FW: OpenSSL upgrade low-severity Node.js security fixes

Tirloni, Giovanni gtirloni at ocadu.ca
Sun Jan 31 11:09:57 UTC 2016

Heads up about backward-incompatible change soon.

> ---------- Forwarded message ----------
> From: Rod Vagg <rvagg at nodesource.com>
> Date: Sun, Jan 31, 2016 at 8:42 AM
> Subject: Re: OpenSSL upgrade low-severity Node.js security fixes
> To: nodejs-sec <nodejs-sec at googlegroups.com>
> Release postponement
> The announced security releases will not go ahead for the 1st of
> February as previously announced. Instead, our new target for release
> will be on or shortly after Tuesday, the 9th of February, 11pm UTC
> (Tuesday, the 9th of February, 3pm Pacific Time).
> The planned fixes include a backward-incompatible change that, under
> normal circumstances, would be deferred until the next major-version
> of Node.js, v6. However, because the fix addresses a security concern
> that exists across all release lines (including our LTS lines: v4,
> v0.12 and v0.10) we require the additional time to further review the
> changes and consider how best to achieve minimal impact to users.
> We apologise for any inconvenience this schedule change may cause.
> Please tune in to nodejs-sec
> (https://groups.google.com/forum/#!topic/nodejs-sec) to be notified of
> any further updates.

More information about the fluid-work mailing list