71  * [14.x](CHANGELOG_V14.md)
72  * [13.x](CHANGELOG_V13.md)
73  * [12.x](CHANGELOG_V12.md)
74  * [11.x](CHANGELOG_V11.md)
75  * [10.x](CHANGELOG_V10.md)
76  * [9.x](CHANGELOG_V9.md)
77  * [8.x](CHANGELOG_V8.md)
78  * [7.x](CHANGELOG_V7.md)
79  * [6.x](CHANGELOG_V6.md)
80  * [5.x](CHANGELOG_V5.md)
81  * [4.x](CHANGELOG_V4.md)
82  * [0.12.x](CHANGELOG_V012.md)
83  * [io.js](CHANGELOG_IOJS.md)
84  * [Archive](CHANGELOG_ARCHIVE.md)
85
86_Note_: Node.js v0.10 is covered by the
87[Node.js Long Term Support Plan](https://github.com/nodejs/LTS) and
88will be maintained until October 2016.
89
90<a id="0.10.48"></a>
91
92## 2016-10-18, Version 0.10.48 (Maintenance), @rvagg
93
94This is a security release. All Node.js users should consult the security release summary at <https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/> for details on patched vulnerabilities.
95
96### Notable changes
97
98* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more information at <https://c-ares.haxx.se/adv_20160929.html> (Rod Vagg)
99
100### Commits
101
102* \[[`a14a6a3a11`](https://github.com/nodejs/node/commit/a14a6a3a11)] - deps: c-ares, avoid single-byte buffer overwrite (Rod Vagg) <https://github.com/nodejs/node/pull/9108>
103* \[[`b798f598af`](https://github.com/nodejs/node/commit/b798f598af)] - tls: fix minor jslint failure (Rod Vagg) <https://github.com/nodejs/node/pull/9107>
104* \[[`92b232ba01`](https://github.com/nodejs/node/commit/92b232ba01)] - win,build: try multiple timeservers when signing (Rod Vagg) <https://github.com/nodejs/node/pull/9155>
105
106<a id="0.10.47"></a>
107
108## 2016-09-27, Version 0.10.47 (Maintenance), @rvagg
109
110This is a security release. All Node.js users should consult the security release summary at <https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/> for details on patched vulnerabilities.
111
112### Notable changes:
113
114* buffer: Zero-fill excess bytes in new `Buffer` objects created with `Buffer.concat()` while providing a `totalLength` parameter that exceeds the total length of the original `Buffer` objects being concatenated. (Сковорода Никита Андреевич)
115* http:
116  * CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas)
117  * Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. Lack of proper validation may also serve as a potential response splitting attack vector. Backported from v4.x. (Brian White)
118* openssl: Upgrade to 1.0.1u, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-2183, CVE-2016-2178 and CVE-2016-6306.
119* tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of `*.` in the wildcard string. Originally reported by Alexander Minozhenko and James Bunton (Atlassian) (Ben Noordhuis)
120
121### Commits:
122
123* \[[`fc259c7dc4`](https://github.com/nodejs/node/commit/fc259c7dc4)] - buffer: zero-fill uninitialized bytes in .concat() (Сковорода Никита Андреевич) <https://github.com/nodejs/node-private/pull/67>
124* \[[`35b49ed4bb`](https://github.com/nodejs/node/commit/35b49ed4bb)] - build: turn on -fno-delete-null-pointer-checks (Ben Noordhuis) <https://github.com/nodejs/node/pull/6738>
125* \[[`03f4920d6a`](https://github.com/nodejs/node/commit/03f4920d6a)] - crypto: don't build hardware engines (Rod Vagg) <https://github.com/nodejs/node-private/pull/68>
126* \[[`1cbdb1957d`](https://github.com/nodejs/node/commit/1cbdb1957d)] - deps: add -no\_rand\_screen to openssl s\_client (Shigeki Ohtsu) <https://github.com/nodejs/node-v0.x-archive/pull/25368>
127* \[[`c66408cd0c`](https://github.com/nodejs/node/commit/c66408cd0c)] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) <https://github.com/nodejs/node-v0.x-archive/pull/25654>
128* \[[`68f88ea792`](https://github.com/nodejs/node/commit/68f88ea792)] - deps: separate sha256/sha512-x86\_64.pl for openssl (Shigeki Ohtsu) <https://github.com/nodejs/node-v0.x-archive/pull/25654>
129* \[[`884d50b348`](https://github.com/nodejs/node/commit/884d50b348)] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) <https://github.com/nodejs/node/pull/8718>
130* \[[`bfd6cb5699`](https://github.com/nodejs/node/commit/bfd6cb5699)] - deps: upgrade openssl sources to 1.0.1u (Shigeki Ohtsu) <https://github.com/nodejs/node/pull/8718>
131* \[[`3614a173d0`](https://github.com/nodejs/node/commit/3614a173d0)] - http: check reason chars in writeHead (Evan Lucas) <https://github.com/nodejs/node-private/pull/48>
132* \[[`f2433430ca`](https://github.com/nodejs/node/commit/f2433430ca)] - http: disallow sending obviously invalid status codes (Evan Lucas) <https://github.com/nodejs/node-private/pull/48>
133* \[[`0d7e21ee7b`](https://github.com/nodejs/node/commit/0d7e21ee7b)] - lib: make tls.checkServerIdentity() more strict (Ben Noordhuis) <https://github.com/nodejs/node-private/pull/62>
134* \[[`1f4a6f5bd1`](https://github.com/nodejs/node/commit/1f4a6f5bd1)] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) <https://github.com/nodejs/node-v0.x-archive/pull/25654>
135* \[[`88dcc7f5bb`](https://github.com/nodejs/node/commit/88dcc7f5bb)] - v8: fix -Wsign-compare warning in Zone::New() (Ben Noordhuis) <https://github.com/nodejs/node-private/pull/62>
136* \[[`fd8ac56c75`](https://github.com/nodejs/node/commit/fd8ac56c75)] - v8: fix build errors with g++ 6.1.1 (Ben Noordhuis) <https://github.com/nodejs/node-private/pull/62>
137
138<a id="0.10.46"></a>
139
140## 2016-06-23, Version 0.10.46 (Maintenance), @rvagg
141
142### Notable changes:
143
144This is a security release. All Node.js users should consult the security release summary at <https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/> for details on patched vulnerabilities.
145
146* libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at <https://github.com/libuv/libuv/issues/515> or at <https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/>.
147* V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE at <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669> or at <https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/>.
