Blog: v13.8.0 release post (#2933)

BethGriggs · web-flow · commit a2a8a53de5d4 · 2020-02-06T03:23:32.000Z
Refs: nodejs-private/node-private#196
diff --git a/locale/en/blog/release/v13.8.0.md b/locale/en/blog/release/v13.8.0.md
@@ -0,0 +1,56 @@
+---
+date: 2020-02-06T03:14:17.324Z
+version: 13.8.0
+category: release
+title: Node v13.8.0 (Current)
+slug: node-v13-8-0
+layout: blog-post.hbs
+author: Bethany Nicolle Griggs
+---
+
+### Notable Changes
+
+This is a security release.
+
+Vulnerabilities fixed:
+* **CVE-2019-15606**: HTTP header values do not have trailing OWS trimmed.
+* **CVE-2019-15605**: HTTP request smuggling using malformed Transfer-Encoding header.
+* **CVE-2019-15604**: Remotely trigger an assertion on a TLS server with a malformed certificate string.
+
+Also, HTTP parsing is more strict to be more secure. Since this may
+cause problems in interoperability with some non-conformant HTTP
+implementations, it is possible to disable the strict checks with the
+`--insecure-http-parser` command line flag, or the `insecureHTTPParser`
+http option. Using the insecure HTTP parser should be avoided.
+
+### Commits
+
+* [[`b7da194714`](https://github.com/nodejs/node/commit/b7da194714)] - **benchmark**: support optional headers with wrk (Sam Roberts) [nodejs-private/node-private#189](https://github.com/nodejs-private/node-private/pull/189)
+* [[`1156a9e5f8`](https://github.com/nodejs/node/commit/1156a9e5f8)] - **crypto**: fix assertion caused by unsupported ext (Fedor Indutny) [nodejs-private/node-private#175](https://github.com/nodejs-private/node-private/pull/175)
+* [[`8f41e837bb`](https://github.com/nodejs/node/commit/8f41e837bb)] - **deps**: update llhttp to 2.0.4 (Beth Griggs) [nodejs-private/node-private#199](https://github.com/nodejs-private/node-private/pull/199)
+* [[`07d56e49cf`](https://github.com/nodejs/node/commit/07d56e49cf)] - **(SEMVER-MINOR)** **http**: make --insecure-http-parser configurable per-stream or per-server (Anna Henningsen) [#31448](https://github.com/nodejs/node/pull/31448)
+* [[`25b6897e8a`](https://github.com/nodejs/node/commit/25b6897e8a)] - **http**: strip trailing OWS from header values (Sam Roberts) [nodejs-private/node-private#189](https://github.com/nodejs-private/node-private/pull/189)
+* [[`eea3a7429b`](https://github.com/nodejs/node/commit/eea3a7429b)] - **test**: using TE to smuggle reqs is not possible (Sam Roberts) [nodejs-private/node-private#199](https://github.com/nodejs-private/node-private/pull/199)
+
+Windows 32-bit Installer: https://nodejs.org/dist/v13.8.0/node-v13.8.0-x86.msi<br>
+Windows 64-bit Installer: https://nodejs.org/dist/v13.8.0/node-v13.8.0-x64.msi<br>
+Windows 32-bit Binary: https://nodejs.org/dist/v13.8.0/win-x86/node.exe<br>
+Windows 64-bit Binary: https://nodejs.org/dist/v13.8.0/win-x64/node.exe<br>
+macOS 64-bit Installer: https://nodejs.org/dist/v13.8.0/node-v13.8.0.pkg<br>
+macOS 64-bit Binary: https://nodejs.org/dist/v13.8.0/node-v13.8.0-darwin-x64.tar.gz<br>
+Linux 64-bit Binary: https://nodejs.org/dist/v13.8.0/node-v13.8.0-linux-x64.tar.xz<br>
+Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v13.8.0/node-v13.8.0-linux-ppc64le.tar.xz<br>
+Linux s390x 64-bit Binary: https://nodejs.org/dist/v13.8.0/node-v13.8.0-linux-s390x.tar.xz<br>
+AIX 64-bit Binary: https://nodejs.org/dist/v13.8.0/node-v13.8.0-aix-ppc64.tar.gz<br>
+SmartOS 64-bit Binary: https://nodejs.org/dist/v13.8.0/node-v13.8.0-sunos-x64.tar.xz<br>
+ARMv7 32-bit Binary: https://nodejs.org/dist/v13.8.0/node-v13.8.0-linux-armv7l.tar.xz<br>
+ARMv8 64-bit Binary: https://nodejs.org/dist/v13.8.0/node-v13.8.0-linux-arm64.tar.xz<br>
+Source Code: https://nodejs.org/dist/v13.8.0/node-v13.8.0.tar.gz<br>
+Other release files: https://nodejs.org/dist/v13.8.0/<br>
+Documentation: https://nodejs.org/docs/v13.8.0/api/
+
+### SHASUMS
+
+```
+[INSERT SHASUMS HERE]
+```
