2020-09-15, Version 14.11.0 (Current)

This is a security release. Notable changes: Vulnerabilities fixed: - CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests (Critical). - CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High). PR-URL: nodejs-private/node-private#225
nodejs · Sep 15, 2020 · d844fa0 · d844fa0
1 parent 753f3b2
commit d844fa0
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -31,7 +31,8 @@ release.
 </tr>
 <tr>
     <td valign="top">
-<b><a href="doc/changelogs/CHANGELOG_V14.md#14.10.1">14.10.1</a></b><br/>
+<b><a href="doc/changelogs/CHANGELOG_V14.md#14.11.0">14.11.0</a></b><br/>
+<a href="doc/changelogs/CHANGELOG_V14.md#14.10.1">14.10.1</a><br/>
 <a href="doc/changelogs/CHANGELOG_V14.md#14.10.0">14.10.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V14.md#14.9.0">14.9.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V14.md#14.8.0">14.8.0</a><br/>

diff --git a/doc/api/http.md b/doc/api/http.md
@@ -1258,7 +1258,7 @@ Limits maximum incoming headers count. If set to 0, no limit will be applied.
 
 ### `server.requestTimeout`
 <!-- YAML
-added: REPLACEME
+added: v14.11.0
 -->
 
 * {number} **Default:** `0`

diff --git a/doc/api/https.md b/doc/api/https.md
@@ -115,7 +115,7 @@ See [`http.Server#maxHeadersCount`][].
 
 ### `server.requestTimeout`
 <!-- YAML
-added: REPLACEME
+added: v14.11.0
 -->
 
 * {number} **Default:** `0`

diff --git a/doc/changelogs/CHANGELOG_V14.md b/doc/changelogs/CHANGELOG_V14.md
@@ -10,6 +10,7 @@
 </tr>
 <tr>
 <td>
+<a href="#14.11.0">14.11.0</a><br/>
 <a href="#14.10.1">14.10.1</a><br/>
 <a href="#14.10.0">14.10.0</a><br/>
 <a href="#14.9.0">14.9.0</a><br/>
@@ -42,6 +43,23 @@
   * [io.js](CHANGELOG_IOJS.md)
   * [Archive](CHANGELOG_ARCHIVE.md)
 
+<a id="14.11.0"></a>
+## 2020-09-15, Version 14.11.0 (Current), @richardlau
+
+### Notable Changes
+
+This is a security release.
+
+Vulnerabilities fixed:
+
+* **CVE-2020-8251**: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests (Critical).
+* **CVE-2020-8201**: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
+
+### Commits
+
+* [[`dd828376a0`](https://github.com/nodejs/node/commit/dd828376a0)] - **deps**: update llhttp to 2.1.2 (Fedor Indutny) [nodejs-private/node-private#215](https://github.com/nodejs-private/node-private/pull/215)
+* [[`753f3b247a`](https://github.com/nodejs/node/commit/753f3b247a)] - **http**: add requestTimeout (Matteo Collina, Paolo Insogna, Robert Nagy) [nodejs-private/node-private#208](https://github.com/nodejs-private/node-private/pull/208)
+
 <a id="14.10.1"></a>
 ## 2020-09-10, Version 14.10.1 (Current), @richardlau
 

diff --git a/src/node_version.h b/src/node_version.h
@@ -23,13 +23,13 @@
 #define SRC_NODE_VERSION_H_
 
 #define NODE_MAJOR_VERSION 14
-#define NODE_MINOR_VERSION 10
-#define NODE_PATCH_VERSION 2
+#define NODE_MINOR_VERSION 11
+#define NODE_PATCH_VERSION 0
 
 #define NODE_VERSION_IS_LTS 0
 #define NODE_VERSION_LTS_CODENAME ""
 
-#define NODE_VERSION_IS_RELEASE 0
+#define NODE_VERSION_IS_RELEASE 1
 
 #ifndef NODE_STRINGIFY
 #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n)