148
149### Commits:
150
151* \[[`3374f57973`](https://github.com/nodejs/node/commit/3374f57973)] - deps: update libuv to 0.10.37 (Saúl Ibarra Corretgé) <https://github.com/nodejs/node/pull/7293>
152* \[[`fcb9145e29`](https://github.com/nodejs/node/commit/fcb9145e29)] - deps: backport 3a9bfec from v8 upstream (Myles Borins) <https://github.com/nodejs/node-private/pull/43>
153
154<a id="0.10.45"></a>
155
156## 2016-05-06, Version 0.10.45 (Maintenance), @rvagg
157
158### Notable changes:
159
160* npm: Correct erroneous version number in v2.15.1 code (Forrest L Norvell) <https://github.com/nodejs/node/pull/5987>
161* openssl: Upgrade to v1.0.1t, addressing security vulnerabilities (Shigeki Ohtsu) <https://github.com/nodejs/node/pull/6553>
162  * Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
163  * See <https://nodejs.org/en/blog/vulnerability/openssl-may-2016/> for full details
164
165### Commits:
166
167* \[[`3cff81c7d6`](https://github.com/nodejs/node/commit/3cff81c7d6)] - deps: completely upgrade npm in LTS to 2.15.1 (Forrest L Norvell) <https://github.com/nodejs/node/pull/5987>
168* \[[`7c22f19009`](https://github.com/nodejs/node/commit/7c22f19009)] - deps: add -no\_rand\_screen to openssl s\_client (Shigeki Ohtsu) <https://github.com/joyent/node/pull/25368>
169* \[[`5d78366937`](https://github.com/nodejs/node/commit/5d78366937)] - deps: update openssl asm files (Shigeki Ohtsu) <https://github.com/nodejs/node/pull/6553>
170* \[[`2bc2427cb7`](https://github.com/nodejs/node/commit/2bc2427cb7)] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) <https://github.com/joyent/node/pull/25654>
171* \[[`8df4b0914c`](https://github.com/nodejs/node/commit/8df4b0914c)] - deps: separate sha256/sha512-x86\_64.pl for openssl (Shigeki Ohtsu) <https://github.com/joyent/node/pull/25654>
172* \[[`11eefefb17`](https://github.com/nodejs/node/commit/11eefefb17)] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) <https://github.com/nodejs/node/pull/6553>
173* \[[`61ccc27b54`](https://github.com/nodejs/node/commit/61ccc27b54)] - deps: upgrade openssl sources to 1.0.1t (Shigeki Ohtsu) <https://github.com/nodejs/node/pull/6553>
174* \[[`aa02438274`](https://github.com/nodejs/node/commit/aa02438274)] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) <https://github.com/joyent/node/pull/25654>
175
176<a id="0.10.44"></a>
177
178## 2016-03-31, Version 0.10.44 (Maintenance), @rvagg
179
180### Notable changes
181
182* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) <https://github.com/nodejs/node/pull/5967>
183* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (<https://github.com/nodejs/LTS/issues/85>). (Shigeki Ohtsu) <https://github.com/nodejs/node/pull/5712>
184
185### Commits
186
187* \[[`feceb77d7e`](https://github.com/nodejs/node/commit/feceb77d7e)] - deps: upgrade npm in LTS to 2.15.1 (Forrest L Norvell) <https://github.com/nodejs/node/pull/5968>
188* \[[`0847954331`](https://github.com/nodejs/node/commit/0847954331)] - deps: Disable EXPORT and LOW ciphers in openssl (Shigeki Ohtsu) <https://github.com/nodejs/node/pull/5712>
189* \[[`6bb86e727a`](https://github.com/nodejs/node/commit/6bb86e727a)] - test: change tls tests not to use LOW cipher (Shigeki Ohtsu) <https://github.com/nodejs/node/pull/5712>
190* \[[`905bec29ad`](https://github.com/nodejs/node/commit/905bec29ad)] - win,build: support Visual C++ Build Tools 2015 (João Reis) <https://github.com/nodejs/node/pull/5627>
191
192<a id="0.10.43"></a>
193
194## 2016-03-04, Version 0.10.43 (Maintenance), @rvagg
195
196### Notable changes:
197
198* http\_parser: Update to http-parser 1.2 to fix an unintentionally strict limitation of allowable header characters. (James M Snell) <https://github.com/nodejs/node/pull/5242>
199* domains:
200  * Prevent an exit due to an exception being thrown rather than emitting an `'uncaughtException'` event on the `process` object when no error handler is set on the domain within which an error is thrown and an `'uncaughtException'` event listener is set on `process`. (Julien Gilli) <https://github.com/nodejs/node/pull/3887>
201  * Fix an issue where the process would not abort in the proper function call if an error is thrown within a domain with no error handler and `--abort-on-uncaught-exception` is used. (Julien Gilli) <https://github.com/nodejs/node/pull/3887>
202* openssl: Upgrade from 1.0.1r to 1.0.1s (Ben Noordhuis) <https://github.com/nodejs/node/pull/5508>
203  * Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at <https://www.openssl.org/news/vulnerabilities.html#2016-0705>
204  * Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at <https://www.openssl.org/news/vulnerabilities.html#2016-0797>
205  * Fix a defect that makes the CacheBleed Attack (<https://ssrg.nicta.com.au/projects/TS/cachebleed/>) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at <https://www.openssl.org/news/vulnerabilities.html#2016-0702>
206  * Remove SSLv2 support, the `--enable-ssl2` command line argument will now produce an error. The DROWN Attack (<https://drownattack.com/>) creates a vulnerability where SSLv2 is enabled by a server, even if a client connection is not using SSLv2. The SSLv2 protocol is widely considered unacceptably broken and should not be supported. More information is available at <https://www.openssl.org/news/vulnerabilities.html#2016-0800>
207
208### Commits:
209
210* \[[`164157abbb`](https://github.com/nodejs/node/commit/164157abbb)] - build: update Node.js logo on OSX installer (Rod Vagg) <https://github.com/nodejs/node/pull/5401>
211* \[[`f8cb0dcf67`](https://github.com/nodejs/node/commit/f8cb0dcf67)] - crypto,tls: remove SSLv2 support (Ben Noordhuis) <https://github.com/nodejs/node/pull/5529>
212* \[[`42ded2a590`](https://github.com/nodejs/node/commit/42ded2a590)] - deps: upgrade openssl to 1.0.1s (Ben Noordhuis) <https://github.com/nodejs/node/pull/5508>
213* \[[`1e45a6111c`](https://github.com/nodejs/node/commit/1e45a6111c)] - deps: update http-parser to version 1.2 (James M Snell) <https://github.com/nodejs/node/pull/5242>
214* \[[`6db377b2f4`](https://github.com/nodejs/node/commit/6db377b2f4)] - doc: remove SSLv2 descriptions (Shigeki Ohtsu) <https://github.com/nodejs/node/pull/5541>
215* \[[`563c359f5c`](https://github.com/nodejs/node/commit/563c359f5c)] - domains: fix handling of uncaught exceptions (Julien Gilli) <https://github.com/nodejs/node/pull/3887>
216* \[[`e483f3fd26`](https://github.com/nodejs/node/commit/e483f3fd26)] - test: fix hanging http obstext test (Ben Noordhuis) <https://github.com/nodejs/node/pull/5511>
217
218<a id="0.10.42"></a>
219
220## 2016-02-09, Version 0.10.42 (Maintenance), @jasnell
221
222This is an important security release. All Node.js users should consult the security release summary at nodejs.org for details on patched vulnerabilities.
223
224### Notable changes
225
226* http: fix defects in HTTP header parsing for requests and responses that can allow request smuggling (CVE-2016-2086) or response splitting (CVE-2016-2216). HTTP header parsing now aligns more closely with the HTTP spec including restricting the acceptable characters.
227* http-parser: upgrade from 1.0 to 1.1
228* openssl: upgrade from 1.0.1q to 1.0.1r. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits.
