Skip to content

inspector: don't bind to 0.0.0.0 by default (v6.x) #21376

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

inspector: don't bind to 0.0.0.0 by default (v6.x) #21376

wants to merge 4 commits into from

Conversation

bnoordhuis
Copy link
Member

Change the bind address from 0.0.0.0 to 127.0.0.1 and start respecting
the address part of --inspect=<address>:<port> so that the bind
address can be overridden by the user.

Fixes: #21349

Trott and others added 4 commits June 14, 2018 16:35
@Trott @MylesBorins
tools,gyp: fix regex for version matching
32f4c18 
Tool versions can be 10 and higher. Float patch from node-gyp to
accommodate this fact of life.

PR-URL: nodejs#21216
Refs: nodejs/node-gyp@293092c
Reviewed-By: Refael Ackermann <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
@mistydemeo @MylesBorins
build: fix configure script for double-digits
56bf7fd 
Compare versions using tuples instead of strings so that it is
future-proofed against versions that contain a number that is more than
one digit.

Backport-PR-URL: nodejs#21301
PR-URL: nodejs#21183
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
Reviewed-By: Jeremiah Senkpiel <[email protected]>
Reviewed-By: Trivikram Kamat <[email protected]>
@Trott @MylesBorins
tools: update tooling to work with new macOS CLI …
a5d1ab3 
Using High Sierra and `xcode-select --install` without installing full
Xcode, our build tooling breaks due to faulty regular expressions.

Update the `configure` script in our project root directory to handle
multi-digit version numbers.

`tools/gyp` and `deps/npm/node_modules/node-gyp` still need to be
updated for a complete fix.

PR-URL: nodejs#21173
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Refael Ackermann <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@bnoordhuis
inspector: don't bind to 0.0.0.0 by default
bf5bef5 
Change the bind address from 0.0.0.0 to 127.0.0.1 and start respecting
the address part of `--inspect=<address>:<port>` so that the bind
address can be overridden by the user.

Fixes: nodejs#21349
@nodejs-github-bot
Copy link
Collaborator

@bnoordhuis build started: https://ci.nodejs.org/blue/organizations/jenkins/node-test-pull-request-lite-pipeline/detail/node-test-pull-request-lite-pipeline/85/pipeline

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. v6.x labels Jun 17, 2018
@ChALkeR ChALkeR added security Issues and PRs related to security. experimental Issues and PRs related to experimental features. labels Jun 17, 2018
@bnoordhuis
Copy link
Member Author

Linter failure is infrastructural:

./node tools/lint-js.js -j 2 -f tap -o test-eslint.tap \
	benchmark doc lib test tools
gmake: ./node: Command not found

@richardlau
Copy link
Member

Build PR for v6.x linter: nodejs/build#1349

@MylesBorins
Copy link
Contributor

@nodejs/release @nodejs/lts do we want to do a 6.x release for this?

@richardlau
Copy link
Member

do we want to do a 6.x release for this?

In 6.x the V8 inspector is an experimental feature, so I would say no to doing a release specifically for this. I would not be opposed to including it in a release if other critical fixes are found to warrant a release.

@Trott
Copy link
Member

Trott commented Aug 1, 2018

@nodejs/security-wg

@lirantal
Copy link
Member

lirantal commented Aug 1, 2018

That's a welcomed change 👍
I believe we also need to update the documentation too?

@rvagg
Copy link
Member

rvagg commented Aug 13, 2018

FYI this is queued up for inclusion in v6.14.4 as per https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/

@beevelop beevelop mentioned this pull request Aug 16, 2018
Closed
@maclover7
Copy link
Contributor

Landed in v6.14.4 by @rvagg in 08a150f

@maclover7 maclover7 closed this Aug 16, 2018
@beevelop beevelop mentioned this pull request Aug 16, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell approved these changes

Assignees
No one assigned
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. experimental Issues and PRs related to experimental features. lib / src Issues and PRs related to general changes in the lib or src directory. security Issues and PRs related to security.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.