v2.1.1
2.1.1 (2024-07-16)
The MongoDB Node.js team is pleased to announce version 2.1.1 of the kerberos package!
Release Notes
Fix segfault when running kerberos on systems with 1.x OpenSSL versions and Node.js 18+
Kerberos depends on OpenSSL and Node.js always bundles a copy of OpenSSL. Unfortunately an incompatiblity arises when Node's SSL version is not compatible with the version that the system kerberos library was built with.
Kerberos will now load the system library by default with runtime dynamic linking. This enables us to specify that kerberos use the SSL version it was built against (RTLD_DEEPBIND) so it does not adopt the symbols available in Node.js' address space.
Starting in Node 18+ these Node's SSL symbols are from OpenSSL 3+, whereas on RHEL 8 the system SSL library is 1.1.1k.
Add Spectre Mitigation and Control Flow Guard
On Windows only, we have added the SpectreMitigation and /guard:cf flags, thanks to a contribution from @rzhao271! If you are building on Windows yourself you may need to install Spectre-mitigated libraries for Visual Studio. Those using the prebuilds should not need any changes.
MacOS universal builds
In a previous PR we made our MacOS prebuilds be universal binaries so the same build works on both M1 and Intel. This PR moves the universal build flags under a condition so that when building a static library only the platform being built for is included.
Bug Fixes
- MONGOSH-1808: only build universal macos binaries when creating loadable_library (#186) (ec3ab7a)
- NODE-6253: use runtime linking against system kerberos libraries by default (#188) (04044d2)
- NODE-6265: add Spectre Mitigation and CFG (#190) (54b9799)
- NODE-6108: allow building from source on latest Node.js 20.x (#172) (c1f7aca)
Documentation
We invite you to try the kerberos library immediately, and report any issues to the NODE project.
