NW.js v0.32.3 Released with Node.js 10.9.0 Security Update
This is a version only to sync with Node.js 10.9.0 security update:
- Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (CVE-2018-12115)
- Fix unintentional exposure of uninitialized memory in Buffer.alloc() (CVE-2018-7166)
- Client DoS due to large DH parameter (CVE-2018-0732)
- ECDSA key extraction via local side-channel (CVE not assigned)
For more information, please check upstream announcement.
Previously we released 0.32 versions with Chromium 68, which contains usual under-the-hood performance and stability tweaks, but there are also some cool new features to explore. It supports payment handler API, page lifecycle API, High resolution timestamp for Gamepad and many more. Please check upstream information for details. For a complete list of all features (including experimental features) in this release, see the Chrome 68 milestone hotlist.
We've made the 0.32 branch ready soon after Chromium beta bumps to 68. Thanks to the testers for their valuable feedback and bug reports. We've been working on 2 branches simultaneously: a released branch on current Chromium stable and a beta branch on Chromium beta.
- Update Node.js to v10.9.0
Full ChangeLog: https://github.com/nwjs/nw.js/blob/nw32/CHANGELOG.md
Binary for other platforms: https://dl.nwjs.io/v0.32.3/
There are 2 builds for each platform - normal build, and SDK build. Normal build doesn't have devtools, only SDK build does. lt can be opened by pressing F12 (Cmd-Alt-I on OSX). SDK packages also have more development tools to be exposed in the following releases, as well as the NaCl support.
Our build infrastructure enables live binary build from git tip so you can access to the latest binary from https://dl.nwjs.io/live-build/
See our mailing list to discuss on this release: https://groups.google.com/d/msg/nwjs-general/oNnJ1lNUDwk/B0V3_Mw3DAAJ