229* src:
230  * introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes
231  * allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216`
232* build:
233  * xz compressed tar files will be made available from nodejs.org for v0.10 builds from v0.10.42 onward
234  * A headers.tar.gz file will be made available from nodejs.org for v0.10 builds from v0.10.42 onward, a future change to node-gyp will be required to make use of these
235
236### Commits
237
238* \[[`fdc332183e`](https://github.com/nodejs/node/commit/fdc332183e)] - build: enable xz compressed tarballs where possible (Rod Vagg) <https://github.com/nodejs/node/pull/4894>
239* \[[`2d35b421b5`](https://github.com/nodejs/node/commit/2d35b421b5)] - deps: upgrade openssl sources to 1.0.1r (Shigeki Ohtsu) <https://github.com/joyent/node/pull/25368>
240* \[[`b31c0f3ea4`](https://github.com/nodejs/node/commit/b31c0f3ea4)] - deps: update http-parser to version 1.1 (James M Snell)
241* \[[`616ec1d6b0`](https://github.com/nodejs/node/commit/616ec1d6b0)] - doc: clarify v0.10.41 openssl tls security impact (Rod Vagg) <https://github.com/nodejs/node/pull/4153>
242* \[[`ccb3c2377c`](https://github.com/nodejs/node/commit/ccb3c2377c)] - http: strictly forbid invalid characters from headers (James M Snell)
243* \[[`f0af0d1f96`](https://github.com/nodejs/node/commit/f0af0d1f96)] - src: avoid compiler warning in node\_revert.cc (James M Snell)
244* \[[`df80e856c6`](https://github.com/nodejs/node/commit/df80e856c6)] - src: add --security-revert command line flag (James M Snell)
245* \[[`ff58dcdd74`](https://github.com/nodejs/node/commit/ff58dcdd74)] - tools: backport tools/install.py for headers (Richard Lau) <https://github.com/nodejs/node/pull/4149>
246
247<a id="0.10.41"></a>
248
249## 2015-12-04, Version 0.10.41 (Maintenance), @rvagg
250
251Security Update
252
253### Notable changes
254
255* build: Add support for Microsoft Visual Studio 2015
256* npm: Upgrade to v1.4.29 from v1.4.28. A special one-off release as part of the strategy to get a version of npm into Node.js v0.10.x that works with the current registry (<https://github.com/nodejs/LTS/issues/37>). This version of npm prints out a banner each time it is run. The banner warns that the next standard release of Node.js v0.10.x will ship with a version of npm v2.
257* openssl: Upgrade to 1.0.1q, containing fixes CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers using client certificate authentication; TLS clients are also impacted. Details are available at <http://openssl.org/news/secadv/20151203.txt>. (Ben Noordhuis) <https://github.com/nodejs/node/pull/4133>
258
259### Commits
260
261* \[[`16ca0779f5`](https://github.com/nodejs/node/commit/16ca0779f5)] - src/node.cc: fix build error without OpenSSL support (Jörg Krause) <https://github.com/nodejs/node-v0.x-archive/pull/25862>
262* \[[`c559c7911d`](https://github.com/nodejs/node/commit/c559c7911d)] - build: backport tools/release.sh (Rod Vagg) <https://github.com/nodejs/node/pull/3965>
263* \[[`268d2b4637`](https://github.com/nodejs/node/commit/268d2b4637)] - build: backport config for new CI infrastructure (Rod Vagg) <https://github.com/nodejs/node/pull/3965>
264* \[[`c88a0b26da`](https://github.com/nodejs/node/commit/c88a0b26da)] - build: update manifest to include Windows 10 (Lucien Greathouse) <https://github.com/nodejs/node/pull/2838>
265* \[[`8564a9f5f7`](https://github.com/nodejs/node/commit/8564a9f5f7)] - build: gcc version detection on openSUSE Tumbleweed (Henrique Aparecido Lavezzo) <https://github.com/nodejs/node-v0.x-archive/pull/25671>
266* \[[`9c7bd6de56`](https://github.com/nodejs/node/commit/9c7bd6de56)] - build: run-ci makefile rule (Alexis Campailla) <https://github.com/nodejs/node-v0.x-archive/pull/25686>
267* \[[`ffa1e1f31d`](https://github.com/nodejs/node/commit/ffa1e1f31d)] - build: support flaky tests in test-ci (Alexis Campailla) <https://github.com/nodejs/node-v0.x-archive/pull/25686>
268* \[[`100dd19e61`](https://github.com/nodejs/node/commit/100dd19e61)] - build: support Jenkins via test-ci (Alexis Campailla) <https://github.com/nodejs/node-v0.x-archive/pull/25686>
269* \[[`ec861f6f90`](https://github.com/nodejs/node/commit/ec861f6f90)] - build: make release process easier for multi users (Julien Gilli) <https://github.com/nodejs/node-v0.x-archive/pull/25638>
270* \[[`d7ae79a452`](https://github.com/nodejs/node/commit/d7ae79a452)] - build,win: fix node.exe resource version (João Reis) <https://github.com/nodejs/node/pull/3053>
271* \[[`6ac47aa9f5`](https://github.com/nodejs/node/commit/6ac47aa9f5)] - build,win: try next MSVS version on failure (João Reis) <https://github.com/nodejs/node/pull/2910>
272* \[[`e669b27740`](https://github.com/nodejs/node/commit/e669b27740)] - crypto: replace rwlocks with simple mutexes (Ben Noordhuis) <https://github.com/nodejs/node/pull/2723>
273* \[[`ce0a48826e`](https://github.com/nodejs/node/commit/ce0a48826e)] - deps: upgrade to openssl 1.0.1q (Ben Noordhuis) <https://github.com/nodejs/node/pull/4132>
274* \[[`b68781e500`](https://github.com/nodejs/node/commit/b68781e500)] - deps: upgrade npm to 1.4.29 (Forrest L Norvell) <https://github.com/nodejs/node/pull/3639>
275* \[[`7cf0d9c1d9`](https://github.com/nodejs/node/commit/7cf0d9c1d9)] - deps: fix openssl for MSVS 2015 (Andy Polyakov) <https://github.com/nodejs/node-v0.x-archive/pull/25857>
276* \[[`9ee8a14f9e`](https://github.com/nodejs/node/commit/9ee8a14f9e)] - deps: fix gyp to work on MacOSX without XCode (Shigeki Ohtsu) <https://github.com/nodejs/node-v0.x-archive/pull/25857>
277* \[[`a525c7244e`](https://github.com/nodejs/node/commit/a525c7244e)] - deps: update gyp to 25ed9ac (João Reis) <https://github.com/nodejs/node-v0.x-archive/pull/25857>
278* \[[`6502160294`](https://github.com/nodejs/node/commit/6502160294)] - dns: allow v8 to optimize lookup() (Brian White) <https://github.com/nodejs/node-v0.x-archive/pull/8942>
279* \[[`5d829a63ab`](https://github.com/nodejs/node/commit/5d829a63ab)] - doc: backport README.md (Rod Vagg) <https://github.com/nodejs/node/pull/3965>
