-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: deprecate implicitly shortened GCM tags #52345
Conversation
Review requested:
|
The
notable-change
Please suggest a text for the release notes if you'd like to include a more detailed summary, then proceed to update the PR description with the text or a link to the notable change suggested text comment. Otherwise, the commit will be placed in the Other Notable Changes section. |
This introduces a doc-only deprecation of using GCM authentication tags that are shorter than the cipher's block size, unless the user specified the authTagLength option. Refs: nodejs#52327
d14d6ae
to
64e805b
Compare
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
Would be good to have eyes on this from @bnoordhuis and/or @nodejs/tsc since this has the potential to break applications that do use this API correctly while providing better security margins for applications that don't. I don't think we need to rush this to end-of-life status. Once we make this a runtime deprecation, we can probably better estimate the impact. |
Landed in 8f61b65 |
This introduces a runtime deprecation for using GCM authentication tags that are shorter than the cipher's block size, unless the user specified the authTagLength option. This behavior has been doc-only deprecated since 8f61b65. Refs: nodejs#52327 Refs: nodejs#52345
This introduces a runtime deprecation for using GCM authentication tags that are shorter than the cipher's block size, unless the user specified the authTagLength option. This behavior has been doc-only deprecated since 8f61b65. Refs: nodejs#52327 Refs: nodejs#52345
This introduces a runtime deprecation for using GCM authentication tags that are shorter than the cipher's block size, unless the user specified the authTagLength option. This behavior has been doc-only deprecated since 8f61b65. Refs: #52327 Refs: #52345 PR-URL: #52552 Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Filip Skokan <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]>
This introduces a runtime deprecation for using GCM authentication tags that are shorter than the cipher's block size, unless the user specified the authTagLength option. This behavior has been doc-only deprecated since 8f61b65. Refs: #52327 Refs: #52345 PR-URL: #52552 Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Filip Skokan <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]>
This introduces a doc-only deprecation of using GCM authentication tags that are shorter than the cipher's block size, unless the user specified the authTagLength option. Refs: #52327 PR-URL: #52345 Reviewed-By: Filip Skokan <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: James M Snell <[email protected]>
Notable changes: benchmark: * add AbortSignal.abort benchmarks (Raz Luvaton) #52408 buffer: * improve `base64` and `base64url` performance (Yagiz Nizipli) #52428 crypto: * deprecate implicitly shortened GCM tags (Tobias Nießen) #52345 deps: * (SEMVER-MINOR) update simdutf to 5.0.0 (Daniel Lemire) #52138 * (SEMVER-MINOR) update undici to 6.3.0 (Node.js GitHub Bot) #51462 * (SEMVER-MINOR) update undici to 6.2.1 (Node.js GitHub Bot) #51278 dns: * (SEMVER-MINOR) add order option and support ipv6first (Paolo Insogna) #52492 doc: * update release gpg keyserver (marco-ippolito) #52257 * add release key for marco-ippolito (marco-ippolito) #52257 * add UlisesGascon as a collaborator (Ulises Gascón) #51991 * (SEMVER-MINOR) deprecate fs.Stats public constructor (Marco Ippolito) #51879 events,doc: * mark CustomEvent as stable (Daeyeon Jeong) #52618 fs: * add stacktrace to fs/promises (翠 / green) #49849 lib, url: * (SEMVER-MINOR) add a `windows` option to path parsing (Aviv Keller) #52509 net: * (SEMVER-MINOR) add CLI option for autoSelectFamilyAttemptTimeout (Paolo Insogna) #52474 report: * (SEMVER-MINOR) add `--report-exclude-network` option (Ethan Arrowood) #51645 src: * (SEMVER-MINOR) add `string_view` overload to snapshot FromBlob (Anna Henningsen) #52595 * (SEMVER-MINOR) add C++ ProcessEmitWarningSync() (Joyee Cheung) #51977 * (SEMVER-MINOR) add uv_get_available_memory to report and process (theanarkh) #52023 * (SEMVER-MINOR) preload function for Environment (Cheng Zhao) #51539 stream: * (SEMVER-MINOR) support typed arrays (IlyasShabi) #51866 test_runner: * (SEMVER-MINOR) add suite() (Colin Ihrig) #52127 * (SEMVER-MINOR) support forced exit (Colin Ihrig) #52038 * (SEMVER-MINOR) add `test:complete` event to reflect execution order (Moshe Atlow) #51909 util: * (SEMVER-MINOR) support array of formats in util.styleText (Marco Ippolito) #52040 v8: * (SEMVER-MINOR) implement v8.queryObjects() for memory leak regression testing (Joyee Cheung) #51927 watch: * mark as stable (Moshe Atlow) #52074 PR-URL: TODO
Notable changes: benchmark: * add AbortSignal.abort benchmarks (Raz Luvaton) #52408 buffer: * improve `base64` and `base64url` performance (Yagiz Nizipli) #52428 crypto: * deprecate implicitly shortened GCM tags (Tobias Nießen) #52345 deps: * (SEMVER-MINOR) update simdutf to 5.0.0 (Daniel Lemire) #52138 * (SEMVER-MINOR) update undici to 6.3.0 (Node.js GitHub Bot) #51462 * (SEMVER-MINOR) update undici to 6.2.1 (Node.js GitHub Bot) #51278 dns: * (SEMVER-MINOR) add order option and support ipv6first (Paolo Insogna) #52492 doc: * update release gpg keyserver (marco-ippolito) #52257 * add release key for marco-ippolito (marco-ippolito) #52257 * add UlisesGascon as a collaborator (Ulises Gascón) #51991 * (SEMVER-MINOR) deprecate fs.Stats public constructor (Marco Ippolito) #51879 events,doc: * mark CustomEvent as stable (Daeyeon Jeong) #52618 fs: * add stacktrace to fs/promises (翠 / green) #49849 lib, url: * (SEMVER-MINOR) add a `windows` option to path parsing (Aviv Keller) #52509 net: * (SEMVER-MINOR) add CLI option for autoSelectFamilyAttemptTimeout (Paolo Insogna) #52474 report: * (SEMVER-MINOR) add `--report-exclude-network` option (Ethan Arrowood) #51645 src: * (SEMVER-MINOR) add `string_view` overload to snapshot FromBlob (Anna Henningsen) #52595 * (SEMVER-MINOR) add C++ ProcessEmitWarningSync() (Joyee Cheung) #51977 * (SEMVER-MINOR) add uv_get_available_memory to report and process (theanarkh) #52023 * (SEMVER-MINOR) preload function for Environment (Cheng Zhao) #51539 stream: * (SEMVER-MINOR) support typed arrays (IlyasShabi) #51866 test_runner: * (SEMVER-MINOR) add suite() (Colin Ihrig) #52127 * (SEMVER-MINOR) support forced exit (Colin Ihrig) #52038 * (SEMVER-MINOR) add `test:complete` event to reflect execution order (Moshe Atlow) #51909 util: * (SEMVER-MINOR) support array of formats in util.styleText (Marco Ippolito) #52040 v8: * (SEMVER-MINOR) implement v8.queryObjects() for memory leak regression testing (Joyee Cheung) #51927 watch: * mark as stable (Moshe Atlow) #52074 PR-URL: TODO
