Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release proposal: v4.1.2 #3128

Closed
wants to merge 6 commits into from
Closed

Release proposal: v4.1.2 #3128

wants to merge 6 commits into from

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Sep 30, 2015

Aiming for Monday release. This is not the release where we shift to LTS, that'll probably be soon after.

Some important bugfixes still need to be finalised for this release yet.


  • [39b8730e8b] - async_wrap: ensure all objects have internal field (Trevor Norris) #3139
  • [99e66074d7] - async_wrap: update providers and add test (Trevor Norris) #3139
  • [7a58157d4e] - benchmark: update comment in common.js (Minwoo Jung) #2399
  • [9e9bfa4dc0] - build: iojs -> nodejs of release-urlbase (P.S.V.R) #3015
  • [8335ec7191] - build: fix some typos inside the configure script (P.S.V.R) #3016
  • [d6ac547d5d] - build,win: fix node.exe resource version (João Reis) #3053
  • [798dad24f4] - child_process: null channel handle on close (Fedor Indutny) #3041
  • [e5615854ea] - contextify: use CHECK instead of if (Oguz Bastemur) #3125
  • [f055a66a38] - crypto: enable FIPS only when configured with it (Fedor Indutny) #3153
  • [4c8d96bc30] - crypto: add more keylen sanity checks in pbkdf2 (Johann) #3029
  • [4c5940776c] - deps: upgrade libuv to 1.7.5 (Saúl Ibarra Corretgé) #3010
  • [5a9e795577] - deps: upgrade V8 to 4.5.103.35 (Ali Ijaz Sheikh) #3117
  • [925b29f959] - deps: backport f782159 from v8's upstream (Ben Noordhuis) #3130
  • [039f73fa83] - deps: remove and gitignore .bin directory (Ben Noordhuis) #3004
  • [5fbb24812d] - deps: backport c281c15 from V8's upstream (Julien Gilli) #3031
  • [6ee5d0f69f] - dns: add missing exports.BADNAME (Roman Reiss) #3051
  • [f92aee7170] - doc: fix outdated 'try/catch' statement in sync (Minwoo Jung) #3087
  • [c7161f39e8] - doc: add TSC meeting minutes 2015-09-16 (Rod Vagg) #3023
  • [928166c4a8] - doc: copyedit fs.watch() information (Rich Trott) #3097
  • [75d5dcea76] - doc: jenkins-iojs.nodesource.com -> ci.nodejs.org (Michał Gołębiowski) #2886
  • [5c3f50b21d] - doc: rearrange execSync and execFileSync (Laurent Fortin) #2940
  • [4fc33ac11a] - doc: make execFileSync in line with execFile (Laurent Fortin) #2940
  • [a366e84b17] - doc: fix typos in cluster & errors (reggi) #3011
  • [52031e1bf1] - doc: switch LICENSE from closure-linter to eslint (P.S.V.R) #3018
  • [b28f6a53bc] - docs: Clarify assert.doesNotThrow behavior (Fabio Oliveira) #2807
  • [a0b35bfcf3] - i18n: add caller to removal list for bidi in ICU55 (Michael Dawson) #3115
  • [ac2bce0b0c] - path: improve posixSplitPath performance (Evan Lucas) #3034
  • [37cdeafa2f] - smalloc: remove module (Brendan Ashworth) #3099
  • [5ec5d0aa8b] - src: internalize binding function property names (Ben Noordhuis) #3060
  • [c8175fc2af] - src: internalize per-isolate string properties (Ben Noordhuis) #3060
  • [9a593abc47] - src: include signal.h in util.h (Cheng Zhao) #3058
  • [fde0c6f321] - src: fix function and variable names in comments (Sakthipriyan Vairamani) #3039
  • [9faf4c6fcf] - test: load common.js to test for global leaks (Rich Trott) #3095
  • [0858c86374] - test: fix invalid variable name (Sakthipriyan Vairamani) #3150
  • [1167171004] - test: change calls to deprecated util.print() (Rich Trott) #3083
  • [5ada45bf28] - test: replace deprecated util.debug() calls (Rich Trott) #3082
  • [d8ab4e185d] - util: optimize promise introspection (Ben Noordhuis) #3130

silverwind and others added 6 commits September 30, 2015 16:02
This error code export was mistakingly introduced in a 2012 commit which
added more error codes. The correct export.BADNAME was added in
nodejs#3051.