280* \[[`62c8948109`](https://github.com/nodejs/node/commit/62c8948109)] - doc: fix Folders as Modules omission of index.json (Elan Shanker) <https://github.com/nodejs/node-v0.x-archive/pull/8868>
281* \[[`572663f303`](https://github.com/nodejs/node/commit/572663f303)] - https: don't overwrite servername option (skenqbx) <https://github.com/nodejs/node-v0.x-archive/pull/9368>
282* \[[`75c84b2439`](https://github.com/nodejs/node/commit/75c84b2439)] - test: add test for https agent servername option (skenqbx) <https://github.com/nodejs/node-v0.x-archive/pull/9368>
283* \[[`841a6dd264`](https://github.com/nodejs/node/commit/841a6dd264)] - test: mark more tests as flaky (Alexis Campailla) <https://github.com/nodejs/node-v0.x-archive/pull/25807>
284* \[[`a7fee30da1`](https://github.com/nodejs/node/commit/a7fee30da1)] - test: mark test-tls-securepair-server as flaky (Alexis Campailla) <https://github.com/nodejs/node-v0.x-archive/pull/25807>
285* \[[`7df57703dd`](https://github.com/nodejs/node/commit/7df57703dd)] - test: mark test-net-error-twice flaky on SmartOS (Julien Gilli) <https://github.com/nodejs/node-v0.x-archive/pull/25760>
286* \[[`e10892cccc`](https://github.com/nodejs/node/commit/e10892cccc)] - test: make test-abort-fatal-error non flaky (Julien Gilli) <https://github.com/nodejs/node-v0.x-archive/pull/25755>
287* \[[`a2f879f197`](https://github.com/nodejs/node/commit/a2f879f197)] - test: mark recently failing tests as flaky (Alexis Campailla) <https://github.com/nodejs/node-v0.x-archive/pull/25686>
288* \[[`e7010bdf92`](https://github.com/nodejs/node/commit/e7010bdf92)] - test: runner should return 0 on flaky tests (Alexis Campailla) <https://github.com/nodejs/node-v0.x-archive/pull/25686>
289* \[[`c283c9bbb3`](https://github.com/nodejs/node/commit/c283c9bbb3)] - test: support writing test output to file (Alexis Campailla) <https://github.com/nodejs/node-v0.x-archive/pull/25686>
290* \[[`eeaed586bb`](https://github.com/nodejs/node/commit/eeaed586bb)] - test: runner support for flaky tests (Alexis Campailla) <https://github.com/nodejs/node-v0.x-archive/pull/25686>
291* \[[`3bb8174b94`](https://github.com/nodejs/node/commit/3bb8174b94)] - test: refactor to use common testcfg (Timothy J Fontaine) <https://github.com/nodejs/node-v0.x-archive/pull/25686>
292* \[[`df59d43586`](https://github.com/nodejs/node/commit/df59d43586)] - tools: pass constant to logger instead of string (Johan Bergström) <https://github.com/nodejs/node-v0.x-archive/pull/25686>
293* \[[`d103d4ed9a`](https://github.com/nodejs/node/commit/d103d4ed9a)] - tools: fix test.py after v8 upgrade (Ben Noordhuis) <https://github.com/nodejs/node-v0.x-archive/pull/25686>
294* \[[`8002192b4e`](https://github.com/nodejs/node/commit/8002192b4e)] - win: manifest node.exe for Windows 8.1 (Alexis Campailla) <https://github.com/nodejs/node/pull/2838>
295* \[[`66ec1dae8f`](https://github.com/nodejs/node/commit/66ec1dae8f)] - win: add MSVS 2015 support (Rod Vagg) <https://github.com/nodejs/node-v0.x-archive/pull/25857>
296* \[[`e192f61514`](https://github.com/nodejs/node/commit/e192f61514)] - win: fix custom actions for WiX older than 3.9 (João Reis) <https://github.com/nodejs/node-v0.x-archive/pull/25569>
297* \[[`16bcd68dc5`](https://github.com/nodejs/node/commit/16bcd68dc5)] - win: fix custom actions on Visual Studio != 2013 (Julien Gilli) <https://github.com/nodejs/node-v0.x-archive/pull/25569>
298* \[[`517986c2f4`](https://github.com/nodejs/node/commit/517986c2f4)] - win: backport bringing back xp/2k3 support (Bert Belder) <https://github.com/nodejs/node-v0.x-archive/pull/25569>
299* \[[`10f251e8dd`](https://github.com/nodejs/node/commit/10f251e8dd)] - win: backport set env before generating projects (Alexis Campailla) <https://github.com/nodejs/node-v0.x-archive/pull/25569>
300
301<a id="0.10.40"></a>
302
303## 2015-07-09, Version 0.10.40 (Maintenance)
304
305### Commits
306
307* \[[`0cf9f27703`](https://github.com/nodejs/node/commit/0cf9f27703)] - **openssl**: upgrade to 1.0.1p [#25654](https://github.com/joyent/node/pull/25654)
308* \[[`5a60e0d904`](https://github.com/nodejs/node/commit/5a60e0d904)] - **V8**: back-port JitCodeEvent patch from upstream (Ben Noordhuis) [#25588](https://github.com/joyent/node/pull/25588)
309* \[[`18d413d299`](https://github.com/nodejs/node/commit/18d413d299)] - **win,msi**: create npm folder in AppData directory (Steven Rockarts) [#8838](https://github.com/joyent/node/pull/8838)
310
311<a id="0.10.39"></a>
312
313## 2015-06-18, Version 0.10.39 (Maintenance)
314
315### Commits
316
317* \[[`456c22f63f`](https://github.com/nodejs/node/commit/456c22f63f)] - **openssl**: upgrade to 1.0.1o (Addressing multiple CVEs) [#25523](https://github.com/joyent/node/pull/25523)
318* \[[`9d19dfbfdb`](https://github.com/nodejs/node/commit/9d19dfbfdb)] - **install**: fix source path for openssl headers (Oguz Bastemur) [#14089](https://github.com/joyent/node/pull/14089)
319* \[[`4028669531`](https://github.com/nodejs/node/commit/4028669531)] - **install**: make sure opensslconf.h is overwritten (Oguz Bastemur) [#14089](https://github.com/joyent/node/pull/14089)
320* \[[`d38e865fce`](https://github.com/nodejs/node/commit/d38e865fce)] - **timers**: fix timeout when added in timer's callback (Julien Gilli) [#17203](https://github.com/joyent/node/pull/17203)
321* \[[`e7c84f82c7`](https://github.com/nodejs/node/commit/e7c84f82c7)] - **windows**: broadcast WM\_SETTINGCHANGE after install (Mathias Küsel) [#25100](https://github.com/joyent/node/pull/25100)
322
323<a id="0.10.38"></a>
324
325## 2015-03-23, Version 0.10.38 (Maintenance)
326
327### Commits
328
329* \[[`3b511a8ccd`](https://github.com/nodejs/node/commit/3b511a8ccd)] - **openssl**: upgrade to 1.0.1m (Addressing multiple CVES)
330
331<a id="0.10.37"></a>
332
333## 2015-03-11, Version 0.10.37 (Maintenance)
334
335### Commits
336
337* \[[`dcff5d565c`](https://github.com/nodejs/node/commit/dcff5d565c)] - uv: update to 0.10.36 (CVE-2015-0278) [#9274](https://github.com/joyent/node/pull/9274)
338* \[[`f2a45caf2e`](https://github.com/nodejs/node/commit/f2a45caf2e)] - domains: fix stack clearing after error handled (Jonas Dohse) [#9364](https://github.com/joyent/node/pull/9364)