Notable changes: benchmark: * add AbortSignal.abort benchmarks (Raz Luvaton) #52408 buffer: * improve `base64` and `base64url` performance (Yagiz Nizipli) #52428 crypto: * deprecate implicitly shortened GCM tags (Tobias Nießen) #52345 deps: * (SEMVER-MINOR) update simdutf to 5.0.0 (Daniel Lemire) #52138 * (SEMVER-MINOR) update undici to 6.3.0 (Node.js GitHub Bot) #51462 * (SEMVER-MINOR) update undici to 6.2.1 (Node.js GitHub Bot) #51278 dns: * (SEMVER-MINOR) add order option and support ipv6first (Paolo Insogna) #52492 doc: * update release gpg keyserver (marco-ippolito) #52257 * add release key for marco-ippolito (marco-ippolito) #52257 * add UlisesGascon as a collaborator (Ulises Gascón) #51991 * (SEMVER-MINOR) deprecate fs.Stats public constructor (Marco Ippolito) #51879 events,doc: * mark CustomEvent as stable (Daeyeon Jeong) #52618 fs: * add stacktrace to fs/promises (翠 / green) #49849 lib, url: * (SEMVER-MINOR) add a `windows` option to path parsing (Aviv Keller) #52509 net: * (SEMVER-MINOR) add CLI option for autoSelectFamilyAttemptTimeout (Paolo Insogna) #52474 report: * (SEMVER-MINOR) add `--report-exclude-network` option (Ethan Arrowood) #51645 src: * (SEMVER-MINOR) add `string_view` overload to snapshot FromBlob (Anna Henningsen) #52595 * (SEMVER-MINOR) add C++ ProcessEmitWarningSync() (Joyee Cheung) #51977 * (SEMVER-MINOR) add uv_get_available_memory to report and process (theanarkh) #52023 * (SEMVER-MINOR) preload function for Environment (Cheng Zhao) #51539 stream: * (SEMVER-MINOR) support typed arrays (IlyasShabi) #51866 test_runner: * (SEMVER-MINOR) add suite() (Colin Ihrig) #52127 * (SEMVER-MINOR) support forced exit (Colin Ihrig) #52038 * (SEMVER-MINOR) add `test:complete` event to reflect execution order (Moshe Atlow) #51909 util: * (SEMVER-MINOR) support array of formats in util.styleText (Marco Ippolito) #52040 v8: * (SEMVER-MINOR) implement v8.queryObjects() for memory leak regression testing (Joyee Cheung) #51927 watch: * mark as stable (Moshe Atlow) #52074 PR-URL: #52793
Notable changes: benchmark: * add AbortSignal.abort benchmarks (Raz Luvaton) #52408 buffer: * improve `base64` and `base64url` performance (Yagiz Nizipli) #52428 crypto: * deprecate implicitly shortened GCM tags (Tobias Nießen) #52345 deps: * (SEMVER-MINOR) update simdutf to 5.0.0 (Daniel Lemire) #52138 * (SEMVER-MINOR) update undici to 6.3.0 (Node.js GitHub Bot) #51462 * (SEMVER-MINOR) update undici to 6.2.1 (Node.js GitHub Bot) #51278 dns: * (SEMVER-MINOR) add order option and support ipv6first (Paolo Insogna) #52492 doc: * update release gpg keyserver (marco-ippolito) #52257 * add release key for marco-ippolito (marco-ippolito) #52257 * add UlisesGascon as a collaborator (Ulises Gascón) #51991 * (SEMVER-MINOR) deprecate fs.Stats public constructor (Marco Ippolito) #51879 events,doc: * mark CustomEvent as stable (Daeyeon Jeong) #52618 fs: * add stacktrace to fs/promises (翠 / green) #49849 lib, url: * (SEMVER-MINOR) add a `windows` option to path parsing (Aviv Keller) #52509 net: * (SEMVER-MINOR) add CLI option for autoSelectFamilyAttemptTimeout (Paolo Insogna) #52474 report: * (SEMVER-MINOR) add `--report-exclude-network` option (Ethan Arrowood) #51645 src: * (SEMVER-MINOR) add `string_view` overload to snapshot FromBlob (Anna Henningsen) #52595 * (SEMVER-MINOR) add C++ ProcessEmitWarningSync() (Joyee Cheung) #51977 * (SEMVER-MINOR) add uv_get_available_memory to report and process (theanarkh) #52023 * (SEMVER-MINOR) preload function for Environment (Cheng Zhao) #51539 