Semver: Major
PR-URL: nodejs#3051
Fixes: nodejs#3050
Reviewed-By: Сковорода Никита Андреевич <[email protected]>
Reviewed-By: Sakthipriyan Vairamani <[email protected]>
common.debug() is just util.debug() and emits a deprecation notice. Per
docs, use console.error() instead.

PR-URL: nodejs#3082
Reviewed-By: Michaël Zasso <[email protected]>
common.print() is just util.print() and as such prints a deprecation
warning. Per docs, update to console.log().

PR-URL: nodejs#3083
Reviewed-By: Michaël Zasso <[email protected]>
Reviewed-By: Brendan Ashworth <[email protected]>
Bye bye, smalloc. I'm not sure why this was still here; it was removed
in 70d1f32 and hasn't worked since. It wasn't packaged in the
binary, either.

Reviewed-By: Michaël Zasso <[email protected]>
Reviewed-By: Sakthipriyan Vairamani <[email protected]>
Reviewed-By: Сковорода Никита Андреевич <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
PR-URL: nodejs#3099
Very minor update in benchmark/common.js
Not exactly a critical change, just continued cleaning
out of old joyent/node PRs that never landed.

Ref: nodejs/node-v0.x-archive#8515
PR-URL: nodejs#2399
Reviewed-By: Sakthipriyan Vairamani <[email protected]>
Reviewed-By: Brendan Ashworth <[email protected]>
Reviewed-By: Michaël Zasso <[email protected]>
@alexlamsl
Copy link

55a1f94e44 ("remove nonexistant exports.ADNAME") is for v5.x?

@rvagg
Copy link
Member Author

rvagg commented Sep 30, 2015

@alexlamsl yes, it's semver-major, even though trivial

These are the commits on master that are not coming over to v4.x:

  • [30b8bb0aab] - (SEMVER-MINOR) src: add process.versions.icu (Evan Lucas) #3102
  • [6192c9892f] - (SEMVER-MAJOR) http: add checkIsHttpToken check for header fields (James M Snell) #2526
  • [5f6579d366] - (SEMVER-MAJOR) buffer: remove raw & raws encoding (Sakthipriyan Vairamani) #2859

@rvagg
Copy link
Member Author

rvagg commented Sep 30, 2015

argh, I see what you were getting at, it's listed above ... @silverwind has mistakenly marked it as PR-URL #3051 but it's actually #3076. I'll remove it from v4.x.

@rvagg
Copy link
Member Author

rvagg commented Sep 30, 2015

ok, force pushed v4.x and this PR to remove the offending commit, thanks for picking that up @alexlamsl!

@saghul
Copy link
Member

saghul commented Sep 30, 2015

Maybe #3010 can be added to the list?

@ofrobots
Copy link
Contributor

@rvagg I would suggest picking up #3117 (V8 4.5.103.35) as well.

@mscdex mscdex added the meta Issues and PRs related to the general management of the project. label Sep 30, 2015
@Fishrock123
Copy link
Contributor

+1 to libuv and v8 if CI is happy.

@rvagg
Copy link
Member Author

rvagg commented Sep 30, 2015

yes to the libuv and v8 updates, just get some lgtm's on those and merge them in to master and it'll happen

@cjihrig
Copy link
Contributor

cjihrig commented Oct 1, 2015

@rvagg I'm going to land the libuv update. I also want to land #2748. I deem that as slightly semver minor. Should I hold off on that one until this release is out?

@rvagg rvagg mentioned this pull request Oct 2, 2015
8 tasks
@rvagg
Copy link
Member Author

rvagg commented Oct 2, 2015

@cjihrig don't let this release stop you from landing semver-minor in master, I'm just going to avoid cherry-picking those for this one. They'll get in to v4.2.0 which will probably be the final semver-major for v4.x

@rvagg
Copy link
Member Author

rvagg commented Oct 2, 2015

FYI I posted a comment here #3000 (comment) about timing of v4.1.2 and v4.2.0 and how LTS and v5 is likely going to play out according to current policies and TSC decisions.

@rvagg
Copy link
Member Author

rvagg commented Oct 3, 2015

Current list of commits in OP is up to date, I think I'm going to stop cherry-picking and this list is near-final minus an embargoed change for #3138 that's still being tested. Will work on Notable Changes list soon.

