# Notable changes
- http:
- req.read(0) could cause incoming connections to stall and time out under certain conditions. (Fedor Indutny) #7211
- When freeing the socket to be reused in keep-alive Agent wait for both prefinish and end events. Otherwise the next request may be written before the previous one has finished sending the body, leading to a parser errors. (Fedor Indutny) #7149
- npm: upgrade npm to 3.9.5 (Kat Marchán) #7139
* Bump Vagrant to 1.8.4
* Update terraform version check
Eliminates RC releases from consideration.
* Bump Terraform to 0.6.16
Adds providers for librato and softlayer.
* Bump git to 2.9.0.windows.1
* Bump git-with-openssh to 2.9.0.windows.1
* Bump ffmpeg to 2016-06-10
* Bump mercurial to 3.8.3
* Add checkver to redis
* Bump redis to 2.8.2104
# Notable changes
## Notable changes
* **buffer**: Ignore negative lengths in calls to `Buffer()` and `Buffer.allocUnsafe()`. This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor or `allocUnsafe()` as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) [#7051](https://github.com/nodejs/node/pull/7051)
* **npm**: Upgrade npm to 3.9.3 (Kat Marchán) [#7030](https://github.com/nodejs/node/pull/7030)
- [`npm/npm@42d71be`](42d71be2ce) [npm/npm#12685](https://github.com/npm/npm/pull/12685) When using `npm ls <pkg>` without a semver specifier, `npm ls` would skip any packages in your tree that matched by name, but had a prerelease version in their `package.json`. ([@zkat](https://github.com/zkat))
- [`npm/npm@f04e05`](df04e05af1) [npm/npm#10013](https://github.com/npm/npm/issues/10013) `read-package-tree@5.1.4`: Fixes an issue where `npm install` would fail if your `node_modules` was symlinked. ([@iarna](https://github.com/iarna))
- [`b894413`](b8944139a9) [#12372](https://github.com/npm/npm/issues/12372) Changing a nested dependency in an `npm-shrinkwrap.json` and then running `npm install` would not get up the updated package. This corrects that. ([@misterbyrne](https://github.com/misterbyrne))
- This release includes `npm@3.9.0`, which is the result of our Windows testing push -- the test suite (should) pass on Windows now. We're working on getting AppVeyor to a place where we can just rely on it like Travis.
* **tty**: Default to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at <https://github.com/nodejs/node/issues/6980>. (Jeremiah Senkpiel) [#6895](https://github.com/nodejs/node/pull/6895)
* **V8**: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see <https://github.com/node-inspector/node-inspector/issues/864> for details. (Michaël Zasso) [#6928](https://github.com/nodejs/node/pull/6928)
External apps depend on DLLs exported by openssl (ssleay32.dll and libeay32.dll in my particular case), so I thought it would be nice to have the in PATH automatically after installation.
Notable changes
- buffer: fix lastIndexOf and indexOf in various edge cases (Anna Henningsen) #6511
- child_process: use /system/bin/sh on android (Ben Noordhuis) #6745
deps:
- upgrade npm to 3.8.9 (Rebecca Turner) #6664
- upgrade to V8 5.0.71.47 (Ali Ijaz Sheikh) #6572
- upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé) #6796
- Intl: ICU 57 bump (Steven R. Loomis) #6088
- repl:
- copying tabs shouldn't trigger completion (Eugene Obrezkov) #5958
- exports Recoverable (Blake Embrey) #3488
- src: add O_NOATIME constant (Rich Trott) #6492
- src,module: add --preserve-symlinks command line flag (James M Snell) #6537
- util: adhere to noDeprecation set at runtime (Anna Henningsen) #6683
As of this release the 6.X line now includes 64-bit binaries for Linux on Power Systems running in big endian mode in addition to the existing 64-bit binaries for running in little endian mode.
SHA-256 taken from 7zip;
[curl manifest file tested on external bucket](http://puu.sh/oQq83/d131b4a4fa.png)
Mirror changes:
- mirror confusedbycode.com looks abandoned;
- mirror bintray.com from list Win32/Win64 - Generic (Viktor Szakáts) was chosen
- build project page for windows is hosted on https://github.com/vszakats/harbour-deps
* Apache httpd version upgrade to 2.4.20
* Update pre-install in r.json
The pre-install in the r bucket is now architecture specific and
depends on the architecture the user requested, no longer on the
architecture of the user's machine.
* Updated R to version 3.3.0