stream: * (SEMVER-MINOR) support typed arrays (IlyasShabi) #51866 test_runner: * (SEMVER-MINOR) add suite() (Colin Ihrig) #52127 * (SEMVER-MINOR) support forced exit (Colin Ihrig) #52038 * (SEMVER-MINOR) add `test:complete` event to reflect execution order (Moshe Atlow) #51909 util: * (SEMVER-MINOR) support array of formats in util.styleText (Marco Ippolito) #52040 v8: * (SEMVER-MINOR) implement v8.queryObjects() for memory leak regression testing (Joyee Cheung) #51927 watch: * mark as stable (Moshe Atlow) #52074 PR-URL: #52793
This introduces a doc-only deprecation of using GCM authentication tags that are shorter than the cipher's block size, unless the user specified the authTagLength option. Refs: #52327 PR-URL: #52345 Reviewed-By: Filip Skokan <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: James M Snell <[email protected]>
Notable changes: benchmark: * add AbortSignal.abort benchmarks (Raz Luvaton) #52408 buffer: * improve `base64` and `base64url` performance (Yagiz Nizipli) #52428 crypto: * deprecate implicitly shortened GCM tags (Tobias Nießen) #52345 deps: * (SEMVER-MINOR) update simdutf to 5.0.0 (Daniel Lemire) #52138 * (SEMVER-MINOR) update undici to 6.3.0 (Node.js GitHub Bot) #51462 * (SEMVER-MINOR) update undici to 6.2.1 (Node.js GitHub Bot) #51278 dns: * (SEMVER-MINOR) add order option and support ipv6first (Paolo Insogna) #52492 doc: * update release gpg keyserver (marco-ippolito) #52257 * add release key for marco-ippolito (marco-ippolito) #52257 * add UlisesGascon as a collaborator (Ulises Gascón) #51991 * (SEMVER-MINOR) deprecate fs.Stats public constructor (Marco Ippolito) #51879 events,doc: * mark CustomEvent as stable (Daeyeon Jeong) #52618 fs: * add stacktrace to fs/promises (翠 / green) #49849 lib, url: * (SEMVER-MINOR) add a `windows` option to path parsing (Aviv Keller) #52509 net: * (SEMVER-MINOR) add CLI option for autoSelectFamilyAttemptTimeout (Paolo Insogna) #52474 report: * (SEMVER-MINOR) add `--report-exclude-network` option (Ethan Arrowood) #51645 src: * (SEMVER-MINOR) add `string_view` overload to snapshot FromBlob (Anna Henningsen) #52595 * (SEMVER-MINOR) add C++ ProcessEmitWarningSync() (Joyee Cheung) #51977 * (SEMVER-MINOR) add uv_get_available_memory to report and process (theanarkh) #52023 * (SEMVER-MINOR) preload function for Environment (Cheng Zhao) #51539 stream: * (SEMVER-MINOR) support typed arrays (IlyasShabi) #51866 test_runner: * (SEMVER-MINOR) add suite() (Colin Ihrig) #52127 * (SEMVER-MINOR) add `test:complete` event to reflect execution order (Moshe Atlow) #51909 util: * (SEMVER-MINOR) support array of formats in util.styleText (Marco Ippolito) #52040 v8: * (SEMVER-MINOR) implement v8.queryObjects() for memory leak regression testing (Joyee Cheung) #51927 watch: * mark as stable (Moshe Atlow) #52074 PR-URL: #52793
Notable changes: benchmark: * add AbortSignal.abort benchmarks (Raz Luvaton) #52408 buffer: * improve `base64` and `base64url` performance (Yagiz Nizipli) #52428 crypto: * deprecate implicitly shortened GCM tags (Tobias Nießen) #52345 deps: * (SEMVER-MINOR) update simdutf to 5.0.0 (Daniel Lemire) #52138 * (SEMVER-MINOR) update undici to 6.3.0 (Node.js GitHub Bot) #51462 * (SEMVER-MINOR) update undici to 6.2.1 (Node.js GitHub Bot) #51278 dns: * (SEMVER-MINOR) add order option and support ipv6first (Paolo Insogna) #52492 doc: * update release gpg keyserver (marco-ippolito) #52257 * add release key for marco-ippolito (marco-ippolito) #52257 * add UlisesGascon as a collaborator (Ulises Gascón) #51991 * (SEMVER-MINOR) deprecate fs.Stats public constructor (Marco Ippolito) #51879 events,doc: * mark CustomEvent as stable (Daeyeon Jeong) #52618 fs: * add stacktrace to fs/promises (翠 / green) #49849 lib, url: * (SEMVER-MINOR) add a `windows` option to path parsing (Aviv Keller) #52509 net: * (SEMVER-MINOR) add CLI option for autoSelectFamilyAttemptTimeout (Paolo Insogna) #52474 report: * (SEMVER-MINOR) add `--report-exclude-network` option (Ethan Arrowood) #51645 src: * (SEMVER-MINOR) add `string_view` overload to snapshot FromBlob (Anna Henningsen) #52595 * (SEMVER-MINOR) add C++ ProcessEmitWarningSync() (Joyee Cheung) #51977 * (SEMVER-MINOR) add uv_get_available_memory to report and process (theanarkh) #52023 * (SEMVER-MINOR) preload function for Environment (Cheng Zhao) #51539 stream: * (SEMVER-MINOR) support typed arrays (IlyasShabi) #51866 test_runner: * (SEMVER-MINOR) add suite() (Colin Ihrig) #52127 * (SEMVER-MINOR) add `test:complete` event to reflect execution order (Moshe Atlow) #51909 util: * (SEMVER-MINOR) support array of formats in util.styleText (Marco Ippolito) #52040 v8: * (SEMVER-MINOR) implement v8.queryObjects() for memory leak regression testing (Joyee Cheung) #51927 watch: * mark as stable (Moshe Atlow) #52074 PR-URL: #52793
Notable changes: benchmark: * add AbortSignal.abort benchmarks (Raz Luvaton) #52408 buffer: * improve `base64` and `base64url` performance (Yagiz Nizipli) #52428 crypto: * deprecate implicitly shortened GCM tags (Tobias Nießen) #52345 deps: * (SEMVER-MINOR) update simdutf to 5.0.0 (Daniel Lemire) #52138 * (SEMVER-MINOR) update undici to 6.3.0 (Node.js GitHub Bot) #51462 * (SEMVER-MINOR) update undici to 6.2.1 (Node.js GitHub Bot) #51278 dns: * (SEMVER-MINOR) add order option and support ipv6first (Paolo Insogna) #52492 doc: * update release gpg keyserver (marco-ippolito) #52257 * add release key for marco-ippolito (marco-ippolito) #52257 * add UlisesGascon as a collaborator (Ulises Gascón) #51991 * (SEMVER-MINOR) deprecate fs.Stats public constructor (Marco Ippolito) #51879 events,doc: * mark CustomEvent as stable (Daeyeon Jeong) #52618 fs: * add stacktrace to fs/promises (翠 / green) #49849 lib, url: * (SEMVER-MINOR) add a `windows` option to path parsing (Aviv Keller) #52509 net: * (SEMVER-MINOR) add CLI option for autoSelectFamilyAttemptTimeout (Paolo Insogna) #52474 report: * (SEMVER-MINOR) add `--report-exclude-network` option (Ethan Arrowood) #51645 src: * (SEMVER-MINOR) add `string_view` overload to snapshot FromBlob (Anna Henningsen) #52595 * (SEMVER-MINOR) add C++ ProcessEmitWarningSync() (Joyee Cheung) #51977 * (SEMVER-MINOR) add uv_get_available_memory to report and process (theanarkh) #52023 * (SEMVER-MINOR) preload function for Environment (Cheng Zhao) #51539 stream: * (SEMVER-MINOR) support typed arrays (IlyasShabi) #51866 test_runner: * (SEMVER-MINOR) add suite() (Colin Ihrig) #52127 * (SEMVER-MINOR) add `test:complete` event to reflect execution order (Moshe Atlow) #51909 util: * (SEMVER-MINOR) support array of formats in util.styleText (Marco Ippolito) #52040 v8: * (SEMVER-MINOR) implement v8.queryObjects() for memory leak regression testing (Joyee Cheung) #51927 watch: * mark as stable (Moshe Atlow) #52074 PR-URL: #52793