@rvagg
Copy link
Member Author

rvagg commented Oct 5, 2015

Notable changes

  • libuv: Upgraded from v1.7.4 to v1.7.5, see release notes for details (Saúl Ibarra Corretgé) #3010
    • A better rwlock implementation for all Windows versions
    • Improved AIX support
  • v8:
    • Upgraded from v4.5.103.33 to v4.5.103.35 (Ali Ijaz Sheikh) #3117
    • Backported f782159 from v8's upstream to help speed up Promise introspection (Ben Noordhuis) #3130
    • Backported c281c15 from v8's upstream to add JSTypedArray length in post-mortem metadata (Julien Gilli) #3031

Part of the Notable Changes section going out shortly for 4.1.2

indutny added a commit that referenced this pull request Oct 5, 2015
indutny added a commit that referenced this pull request Oct 5, 2015
Changes to `stream_base.cc` are required to support empty writes.
Fixes CVE-2015-7384, #3138

Fix: #2639
PR-URL: #3128
indutny added a commit that referenced this pull request Oct 5, 2015
Account pending response data to decide whether pause the socket or
not. Writable stream state is a not reliable measure, because it just
says how much data is pending on a **current** request, thus not helping
much with problem we are trying to solve here.

PR-URL: #3128
indutny added a commit that referenced this pull request Oct 5, 2015
Decrement `vcount` in `DoTryWrite` even if some of the buffers are
empty.

PR-URL: #3128
rvagg added a commit that referenced this pull request Oct 5, 2015
Notable changes

* http:
  - Fix out-of-order 'finish' event bug in pipelining that can abort
    execution, fixes DoS vulnerability CVE-2015-7384
    (Fedor Indutny) #3128
  - Account for pending response data instead of just the data on the
    current request to decide whether pause the socket or not
    (Fedor Indutny) #3128
* libuv: Upgraded from v1.7.4 to v1.7.5, see release notes for details
  (Saúl Ibarra Corretgé) #3010
  - A better rwlock implementation for all Windows versions
  - Improved AIX support
* v8:
  - Upgraded from v4.5.103.33 to v4.5.103.35 (Ali Ijaz Sheikh) #3117
  - Backported f782159 from v8's upstream to help speed up Promise
    introspection (Ben Noordhuis) #3130
  - Backported c281c15 from v8's upstream to add JSTypedArray length
    in post-mortem metadata (Julien Gilli) #3031

PR-URL: #3128
indutny added a commit that referenced this pull request Oct 5, 2015
@rvagg
Copy link
Member Author

rvagg commented Oct 5, 2015

v4.1.2 released, even ARMv6 binaries are available now without the usual delay.

@rvagg rvagg closed this Oct 5, 2015
@rvagg rvagg deleted the v4.1.2-proposal branch October 5, 2015 21:38
pesho added a commit to pesho/docker-official-images that referenced this pull request Oct 5, 2015
rvagg pushed a commit to rvagg/io.js that referenced this pull request Oct 21, 2015
Changes to `stream_base.cc` are required to support empty writes.
Fixes CVE-2015-7384, nodejs#3138

Fix: nodejs#2639
PR-URL: nodejs#3128
rvagg pushed a commit to rvagg/io.js that referenced this pull request Oct 21, 2015
Account pending response data to decide whether pause the socket or
not. Writable stream state is a not reliable measure, because it just
says how much data is pending on a **current** request, thus not helping
much with problem we are trying to solve here.

PR-URL: nodejs#3128
rvagg pushed a commit to rvagg/io.js that referenced this pull request Oct 21, 2015
Decrement `vcount` in `DoTryWrite` even if some of the buffers are
empty.

PR-URL: nodejs#3128
rvagg added a commit to rvagg/io.js that referenced this pull request Oct 21, 2015
Notable changes

* http:
  - Fix out-of-order 'finish' event bug in pipelining that can abort
    execution, fixes DoS vulnerability CVE-2015-7384
    (Fedor Indutny) nodejs#3128
  - Account for pending response data instead of just the data on the
    current request to decide whether pause the socket or not
    (Fedor Indutny) nodejs#3128
rvagg added a commit that referenced this pull request Oct 28, 2015
Notable changes

* http:
  - Fix out-of-order 'finish' event bug in pipelining that can abort
    execution, fixes DoS vulnerability CVE-2015-7384
    (Fedor Indutny) #3128
  - Account for pending response data instead of just the data on the
    current request to decide whether pause the socket or not
    (Fedor Indutny) #3128
RichardScothern pushed a commit to RichardScothern/official-images that referenced this pull request Jun 14, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
meta Issues and PRs related to the general management of the project.
Projects
None yet
Development

Successfully merging this pull request may close these issues.