winget install --id OpenJS.NodeJS.8About Node.js 8
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
What's new in 8.11.3
Notable Changes - buffer (CVE-2018-7167): Fixes Denial of Service vulnerability where calling Buffer.fill() could hang - http2 - (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup - (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0 Commits - [e1ff7c3cbc] - deps: update to nghttp2 1.32.0 (James M Snell) nodejs-private/node-private#125 - [c5a2748d8f] - doc: buffer.fill() can zero-fill on invalid input (Сковорода Никита Андреевич) nodejs-private/node-private#119 - [354f2d97ff] - http2: fixup http2stream cleanup and other nits (James M Snell) nodejs-private/node-private#123 - [25c5111ca4] - src: avoid hanging on Buffer#fill 0-length input (Сковорода Никита Андреевич) nodejs-private/node-private#119 - [10c5adf19b] - test: add Realloc() shrink after reading stream data test (Anna Henningsen) nodejs-private/node-private#132 - [bc91220ca2] - test: add tls write error regression test (Shigeki Ohtsu) nodejs-private/node-private#131 - [acd11b01c4] - test: add regression test for nghttp2 CVE-2018-1000168 (James M Snell) nodejs-private/node-private#125
Version history
| Version | Updated | Notes |
|---|---|---|
| 8.11.3 | Unknown | Notable Changes - buffer (CVE-2018-7167): Fixes Denial of Service vulnerability where calling Buffer.fill() could hang - http2 - (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation... |
| 8.11.2 | Unknown | Release notes |
| 8.11.0 | Unknown | This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/ for details on patched vulnerabilities. Fixes for the fo... |