From 3233cd26d4fbebb3a324a561ee9aabb182885d77 Mon Sep 17 00:00:00 2001
From: Michael Dawson <michael_dawson@ca.ibm.com>
Date: Mon, 4 Dec 2017 14:28:28 -0500
Subject: [PATCH 1/6] sec: upcoming security announcement

---
 .../december-2017-security-releases.md        | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 locale/en/blog/vulnerability/december-2017-security-releases.md

diff --git a/locale/en/blog/vulnerability/december-2017-security-releases.md b/locale/en/blog/vulnerability/december-2017-security-releases.md
new file mode 100644
index 0000000000000..109eb348b557a
--- /dev/null
+++ b/locale/en/blog/vulnerability/december-2017-security-releases.md
@@ -0,0 +1,33 @@
+---
+date: 2017-12-04T19:30:00.617Z
+category: vulnerability
+title: Data Confidentiality/Integrity Vulnerability, September 2017
+slug: december-2017-security-releases
+layout: blog-post.hbs
+author: Michael Dawson
+---
+
+# Summary
+The Node.js project will be releasing new versions of 4.x, 6.x, 8.x and 9.x as soon as possible after the OpenSSL release, on or soon after December 8th UTC, to incorporate a security fix.
+
+# Data Confidentiality/Integrity Vulnerability
+
+All versions of 4.x, 6.x, 8.x and 9.x are vulnerable to an issue to be fixed in the forthcoming OpenSSL-1.0.2n released on Dec 7 see https://mta.openssl.org/pipermail/openssl-announce/2017-December/000108.html for more details. The severity of this vulnerability of Node.js is HIGH (due to the way Node.js uses the OpenSSL APIs) and users of the affected versions should plan to upgrade when a fix is made available.
+
+# Impact
+
+Versions 4.0 and later of Node.js are vulnerable
+Versions 6.0 and later of Node.js are vulnerable
+Versions 8.0 and later of Node.js are vulnerable
+Versions 9.0 and later of Node.js are vulnerable
+
+# Release timing
+Releases will be available as soon as possible after the OpenSSL release, along with disclosure of the details for the vulnerability in order to allow for complete impact assessment by users.
+
+# Contact and future updates
+
+The current Node.js security policy can be found at https://nodejs.org/en/security/.
+
+Please contact security@nodejs.org if you wish to report a vulnerability in Node.js.
+
+Subscribe to the low-volume announcement-only nodejs-sec mailing list at https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the [nodejs GitHub organisation](https://github.com/nodejs/).

From 4d1d1976484bf803e765c481fc0a7e5968ca0b88 Mon Sep 17 00:00:00 2001
From: Michael Dawson <michael_dawson@ca.ibm.com>
Date: Mon, 4 Dec 2017 14:37:47 -0500
Subject: [PATCH 2/6] squash: fix up formatting

---
 .../blog/vulnerability/december-2017-security-releases.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/locale/en/blog/vulnerability/december-2017-security-releases.md b/locale/en/blog/vulnerability/december-2017-security-releases.md
index 109eb348b557a..07024ae13d58b 100644
--- a/locale/en/blog/vulnerability/december-2017-security-releases.md
+++ b/locale/en/blog/vulnerability/december-2017-security-releases.md
@@ -16,10 +16,10 @@ All versions of 4.x, 6.x, 8.x and 9.x are vulnerable to an issue to be fixed in
 
 # Impact
 
-Versions 4.0 and later of Node.js are vulnerable
-Versions 6.0 and later of Node.js are vulnerable
-Versions 8.0 and later of Node.js are vulnerable
-Versions 9.0 and later of Node.js are vulnerable
+* Versions 4.0 and later of Node.js are vulnerable
+* Versions 6.0 and later of Node.js are vulnerable
+* Versions 8.0 and later of Node.js are vulnerable
+* Versions 9.0 and later of Node.js are vulnerable
 
 # Release timing
 Releases will be available as soon as possible after the OpenSSL release, along with disclosure of the details for the vulnerability in order to allow for complete impact assessment by users.

From 09a9eb037b7894b7ad7929bf6d3b81df5d490cc3 Mon Sep 17 00:00:00 2001
From: Michael Dawson <michael_dawson@ca.ibm.com>
Date: Mon, 4 Dec 2017 14:57:06 -0500
Subject: [PATCH 3/6] squash: address comments

---
 locale/en/blog/vulnerability/december-2017-security-releases.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/locale/en/blog/vulnerability/december-2017-security-releases.md b/locale/en/blog/vulnerability/december-2017-security-releases.md
index 07024ae13d58b..3f3e1cbb3ae6e 100644
--- a/locale/en/blog/vulnerability/december-2017-security-releases.md
+++ b/locale/en/blog/vulnerability/december-2017-security-releases.md
@@ -1,7 +1,7 @@
 ---
 date: 2017-12-04T19:30:00.617Z
 category: vulnerability
-title: Data Confidentiality/Integrity Vulnerability, September 2017
+title: Data Confidentiality/Integrity Vulnerability, December 2017
 slug: december-2017-security-releases
 layout: blog-post.hbs
 author: Michael Dawson