339* \[[`d01a900078`](https://github.com/nodejs/node/commit/d01a900078)] - buffer: reword Buffer.concat error message (Chris Dickinson) [#8723](https://github.com/joyent/node/pull/8723)
340* \[[`c8239c08d7`](https://github.com/nodejs/node/commit/c8239c08d7)] - console: allow Object.prototype fields as labels (Julien Gilli) [#9215](https://github.com/joyent/node/pull/9215)
341* \[[`431eb172f9`](https://github.com/nodejs/node/commit/431eb172f9)] - V8: log version in profiler log file (Ben Noordhuis) [#9043](https://github.com/joyent/node/pull/9043)
342* \[[`8bcd0a4c4a`](https://github.com/nodejs/node/commit/8bcd0a4c4a)] - http: fix performance regression for GET requests (Florin-Cristian Gavrila) [#9026](https://github.com/joyent/node/pull/9026)
343
344<a id="0.10.36"></a>
345
346## 2015-01-26, Version 0.10.36 (Stable)
347
348### Commits
349
350* \[[`deef605085`](https://github.com/nodejs/node/commit/deef605085)] - **openssl**: update to 1.0.1l
351* \[[`45f1330425`](https://github.com/nodejs/node/commit/45f1330425)] - **v8**: Fix debugger and strict mode regression (Julien Gilli)
352* \[[`6ebd85e105`](https://github.com/nodejs/node/commit/6ebd85e105)] - **v8**: don't busy loop in cpu profiler thread (Ben Noordhuis) [#8789](https://github.com/joyent/node/pull/8789)
353
354<a id="0.10.35"></a>
355
356## 2014.12.22, Version 0.10.35 (Stable)
357
358* tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson)
359* timers: don't close interval timers when unrefd (Julien Gilli)
360* timers: don't mutate unref list while iterating it (Julien Gilli)
361
362<a id="0.10.34"></a>
363
364## 2014.12.17, Version 0.10.34 (Stable)
365
366<https://github.com/nodejs/node/commit/52795f8fcc2de77cf997e671ea58614e5e425dfe>
367
368* uv: update to v0.10.30
369* zlib: upgrade to v1.2.8
370* child\_process: check execFile args is an array (Sam Roberts)
371* child\_process: check fork args is an array (Sam Roberts)
372* crypto: update root certificates (Ben Noordhuis)
373* domains: fix issues with abort on uncaught (Julien Gilli)
374* timers: Avoid linear scan in \_unrefActive. (Julien Gilli)
375* timers: fix unref() memory leak (Trevor Norris)
376* v8: add api for aborting on uncaught exception (Julien Gilli)
377* debugger: fix when using "use strict" (Julien Gilli)
378
379<a id="0.10.33"></a>
380
381## 2014.10.20, Version 0.10.33 (Stable)
382
383<https://github.com/nodejs/node/commit/8d045a30e95602b443eb259a5021d33feb4df079>
384
385* openssl: Update to 1.0.1j (Addressing multiple CVEs)
386* uv: Update to v0.10.29
387* child\_process: properly support optional args (cjihrig)
388* crypto: Disable autonegotiation for SSLv2/3 by default (Fedor Indutny,
389  Timothy J Fontaine, Alexis Campailla)
390
391  This is a behavior change, by default we will not allow the negotiation to
392  SSLv2 or SSLv3. If you want this behavior, run Node.js with either
393  `--enable-ssl2` or `--enable-ssl3` respectively.
394
395  This does not change the behavior for users specifically requesting
396  `SSLv2_method` or `SSLv3_method`. While this behavior is not advised, it is
397  assumed you know what you're doing since you're specifically asking to use
398  these methods.
399
400<a id="0.10.32"></a>
401
402## 2014.09.16, Version 0.10.32 (Stable)
403
404<https://github.com/nodejs/node/commit/0fe0d121551593c23a565db8397f85f17bb0f00e>
405
406* npm: Update to 1.4.28
407* v8: fix a crash introduced by previous release (Fedor Indutny)
408* configure: add --openssl-no-asm flag (Fedor Indutny)
409* crypto: use domains for any callback-taking method (Chris Dickinson)
410* http: do not send `0\r\n\r\n` in TE HEAD responses (Fedor Indutny)
411* querystring: fix unescape override (Tristan Berger)
412* url: Add support for RFC 3490 separators (Mathias Bynens)
413
414<a id="0.10.31"></a>
415
416## 2014.08.19, Version 0.10.31 (Stable)
417
418<https://github.com/nodejs/node/commit/7fabdc23d843cb705d2d0739e7bbdaaf50aa3292>
419
420* v8: backport CVE-2013-6668
421* openssl: Update to v1.0.1i
422* npm: Update to v1.4.23
423* cluster: disconnect should not be synchronous (Sam Roberts)
424* fs: fix fs.readFileSync fd leak when get RangeError (Jackson Tian)
425* stream: fix Readable.wrap objectMode falsy values (James Halliday)
426* timers: fix timers with non-integer delay hanging. (Julien Gilli)
427
428<a id="0.10.30"></a>
429
430## 2014.07.31, Version 0.10.30 (Stable)
431
432<https://github.com/nodejs/node/commit/bc0ff830aff1e016163d855e86ded5c98b0899e8>
433
434* uv: Upgrade to v0.10.28
435* npm: Upgrade to v1.4.21
436* v8: Interrupts must not mask stack overflow.
437* Revert "stream: start old-mode read in a next tick" (Fedor Indutny)
438* buffer: fix sign overflow in `readUIn32BE` (Fedor Indutny)
439* buffer: improve {read,write}{U}Int\* methods (Nick Apperson)
440* child\_process: handle writeUtf8String error (Fedor Indutny)
441* deps: backport 4ed5fde4f from v8 upstream (Fedor Indutny)
442* deps: cherry-pick eca441b2 from OpenSSL (Fedor Indutny)
443* lib: remove and restructure calls to isNaN() (cjihrig)
444* module: eliminate double `getenv()` (Maciej Małecki)
445* stream2: flush extant data on read of ended stream (Chris Dickinson)
446* streams: remove unused require('assert') (Rod Vagg)
447* timers: backport f8193ab (Julien Gilli)
448* util.h: interface compatibility (Oguz Bastemur)
449* zlib: do not crash on write after close (Fedor Indutny)
450
451<a id="0.10.29"></a>
452
453## 2014.06.05, Version 0.10.29 (Stable)
454
455<https://github.com/nodejs/node/commit/ce82d6b8474bde7ac7df6d425fb88fb1bcba35bc>
456
457* openssl: to 1.0.1h (CVE-2014-0224)
458
459* npm: upgrade to 1.4.14
460
461* utf8: Prevent Node from sending invalid UTF-8 (Felix Geisendörfer)
462  * _NOTE_ this introduces a breaking change, previously you could construct
463    invalid UTF-8 and invoke an error in a client that was expecting valid
464    UTF-8, now unmatched surrogate pairs are replaced with the unknown UTF-8
465    character. To restore the old functionality simply have NODE\_INVALID\_UTF8
466    environment variable set.
