-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release proposal: v0.12.8 #2806
Conversation
0.12 should also get newer npm than 2.13.4, shouldn't it? |
@zkat will be downstreaming Because of the security patches in |
I think one PR should do and we can do the work on our end to copy it to 0.12, but I guess we'll let you know if we run into trouble! |
Rubber stamp LGTM with a new npm. (Also is changelog-maker not working quite right or?) |
@Fishrock123 I went with |
The release should wait for tonight's libuv release. |
I'm running the npm release now. Expect it soon, barring any surprises. On Fri, Sep 11, 2015 at 5:34 AM Ben Noordhuis [email protected]
|
There we go: #2822 has the latest npm and you can probably just cherry-pick that over onto 0.12. |
the 0.x releases aren't going to happen in a hurry, we have lots of work to do on the build side |
Just noting here that 0.12.7 users are still having troubles caused by old npm version. |
Comment during the LTS meeting this week was that we probably need to set a timeframe for this so we have a date to work toward for the build infra changes required. This week is a write-off for me and heading in to conference season makes it a bit of a mess, perhaps we should aim for 2-3 weeks for now and see how we go. |
Fix the following build error by putting #if guards around the variables: ../src/node.cc: In function 'void node::ParseArgs(int*, const char**, int*, const char***, int*, const char***)': ../src/node.cc:3037:7: error: 'SSL2_ENABLE' was not declared in this scope SSL2_ENABLE = true; ^ ../src/node.cc:3039:7: error: 'SSL3_ENABLE' was not declared in this scope SSL3_ENABLE = true; Fixes: nodejs/node-v0.x-archive#8645 PR-URL: #3825 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Johan Bergström <[email protected]> Reviewed-By: James M Snell <[email protected]>
This is a roll-up release that includes all changes to npm since 2.13.4. PR-URL: #3684 Reviewed-By: Jeremiah Senkpiel <[email protected]> Reviewed-By: James M Snell <[email protected]>
8c2e412
to
dd77ee5
Compare
Preparing for a release, rebased on to v0.12-staging and included the commits on #3642 (waiting for review). CI is fine except on Windows @ https://ci.nodejs.org/job/node-test-binary-windows/60/ where we are getting consistent failures of:
I don't know for sure but I reckon that multicast one is flaky for v0.12, it's the |
Release builds are coming out with consistent |
RC 1 is here: https://nodejs.org/download/rc/v0.12.8-rc.1/ Please help promote this so we can get some testing before going live with 0.12.8. |
@rvagg ... just to confirm... I haven't had time to go through the list to check for myself but does this include any of the recent commits in v0.12-staging? |
nm! heh... helps if I do a search on the comments before asking.. sigh : #2806 (comment) |
Would like to get #3890 included in this if possible. |
test-dgram-multicast-multi-process.js was not known to be flaky in the old infra. @rvagg you are correct about the windows-fanned jobs having broken v0.x for snapshots. In v0.x, |
@rvagg @joaocgreis I believe I fixed the nosnapshot issue in node-compile-windows. A test build is here: https://ci.nodejs.org/job/node-test-commit-windows-fanned/383/ |
CITGM is passing on 15 different modules
All failures also fail on v5
|
As part of the fix for logjam, node was upgraded to a level of openssl which rejects connections to servers that are using keys smaller than 768 bits. It is still possible, however, to create a server that uses a smaller key size and and older client may be able to connect to it. This PR moves us to a secure by default stance on the server side as well, preventing the creation of a server using a dhe key size less than 768. This can be overridden with the command line option which is also added. It is derived from 9b35be5 which was landed in later io.js/node versions but makes the limit 1024. This PR uses the smaller limit in order to meet the recomendations for logjam while matching was was done on the client side in openssl to minimize the potential impacton users. The command line option will only be documented in the release notes and will not be added to the tls documentation. The goal is that people who are upgrading are aware and can use the option if they run into issues, but otherwise the option is not visible/used. PR-URL: #3890 Fixes: nodejs/Release#49 Reviewed-By: Myles Borins <[email protected]> Reviewed-By: James Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]>