From 33f3d75ba1455d835ebe14928b885dd1145cbe98 Mon Sep 17 00:00:00 2001
From: Michael Dawson <michael_dawson@ca.ibm.com>
Date: Mon, 4 Dec 2017 15:38:48 -0500
Subject: [PATCH 4/6] squash: address comments

---
 build.js                                                        | 2 +-
 locale/en/blog/vulnerability/december-2017-security-releases.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.js b/build.js
index 21fba0bc6c242..2447d85e8ffc1 100755
--- a/build.js
+++ b/build.js
@@ -270,7 +270,7 @@ function getSource (callback) {
         },
         banner: {
           visible: true,
-          content: 'Important <a href="https://nodejs.org/en/blog/vulnerability/oct-2017-dos/">security releases</a>, please update now!'
+          content: 'Important <a href="https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/">Upcoming security releases</a>, please review'
         }
       }
     }
diff --git a/locale/en/blog/vulnerability/december-2017-security-releases.md b/locale/en/blog/vulnerability/december-2017-security-releases.md
index 3f3e1cbb3ae6e..27bbbb54ed80a 100644
--- a/locale/en/blog/vulnerability/december-2017-security-releases.md
+++ b/locale/en/blog/vulnerability/december-2017-security-releases.md
@@ -12,7 +12,7 @@ The Node.js project will be releasing new versions of 4.x, 6.x, 8.x and 9.x as s
 
 # Data Confidentiality/Integrity Vulnerability
 
-All versions of 4.x, 6.x, 8.x and 9.x are vulnerable to an issue to be fixed in the forthcoming OpenSSL-1.0.2n released on Dec 7 see https://mta.openssl.org/pipermail/openssl-announce/2017-December/000108.html for more details. The severity of this vulnerability of Node.js is HIGH (due to the way Node.js uses the OpenSSL APIs) and users of the affected versions should plan to upgrade when a fix is made available.
+All versions of 4.x, 6.x, 8.x and 9.x are vulnerable to an issue to be fixed in the forthcoming OpenSSL-1.0.2n released on Dec 7, see https://mta.openssl.org/pipermail/openssl-announce/2017-December/000108.html for more details. The severity of this vulnerability of Node.js is HIGH (due to the way Node.js uses the OpenSSL APIs) and users of the affected versions should plan to upgrade when a fix is made available.
 
 # Impact
 

From 728c0529a6e1f7433f2ee80f7b8f38be11183b0f Mon Sep 17 00:00:00 2001
From: Michael Dawson <michael_dawson@ca.ibm.com>
Date: Mon, 4 Dec 2017 15:41:24 -0500
Subject: [PATCH 5/6] squash: fix capitalization

---
 build.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.js b/build.js
index 2447d85e8ffc1..d306748f7f1ab 100755
--- a/build.js
+++ b/build.js
@@ -270,7 +270,7 @@ function getSource (callback) {
         },
         banner: {
           visible: true,
-          content: 'Important <a href="https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/">Upcoming security releases</a>, please review'
+          content: 'Important <a href="https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/">upcoming security releases</a>, please review'
         }
       }
     }

From af0be36b83ef87a8acd0a38fb36ac888bffccf09 Mon Sep 17 00:00:00 2001
From: Rich Trott <rtrott@gmail.com>
Date: Mon, 4 Dec 2017 13:49:41 -0800
Subject: [PATCH 6/6] nit fixes

---
 locale/en/blog/vulnerability/december-2017-security-releases.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/locale/en/blog/vulnerability/december-2017-security-releases.md b/locale/en/blog/vulnerability/december-2017-security-releases.md
index 27bbbb54ed80a..18ec392a59021 100644
--- a/locale/en/blog/vulnerability/december-2017-security-releases.md
+++ b/locale/en/blog/vulnerability/december-2017-security-releases.md
@@ -12,7 +12,7 @@ The Node.js project will be releasing new versions of 4.x, 6.x, 8.x and 9.x as s
 
 # Data Confidentiality/Integrity Vulnerability
 
-All versions of 4.x, 6.x, 8.x and 9.x are vulnerable to an issue to be fixed in the forthcoming OpenSSL-1.0.2n released on Dec 7, see https://mta.openssl.org/pipermail/openssl-announce/2017-December/000108.html for more details. The severity of this vulnerability of Node.js is HIGH (due to the way Node.js uses the OpenSSL APIs) and users of the affected versions should plan to upgrade when a fix is made available.
+All versions of Node.js 4.x, 6.x, 8.x and 9.x are vulnerable to an issue to be fixed in the forthcoming OpenSSL-1.0.2n released on Dec 7 (see https://mta.openssl.org/pipermail/openssl-announce/2017-December/000108.html for more details). The severity of this vulnerability in Node.js is HIGH (due to the way Node.js uses the OpenSSL APIs) and users of the affected versions should plan to upgrade when a fix is made available.
 
 # Impact