467
468* child\_process: do not set args before throwing (Greg Sabia Tucker)
469
470* child\_process: spawn() does not throw TypeError (Greg Sabia Tucker)
471
472* constants: export O\_NONBLOCK (Fedor Indutny)
473
474* crypto: improve memory usage (Alexis Campailla)
475
476* fs: close file if fstat() fails in readFile() (cjihrig)
477
478* lib: name EventEmitter prototype methods (Ben Noordhuis)
479
480* tls: fix performance issue (Alexis Campailla)
481
482<a id="0.10.28"></a>
483
484## 2014.05.01, Version 0.10.28 (Stable)
485
486<https://github.com/nodejs/node/commit/b148cbe09d4657766fdb61575ba985734c2ff0a8>
487
488* npm: upgrade to v1.4.9
489
490<a id="0.10.27"></a>
491
492## 2014.05.01, Version 0.10.27 (Stable)
493
494<https://github.com/nodejs/node/commit/cb7911f78ae96ef7a540df992cc1359ba9636e86>
495
496* npm: upgrade to v1.4.8
497* openssl: upgrade to 1.0.1g
498* uv: update to v0.10.27
499* dns: fix certain txt entries (Fedor Indutny)
500* assert: Ensure reflexivity of deepEqual (Mike Pennisi)
501* child\_process: fix deadlock when sending handles (Fedor Indutny)
502* child\_process: fix sending handle twice (Fedor Indutny)
503* crypto: do not lowercase cipher/hash names (Fedor Indutny)
504* dtrace: workaround linker bug on FreeBSD (Fedor Indutny)
505* http: do not emit EOF non-readable socket (Fedor Indutny)
506* http: invoke createConnection when no agent (Nathan Rajlich)
507* stream: remove useless check (Brian White)
508* timer: don't reschedule timer bucket in a domain (Greg Brail)
509* url: treat \ the same as / (isaacs)
510* util: format as Error if instanceof Error (Rod Vagg)
511
512<a id="0.10.26"></a>
513
514## 2014.02.18, Version 0.10.26 (Stable)
515
516<https://github.com/nodejs/node/commit/cc56c62ed879ad4f93b1fdab3235c43e60f48b7e>
517
518* uv: Upgrade to v0.10.25 (Timothy J Fontaine)
519* npm: upgrade to 1.4.3 (isaacs)
520* v8: support compiling with VS2013 (Fedor Indutny)
521* cares: backport TXT parsing fix (Fedor Indutny)
522* crypto: throw on SignFinal failure (Fedor Indutny)
523* crypto: update root certificates (Ben Noordhuis)
524* debugger: Fix breakpoint not showing after restart (Farid Neshat)
525* fs: make unwatchFile() insensitive to path (iamdoron)
526* net: do not re-emit stream errors (Fedor Indutny)
527* net: make Socket destroy() re-entrance safe (Jun Ma)
528* net: reset `endEmitted` on reconnect (Fedor Indutny)
529* node: do not close stdio implicitly (Fedor Indutny)
530* zlib: avoid assertion in close (Fedor Indutny)
531
532<a id="0.10.25"></a>
533
534## 2014.01.23, Version 0.10.25 (Stable)
535
536<https://github.com/nodejs/node/commit/b0e5f195dfce3e2b99f5091373d49f6616682596>
537
538* uv: Upgrade to v0.10.23
539* npm: Upgrade to v1.3.24
540* v8: Fix enumeration for objects with lots of properties
541* child\_process: fix spawn() optional arguments (Sam Roberts)
542* cluster: report more errors to workers (Fedor Indutny)
543* domains: exit() only affects active domains (Ryan Graham)
544* src: OnFatalError handler must abort() (Timothy J Fontaine)
545* stream: writes may return false but forget to emit drain (Yang Tianyang)
546
547<a id="0.10.24"></a>
548
549## 2013.12.18, Version 0.10.24 (Stable)
550
551<https://github.com/nodejs/node/commit/b7fd6bc899ccb629d790c47aee06aba87e535c41>
552
553* uv: Upgrade to v0.10.21
554* npm: upgrade to 1.3.21
555* v8: backport fix for CVE-2013-{6639|6640}
556* build: unix install node and dep library headers (Timothy J Fontaine)
557* cluster, v8: fix --logfile=%p.log (Ben Noordhuis)
558* module: only cache package main (Wyatt Preul)
559
560<a id="0.10.23"></a>
561
562## 2013.12.12, Version 0.10.23 (Stable)
563
564<https://github.com/nodejs/node/commit/0462bc23564e7e950a70ae4577a840b04db6c7c6>
565
566* uv: Upgrade to v0.10.20 (Timothy J Fontaine)
567* npm: Upgrade to 1.3.17 (isaacs)
568* gyp: update to 78b26f7 (Timothy J Fontaine)
569* build: include postmortem symbols on linux (Timothy J Fontaine)
570* crypto: Make Decipher.\_flush() emit errors. (Kai Groner)
571* dgram: fix abort when getting `fd` of closed dgram (Fedor Indutny)
572* events: do not accept NaN in setMaxListeners (Fedor Indutny)
573* events: avoid calling `once` functions twice (Tim Wood)
574* events: fix TypeError in removeAllListeners (Jeremy Martin)
575* fs: report correct path when EEXIST (Fedor Indutny)
576* process: enforce allowed signals for kill (Sam Roberts)
577* tls: emit 'end' on .receivedShutdown (Fedor Indutny)
578* tls: fix potential data corruption (Fedor Indutny)
579* tls: handle `ssl.start()` errors appropriately (Fedor Indutny)
580* tls: reset NPN callbacks after SNI (Fedor Indutny)
581
582<a id="0.10.22"></a>
583
584## 2013.11.12, Version 0.10.22 (Stable)
585
586<https://github.com/nodejs/node/commit/cbff8f091c22fb1df6b238c7a1b9145db950fa65>
587
588* npm: Upgrade to 1.3.14
589* uv: Upgrade to v0.10.19
590* child\_process: don't assert on stale file descriptor events (Fedor Indutny)
591* darwin: Fix "Not Responding" in Mavericks activity monitor (Fedor Indutny)
592* debugger: Fix bug in sb() with unnamed script (Maxim Bogushevich)
593* repl: do not insert duplicates into completions (Maciej Małecki)
594* src: Fix memory leak on closed handles (Timothy J Fontaine)
595* tls: prevent stalls by using read(0) (Fedor Indutny)
596* v8: use correct timezone information on Solaris (Maciej Małecki)
597
598<a id="0.10.21"></a>
599
600## 2013.10.18, Version 0.10.21 (Stable)
601
602<https://github.com/nodejs/node/commit/e2da042844a830fafb8031f6c477eb4f96195210>
603
604* uv: Upgrade to v0.10.18
605* crypto: clear errors from verify failure (Timothy J Fontaine)
606* dtrace: interpret two byte strings (Dave Pacheco)
607* fs: fix fs.truncate() file content zeroing bug (Ben Noordhuis)
608* http: provide backpressure for pipeline flood (isaacs)
609* tls: fix premature connection termination (Ben Noordhuis)
610
611<a id="0.10.20"></a>
612
613## 2013.09.30, Version 0.10.20 (Stable)
614
615<https://github.com/nodejs/node/commit/d7234c8d50a1af73f60d2d3c0cc7eed17429a481>
616
617* tls: fix sporadic hang and partial reads (Fedor Indutny)
618  * fixes "npm ERR! cb() never called!"
