io.js 1.6.4 发布,此版本值得关注的更新如下: npm: upgrade npm to 2.7.5. See npm CHANGELOG.md for details. Includes two important security fixes. Summary: 300834etar@2.0.0: Normalize symbolic links that point to targets outside the extraction root. This prevents packages containing symbolic links from overwriting targets outside the expected paths for a package. Thanks to Tim Cuthbertson and the team at Lift Security for working with the npm team to identify this issue. (@othiym23) 0dc6875semver@4.3.2: Package versions can be no more than 256 characters long. This prevents a situation in which parsing the version number can use exponentially more time and memory to parse, leading to a potential denial of service. Thanks to Adam Baldwin at Lift Security for bringing this to our attention. (@isaacs) eab6184#7766 One last tweak to ensure that GitHub shortcuts work with private repositories. (@iarna) a840a13#7746 Only fix up git URL paths when there are paths to fix up. (@othiym23) openssl: preliminary work has been done for an upcoming upgrade to OpenSSL 1.0.2a #1325 (Shigeki Ohtsu). See #589 for additional details. timers: a minor memory leak when timers are unreferenced was fixed, alongside some related timers issues #1330 (Fedor Indutny). This appears to have fixed the remaining leak reported in #1075. android: it is now possible to compile io.js for Android and related devices #1307 (Giovanny Andres Gongora Granada). 详细更新内容请看更新日志。 此版本现已提供下载:https://github.com/iojs/io.js/releases/tag/v1.6.4 IO.js 是为 V8 引擎编写的基于事件 IO 的实现。 构建要求: * `gcc` and `g++` 4.8 or newer, or * `clang` and `clang++` 3.3 or newer * Python 2.6 or 2.7 * GNU Make 3.81 or newer * libexecinfo (FreeBSD and OpenBSD only) IO.js 1.6.4 发布,服务器 JS 引擎下载地址
