Posts about Security

Late last week, there were new releases for both Node.js and io.js that addressed a recent critical security concern. A bug in the V8 JavaScript engine was found that could cause a denial of service attack. Vendors with add-ons running Node.js or io.js in production may want to upgrade your servers.

A few weeks ago, a "vulnerability" was discovered in a new security feature that shipped in Git 2.2.0: signed pushes. No need to panic though! It is vanishingly unlikely that anyone would be able to successfully exploit this particular problem. In fact, the issue was quietly fixed a few days ago in the 2.3.7 point release.