Notable changes: benchmark: * add AbortSignal.abort benchmarks (Raz Luvaton) nodejs#52408 buffer: * improve `base64` and `base64url` performance (Yagiz Nizipli) nodejs#52428 crypto: * deprecate implicitly shortened GCM tags (Tobias Nießen) nodejs#52345 deps: * (SEMVER-MINOR) update simdutf to 5.0.0 (Daniel Lemire) nodejs#52138 * (SEMVER-MINOR) update undici to 6.3.0 (Node.js GitHub Bot) nodejs#51462 * (SEMVER-MINOR) update undici to 6.2.1 (Node.js GitHub Bot) nodejs#51278 dns: * (SEMVER-MINOR) add order option and support ipv6first (Paolo Insogna) nodejs#52492 doc: * update release gpg keyserver (marco-ippolito) nodejs#52257 * add release key for marco-ippolito (marco-ippolito) nodejs#52257 * add UlisesGascon as a collaborator (Ulises Gascón) nodejs#51991 * (SEMVER-MINOR) deprecate fs.Stats public constructor (Marco Ippolito) nodejs#51879 events,doc: * mark CustomEvent as stable (Daeyeon Jeong) nodejs#52618 fs: * add stacktrace to fs/promises (翠 / green) nodejs#49849 lib, url: * (SEMVER-MINOR) add a `windows` option to path parsing (Aviv Keller) nodejs#52509 net: * (SEMVER-MINOR) add CLI option for autoSelectFamilyAttemptTimeout (Paolo Insogna) nodejs#52474 report: * (SEMVER-MINOR) add `--report-exclude-network` option (Ethan Arrowood) nodejs#51645 src: * (SEMVER-MINOR) add `string_view` overload to snapshot FromBlob (Anna Henningsen) nodejs#52595 * (SEMVER-MINOR) add C++ ProcessEmitWarningSync() (Joyee Cheung) nodejs#51977 * (SEMVER-MINOR) add uv_get_available_memory to report and process (theanarkh) nodejs#52023 * (SEMVER-MINOR) preload function for Environment (Cheng Zhao) nodejs#51539 stream: * (SEMVER-MINOR) support typed arrays (IlyasShabi) nodejs#51866 test_runner: * (SEMVER-MINOR) add suite() (Colin Ihrig) nodejs#52127 * (SEMVER-MINOR) add `test:complete` event to reflect execution order (Moshe Atlow) nodejs#51909 util: * (SEMVER-MINOR) support array of formats in util.styleText (Marco Ippolito) nodejs#52040 v8: * (SEMVER-MINOR) implement v8.queryObjects() for memory leak regression testing (Joyee Cheung) nodejs#51927 watch: * mark as stable (Moshe Atlow) nodejs#52074 PR-URL: nodejs#52793
Notable changes: benchmark: * add AbortSignal.abort benchmarks (Raz Luvaton) nodejs#52408 buffer: * improve `base64` and `base64url` performance (Yagiz Nizipli) nodejs#52428 crypto: * deprecate implicitly shortened GCM tags (Tobias Nießen) nodejs#52345 deps: * (SEMVER-MINOR) update simdutf to 5.0.0 (Daniel Lemire) nodejs#52138 * (SEMVER-MINOR) update undici to 6.3.0 (Node.js GitHub Bot) nodejs#51462 * (SEMVER-MINOR) update undici to 6.2.1 (Node.js GitHub Bot) nodejs#51278 dns: * (SEMVER-MINOR) add order option and support ipv6first (Paolo Insogna) nodejs#52492 doc: * update release gpg keyserver (marco-ippolito) nodejs#52257 * add release key for marco-ippolito (marco-ippolito) nodejs#52257 * add UlisesGascon as a collaborator (Ulises Gascón) nodejs#51991 * (SEMVER-MINOR) deprecate fs.Stats public constructor (Marco Ippolito) nodejs#51879 events,doc: * mark CustomEvent as stable (Daeyeon Jeong) nodejs#52618 fs: * add stacktrace to fs/promises (翠 / green) nodejs#49849 lib, url: * (SEMVER-MINOR) add a `windows` option to path parsing (Aviv Keller) nodejs#52509 net: * (SEMVER-MINOR) add CLI option for autoSelectFamilyAttemptTimeout (Paolo Insogna) nodejs#52474 report: * (SEMVER-MINOR) add `--report-exclude-network` option (Ethan Arrowood) nodejs#51645 src: * (SEMVER-MINOR) add `string_view` overload to snapshot FromBlob (Anna Henningsen) nodejs#52595 * (SEMVER-MINOR) add C++ ProcessEmitWarningSync() (Joyee