619
620<a id="0.10.19"></a>
621
622## 2013.09.24, Version 0.10.19 (Stable)
623
624<https://github.com/nodejs/node/commit/6b5e6a5a3ec8d994c9aab3b800b9edbf1b287904>
625
626* uv: Upgrade to v0.10.17
627* npm: upgrade to 1.3.11
628* readline: handle input starting with control chars (Eric Schrock)
629* configure: add mips-float-abi (soft, hard) option (Andrei Sedoi)
630* stream: objectMode transforms allow falsey values (isaacs)
631* tls: prevent duplicate values returned from read (Nathan Rajlich)
632* tls: NPN protocols are now local to connections (Fedor Indutny)
633
634<a id="0.10.18"></a>
635
636## 2013.09.04, Version 0.10.18 (Stable)
637
638<https://github.com/nodejs/node/commit/67a1f0c52e0708e2596f3f2134b8386d6112561e>
639
640* uv: Upgrade to v0.10.15
641* stream: Don't crash on unset \_events property (isaacs)
642* stream: Pass 'buffer' encoding with decoded writable chunks (isaacs)
643
644<a id="0.10.17"></a>
645
646## 2013.08.21, Version 0.10.17 (Stable)
647
648<https://github.com/nodejs/node/commit/469a4a5091a677df62be319675056b869c31b35c>
649
650* uv: Upgrade v0.10.14
651* http\_parser: Do not accept PUN/GEM methods as PUT/GET (Chris Dickinson)
652* tls: fix assertion when ssl is destroyed at read (Fedor Indutny)
653* stream: Throw on 'error' if listeners removed (isaacs)
654* dgram: fix assertion on bad send() arguments (Ben Noordhuis)
655* readline: pause stdin before turning off terminal raw mode (Daniel Chatfield)
656
657<a id="0.10.16"></a>
658
659## 2013.08.16, Version 0.10.16 (Stable)
660
661<https://github.com/nodejs/node/commit/50b4c905a4425430ae54db4906f88982309e128d>
662
663* v8: back-port fix for CVE-2013-2882
664* npm: Upgrade to 1.3.8
665* crypto: fix assert() on malformed hex input (Ben Noordhuis)
666* crypto: fix memory leak in randomBytes() error path (Ben Noordhuis)
667* events: fix memory leak, don't leak event names (Ben Noordhuis)
668* http: Handle hex/base64 encodings properly (isaacs)
669* http: improve chunked res.write(buf) performance (Ben Noordhuis)
670* stream: Fix double pipe error emit (Eran Hammer)
671
672<a id="0.10.15"></a>
673
674## 2013.07.25, Version 0.10.15 (Stable)
675
676<https://github.com/nodejs/node/commit/2426d65af860bda7be9f0832a99601cc43c6cf63>
677
678* src: fix process.getuid() return value (Ben Noordhuis)
679
680<a id="0.10.14"></a>
681
682## 2013.07.25, Version 0.10.14 (Stable)
683
684<https://github.com/nodejs/node/commit/fdf57f811f9683a4ec49a74dc7226517e32e6c9d>
685
686* uv: Upgrade to v0.10.13
687* npm: Upgrade to v1.3.5
688* os: Don't report negative times in cpu info (Ben Noordhuis)
689* fs: Handle large UID and GID (Ben Noordhuis)
690* url: Fix edge-case when protocol is non-lowercase (Shuan Wang)
691* doc: Streams API Doc Rewrite (isaacs)
692* node: call MakeDomainCallback in all domain cases (Trevor Norris)
693* crypto: fix memory leak in LoadPKCS12 (Fedor Indutny)
694
695<a id="0.10.13"></a>
696
697## 2013.07.09, Version 0.10.13 (Stable)
698
699<https://github.com/nodejs/node/commit/e32660a984427d46af6a144983cf7b8045b7299c>
700
701* uv: Upgrade to v0.10.12
702* npm: Upgrade to 1.3.2
703* windows: get proper errno (Ben Noordhuis)
704* tls: only wait for finish if we haven't seen it (Timothy J Fontaine)
705* http: Dump response when request is aborted (isaacs)
706* http: use an unref'd timer to fix delay in exit (Peter Rust)
707* zlib: level can be negative (Brian White)
708* zlib: allow zero values for level and strategy (Brian White)
709* buffer: add comment explaining buffer alignment (Ben Noordhuis)
710* string\_bytes: properly detect 64bit (Timothy J Fontaine)
711* src: fix memory leak in UsingDomains() (Ben Noordhuis)
712
713<a id="0.10.12"></a>
714
715## 2013.06.18, Version 0.10.12 (Stable)
716
717<https://github.com/nodejs/node/commit/a088cf4f930d3928c97d239adf950ab43e7794aa>
718
719* npm: Upgrade to 1.2.32
720* readline: make `ctrl + L` clear the screen (Yuan Chuan)
721* v8: add setVariableValue debugger command (Ben Noordhuis)
722* net: Do not destroy socket mid-write (isaacs)
723* v8: fix build for mips32r2 architecture (Andrei Sedoi)
724* configure: fix cross-compilation host\_arch\_cc() (Andrei Sedoi)
725
726<a id="0.10.11"></a>
727
728## 2013.06.13, Version 0.10.11 (Stable)
729
730<https://github.com/nodejs/node/commit/d9d5bc465450ae5d60da32e9ffcf71c2767f1fad>
731
732* uv: upgrade to 0.10.11
733* npm: Upgrade to 1.2.30
734* openssl: add missing configuration pieces for MIPS (Andrei Sedoi)
735* Revert "http: remove bodyHead from 'upgrade' events" (isaacs)
736* v8: fix pointer arithmetic undefined behavior (Trevor Norris)
737* crypto: fix utf8/utf-8 encoding check (Ben Noordhuis)
738* net: Fix busy loop on POLLERR|POLLHUP on older linux kernels (Ben Noordhuis, isaacs)
739
740<a id="0.10.10"></a>
741
742## 2013.06.04, Version 0.10.10 (Stable)
743
744<https://github.com/nodejs/node/commit/25e51c396aa23018603baae2b1d9390f5d9db496>
745
746* uv: Upgrade to 0.10.10
747* npm: Upgrade to 1.2.25
748* url: Properly parse certain oddly formed urls (isaacs)
749* stream: unshift('') is a noop (isaacs)
750
751<a id="0.10.9"></a>
752
753## 2013.05.30, Version 0.10.9 (Stable)
754
755<https://github.com/nodejs/node/commit/878ffdbe6a8eac918ef3a7f13925681c3778060b>
756
757* npm: Upgrade to 1.2.24
758* uv: Upgrade to v0.10.9
759* repl: fix JSON.parse error check (Brian White)
760* tls: proper .destroySoon (Fedor Indutny)
761* tls: invoke write cb only after opposite read end (Fedor Indutny)
762* tls: ignore .shutdown() syscall error (Fedor Indutny)
763
764<a id="0.10.8"></a>
765
766## 2013.05.24, Version 0.10.8 (Stable)
767
768<https://github.com/nodejs/node/commit/30d9e9fdd9d4c33d3d95a129d021cd8b5b91eddb>
769
770* v8: update to 3.14.5.9
771* uv: upgrade to 0.10.8
772* npm: Upgrade to 1.2.23
773* http: remove bodyHead from 'upgrade' events (Nathan Zadoks)
774* http: Return true on empty writes, not false (isaacs)
775* http: save roundtrips, convert buffers to strings (Ben Noordhuis)
776* configure: respect the --dest-os flag consistently (Nathan Rajlich)
777* buffer: throw when writing beyond buffer (Trevor Norris)
778* crypto: Clear error after DiffieHellman key errors (isaacs)
779* string\_bytes: strip padding from base64 strings (Trevor Norris)
780
781<a id="0.10.7"></a>
782
783## 2013.05.17, Version 0.10.7 (Stable)
784
785<https://github.com/nodejs/node/commit/d2fdae197ac542f686ee06835d1153dd43b862e5>
786
787* uv: upgrade to v0.10.7
788* npm: Upgrade to 1.2.21
789* crypto: Don't ignore verify encoding argument (isaacs)
