Node.js update fixes information disclosure vulnerability
All versions of the 0.5.x and 0.6.x branches up to and including 0.6.16 are affected; versions 0.7.0 to 0.7.7 of the 0.7.x unstable development branch are also vulnerable. Upgrading to 0.6.17 or 0.7.8 fixes the problem. Alternatively, those who cannot or choose not to upgrade can apply a fix. The developers note that the 0.6.17 update also fixes some other important bugs such as a file descriptor leak in sync functions.
Further information about this update can be found in the announcement blog post and in the change log. Node.js 0.6.17 is available to download for Windows, Mac OS X or as source from the project's web site; documentation is provided. Source code for Node.js is published under an MIT licence.
- The H Speed Guide to Node.js, a feature from The H.