Cheung) nodejs#51977 * (SEMVER-MINOR) add uv_get_available_memory to report and process (theanarkh) nodejs#52023 * (SEMVER-MINOR) preload function for Environment (Cheng Zhao) nodejs#51539 stream: * (SEMVER-MINOR) support typed arrays (IlyasShabi) nodejs#51866 test_runner: * (SEMVER-MINOR) add suite() (Colin Ihrig) nodejs#52127 * (SEMVER-MINOR) add `test:complete` event to reflect execution order (Moshe Atlow) nodejs#51909 util: * (SEMVER-MINOR) support array of formats in util.styleText (Marco Ippolito) nodejs#52040 v8: * (SEMVER-MINOR) implement v8.queryObjects() for memory leak regression testing (Joyee Cheung) nodejs#51927 watch: * mark as stable (Moshe Atlow) nodejs#52074 PR-URL: nodejs#52793
This introduces a runtime deprecation for using GCM authentication tags that are shorter than the cipher's block size, unless the user specified the authTagLength option. This behavior has been doc-only deprecated since 8f61b65. Refs: nodejs#52327 Refs: nodejs#52345 PR-URL: nodejs#52552 Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Filip Skokan <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]>
Notable changes: benchmark: * add AbortSignal.abort benchmarks (Raz Luvaton) nodejs#52408 buffer: * improve `base64` and `base64url` performance (Yagiz Nizipli) nodejs#52428 crypto: * deprecate implicitly shortened GCM tags (Tobias Nießen) nodejs#52345 deps: * (SEMVER-MINOR) update simdutf to 5.0.0 (Daniel Lemire) nodejs#52138 * (SEMVER-MINOR) update undici to 6.3.0 (Node.js GitHub Bot) nodejs#51462 * (SEMVER-MINOR) update undici to 6.2.1 (Node.js GitHub Bot) nodejs#51278 dns: * (SEMVER-MINOR) add order option and support ipv6first (Paolo Insogna) nodejs#52492 doc: * update release gpg keyserver (marco-ippolito) nodejs#52257 * add release key for marco-ippolito (marco-ippolito) nodejs#52257 * add UlisesGascon as a collaborator (Ulises Gascón) nodejs#51991 * (SEMVER-MINOR) deprecate fs.Stats public constructor (Marco Ippolito) nodejs#51879 events,doc: * mark CustomEvent as stable (Daeyeon Jeong) nodejs#52618 fs: * add stacktrace to fs/promises (翠 / green) nodejs#49849 lib, url: * (SEMVER-MINOR) add a `windows` option to path parsing (Aviv Keller) nodejs#52509 net: * (SEMVER-MINOR) add CLI option for autoSelectFamilyAttemptTimeout (Paolo Insogna) nodejs#52474 report: * (SEMVER-MINOR) add `--report-exclude-network` option (Ethan Arrowood) nodejs#51645 src: * (SEMVER-MINOR) add `string_view` overload to snapshot FromBlob (Anna Henningsen) nodejs#52595 * (SEMVER-MINOR) add C++ ProcessEmitWarningSync() (Joyee Cheung) nodejs#51977 * (SEMVER-MINOR) add uv_get_available_memory to report and process (theanarkh) nodejs#52023 * (SEMVER-MINOR) preload function for Environment (Cheng Zhao) nodejs#51539 stream: * (SEMVER-MINOR) support typed arrays (IlyasShabi) nodejs#51866 test_runner: * (SEMVER-MINOR) add suite() (Colin Ihrig) nodejs#52127 * (SEMVER-MINOR) add `test:complete` event to reflect execution order (Moshe Atlow) nodejs#51909 util: * (SEMVER-MINOR) support array of formats in util.styleText (Marco Ippolito) nodejs#52040 v8: * (SEMVER-MINOR) implement v8.queryObjects() for memory leak regression testing (Joyee Cheung) nodejs#51927 watch: * mark as stable (Moshe Atlow) nodejs#52074 PR-URL: nodejs#52793
This introduces a doc-only deprecation of using GCM authentication tags that are shorter than the cipher's block size, unless the user specified the
authTagLength
option.Refs: #52327