Node.js received new security update

Developers recommend every user to update Node.js as soon as possible
12 July 2017   2304

Lightweight interpreted or JIT-compiled programming language with first-class functions

Developers of Node.js recently released new security update. Update is important and they strongly recommend to upgrade Node.js's ASAP.

All non-updated versions of v4.x through to v8.x inclusive are vulnerable to an issue that can be used by an external hacker. The severity of this vulnerability is high and users of the affected versions should update their Node.js's as soon as possible.

List of non-updated vulnerable versions:

  • Versions 4.x of Node.js
  • Versions 6.x of Node.js 
  • Versions 7.x of Node.js 
  • Versions 8.x of Node.js

 Additionally, developers had provided the list of Node.js-specific security flaws. Among them:

  • Constant Hashtable Seeds (CVE pending)
  • Vulnerabilities in dependencies

According to the official website, updates are now available for all active Node.js release lines, including 7.x line. They include the fix for the high severity vulnerability, one additional lower priority Node.js vulnerability in the 4.x release line, as well as some lower priority fixes for Node.js dependencies across the current release lines.


Clarity Beta Released

According to the creators, the tool will allow website owners to understand the causes of user behavior better
13 December 2018   102

Microsoft put Clarity, a web analytics tool, into beta. It is used by the developers of the search engine Bing, so the functionality should be similar to Yandex.Metrica and Google Analytics. Unlike these systems, the Clarity library is distributed freely and hosted on GitHub.

According to the creators, the tool will allow you to understand the causes of user behavior better. Clarity collects telemetry from the site and helps to see how users interact with it, what bugs and difficulties they face, why they leave. This will allow you to understand where to tweak the code and what generally needs to be changed to improve the user experience.

The developers gave an example of how Clarity was used to analyze strange activity on the Bing homepage. It turned out that the cause was malicious code that modified the page, interfered with the normal interaction with the site and extended the download. Clarity helped develop protection against changing search engine pages, which ultimately improved its business performance.

Clarity records user sessions for further viewing and analysis. Sessions can be filtered by date, duration, browser, OS, device type and activity.

When viewing a session, you can track the movement of the mouse pointer, the number and location of clicks, page load time, the number of network requests and JavaScript errors and other parameters. It is possible to create session logs in JSON format and send to the specified address.

Due to the fact that the tool is still in beta testing, to use it, you need to send a request with information about the connected site. From requests waiting list is being formed. Developers will notify applicants about the use of Clarity.