I believe everything is in place for release, I've run builds here: https://ci.nodejs.org/job/iojs+release/303/ but will hold off until tomorrow (my time, somewhere around 10 hours from now) to promote unless something comes up in the meantime to justify a delay. This is what I'm proposing to put up along with the release announcement on the website. I'd appreciate critique from anyone that wants to offer some. /cc @nodejs/lts @nodejs/website @nodejs/security v0.12 LTSThis release of v0.12.8 represents the first release of the v0.12 line since it has moved from Stable to LTS (Long-term Support) status. According to the new LTS plan for the Node.js project, v0.12 will continue as LTS until the end of 2015 at which point it will switch to Maintenance and continue as such until the end of 2016 when support will cease. During LTS, changes included in v0.12.x releases will be limited to bug fixes, security updates, npm updates (limited to npm v2 LTS), documentation updates, and certain performance improvements that can be demonstrated to not break existing applications. After moving to Maintenance mode at the end of 2015, only critical bugs, critical security fixes, and documentation updates will be included. The Node.js core team will continue to ensure that v0.12 remains a viable platform for production deployment until the end of 2016. However, users of v0.12 should be working on plan to migrate to at least v4 LTS (Argon) as soon as practical. New build infrastructureThis is the first v0.12 release made with the new build infrastructure operated by the Node.js Foundation. Even though we have done our best to ensure that the build processes and tools are as close as possible to the previous infrastructure, it is possible that some unexpected issues arise from the changes. Please file bug reports on the Node.js GitHub repository if you have trouble upgrading from v0.12.7 to v0.12.8. Security updateShortly after this release, we will be announcing two newly discovered security vulnerabilities. One of these vulnerabilities is labelled high severity and impacts all v0.12 releases. We will therefore be releasing a v0.12.9 next week. However, it is strongly recommended that you upgrade to v0.12.8 this week in order to ensure that the changes to the build processes and tools mentioned above do not create problems for your deployments. This way, you will have greater assurance that v0.12.9 builds, which will contain only changes required to fix the security vulnerability, will work as expected in your production environment. |
Also, we're going with the original LICENSE.md on |
@phillipj this release is not a security update, that'll be next week and it'll be v0.12, v4 and v5 all at once. Today we'll publish a notification of the upcoming patches though. @trevnorris too late for this release, we've already gone through the smoke testing and even builds, best to wait till next full release. v0.12 is still technically LTS so no reason we can't push it out in a few weeks with that change. |
@rvagg Thanks. Didn't care so much until I realized that core is leaking handles via the debugger. So at this point it's technically a bug fix, but nothing serious. |
PR-URL: #3642 Reviewed-By: Johan Bergström <[email protected]> Reviewed-By: Alexis Campailla <[email protected]>
PR-URL: #3642 Reviewed-By: Johan Bergström <[email protected]> Reviewed-By: Alexis Campailla <[email protected]>
PR-URL: #3642 Reviewed-By: Johan Bergström <[email protected]> Reviewed-By: Alexis Campailla <[email protected]>
When MSBuild invokes rc.exe, it passes NODE_TAG unstringified, but passes it correctly to cl.exe. Hence, this workaround was made to apply only to the resource file. Fixes: #2963 PR-URL: #3053 Reviewed-By: Alexis Campailla <[email protected]> Reviewed-By: Johan Bergström <[email protected]>
352aa28
to
d176781
Compare
d176781
to
0cdc54a
Compare
done, files @ http://nodejs.org/download/release/v0.12.8/ announcement @ https://nodejs.org/en/blog/release/v0.12.8/ |
FYI I did not attach the note at the bottom about the security update in the post, we'll save that news for tomorrow instead |
Same issue re release infrastructure as #2805 but we need to get this working ASAP.
2015.11.25, Version 0.12.8 (LTS)
worker.terminate()
+ timeout fns #25735 (Fedor Indutny) tls: do not hang withoutnewSession
handler node-v0.x-archive#25739newSession
handler (Fedor Indutny) tls: do not hang withoutnewSession
handler node-v0.x-archive#25739newSession
handler node-v0.x-archive#25739