790* buffer, crypto: fix default encoding regression (Ben Noordhuis)
791* timers: fix setInterval() assert (Ben Noordhuis)
792
793<a id="0.10.6"></a>
794
795## 2013.05.14, Version 0.10.6 (Stable)
796
797<https://github.com/nodejs/node/commit/5deb1672f2b5794f8be19498a425ea4dc0b0711f>
798
799* module: Deprecate require.extensions (isaacs)
800* stream: make Readable.wrap support objectMode, empty streams (Daniel Moore)
801* child\_process: fix handle delivery (Ben Noordhuis)
802* crypto: Fix performance regression (isaacs)
803* src: DRY string encoding/decoding (isaacs)
804
805<a id="0.10.5"></a>
806
807## 2013.04.23, Version 0.10.5 (Stable)
808
809<https://github.com/nodejs/node/commit/deeaf8fab978e3cadb364e46fb32dafdebe5f095>
810
811* uv: Upgrade to 0.10.5 (isaacs)
812* build: added support for Visual Studio 2012 (Miroslav Bajtoš)
813* http: Don't try to destroy nonexistent sockets (isaacs)
814* crypto: LazyTransform on properties, not methods (isaacs)
815* assert: put info in err.message, not err.name (Ryan Doenges)
816* dgram: fix no address bind() (Ben Noordhuis)
817* handle\_wrap: fix NULL pointer dereference (Ben Noordhuis)
818* os: fix unlikely buffer overflow in os.type() (Ben Noordhuis)
819* stream: Fix unshift() race conditions (isaacs)
820
821<a id="0.10.4"></a>
822
823## 2013.04.11, Version 0.10.4 (Stable)
824
825<https://github.com/nodejs/node/commit/9712aa9f76073c30850b20a188b1ed12ffb74d17>
826
827* uv: Upgrade to 0.10.4
828* npm: Upgrade to 1.2.18
829* v8: Avoid excessive memory growth in JSON.parse (Fedor Indutny)
830* child\_process, cluster: fix O(n\*m) scan of cmd string (Ben Noordhuis)
831* net: fix socket.bytesWritten Buffers support (Fedor Indutny)
832* buffer: fix offset checks (Łukasz Walukiewicz)
833* stream: call write cb before finish event (isaacs)
834* http: Support write(data, 'hex') (isaacs)
835* crypto: dh secret should be left-padded (Fedor Indutny)
836* process: expose NODE\_MODULE\_VERSION in process.versions (Rod Vagg)
837* crypto: fix constructor call in crypto streams (Andreas Madsen)
838* net: account for encoding in .byteLength (Fedor Indutny)
839* net: fix buffer iteration in bytesWritten (Fedor Indutny)
840* crypto: zero is not an error if writing 0 bytes (Fedor Indutny)
841* tls: Re-enable check of CN-ID in cert verification (Tobias Müllerleile)
842
843<a id="0.10.3"></a>
844
845## 2013.04.03, Version 0.10.3 (Stable)
846
847<https://github.com/nodejs/node/commit/d4982f6f5e4a9a703127489a553b8d782997ea43>
848
849* npm: Upgrade to 1.2.17
850* child\_process: acknowledge sent handles (Fedor Indutny)
851* etw: update prototypes to match dtrace provider (Timothy J Fontaine)
852* dtrace: pass more arguments to probes (Dave Pacheco)
853* build: allow building with dtrace on osx (Dave Pacheco)
854* http: Remove legacy ECONNRESET workaround code (isaacs)
855* http: Ensure socket cleanup on client response end (isaacs)
856* tls: Destroy socket when encrypted side closes (isaacs)
857* repl: isSyntaxError() catches "strict mode" errors (Nathan Rajlich)
858* crypto: Pass options to ctor calls (isaacs)
859* src: tie process.versions.uv to uv\_version\_string() (Ben Noordhuis)
860
861<a id="0.10.2"></a>
862
863## 2013.03.28, Version 0.10.2 (Stable)
864
865<https://github.com/nodejs/node/commit/1e0de9c426e07a260bbec2d2196c2d2db8eb8886>
866
867* npm: Upgrade to 1.2.15
868* uv: Upgrade to 0.10.3
869* tls: handle SSL\_ERROR\_ZERO\_RETURN (Fedor Indutny)
870* tls: handle errors before calling C++ methods (Fedor Indutny)
871* tls: remove harmful unnecessary bounds checking (Marcel Laverdet)
872* crypto: make getCiphers() return non-SSL ciphers (Ben Noordhuis)
873* crypto: check randomBytes() size argument (Ben Noordhuis)
874* timers: do not calculate Timeout.\_when property (Alexey Kupershtokh)
875* timers: fix off-by-one ms error (Alexey Kupershtokh)
876* timers: handle signed int32 overflow in enroll() (Fedor Indutny)
877* stream: Fix stall in Transform under very specific conditions (Gil Pedersen)
878* stream: Handle late 'readable' event listeners (isaacs)
879* stream: Fix early end in Writables on zero-length writes (isaacs)
880* domain: fix domain callback from MakeCallback (Trevor Norris)
881* child\_process: don't emit same handle twice (Ben Noordhuis)
882* child\_process: fix sending utf-8 to child process (Ben Noordhuis)
883
884<a id="0.10.1"></a>
885
886## 2013.03.21, Version 0.10.1 (Stable)
887
888<https://github.com/nodejs/node/commit/c274d1643589bf104122674a8c3fd147527a667d>
889
890* npm: upgrade to 1.2.15
891* crypto: Improve performance of non-stream APIs (Fedor Indutny)
892* tls: always reset this.ssl.error after handling (Fedor Indutny)
893* tls: Prevent mid-stream hangs (Fedor Indutny, isaacs)
894* net: improve arbitrary tcp socket support (Ben Noordhuis)
895* net: handle 'finish' event only after 'connect' (Fedor Indutny)
896* http: Don't hot-path end() for large buffers (isaacs)
897* fs: Missing cb errors are deprecated, not a throw (isaacs)
898* fs: make write/appendFileSync correctly set file mode (Raymond Feng)
899* stream: Return self from readable.wrap (isaacs)
900* stream: Never call decoder.end() multiple times (Gil Pedersen)
901* windows: enable watching signals with process.on('SIGXYZ') (Bert Belder)
902* node: revert removal of MakeCallback (Trevor Norris)
903* node: Unwrap without aborting in handle fd getter (isaacs)
904
905<a id="0.10.0"></a>
906
907## 2013.03.11, Version 0.10.0 (Stable)
908
909<https://github.com/nodejs/node/commit/163ca274230fce536afe76c64676c332693ad7c1>
910
911* npm: Upgrade to 1.2.14
912* core: Append filename properly in dlopen on windows (isaacs)
913* zlib: Manage flush flags appropriately (isaacs)
914* domains: Handle errors thrown in nested error handlers (isaacs)
915* buffer: Strip high bits when converting to ascii (Ben Noordhuis)
916* win/msi: Enable modify and repair (Bert Belder)
917* win/msi: Add feature selection for various node parts (Bert Belder)
918* win/msi: use consistent registry key paths (Bert Belder)
919* child\_process: support sending dgram socket (Andreas Madsen)
920* fs: Raise EISDIR on Windows when calling fs.read/write on a dir (isaacs)
921* unix: fix strict aliasing warnings, macro-ify functions (Ben Noordhuis)
922* unix: honor UV\_THREADPOOL\_SIZE environment var (Ben Noordhuis)
923* win/tty: fix typo in color attributes enumeration (Bert Belder)
924* win/tty: don't touch insert mode or quick edit mode (Bert Belder)
925