diff --git a/doc/releases.md b/doc/releases.md index 483b1f030c4071..ecc284989de2d8 100644 --- a/doc/releases.md +++ b/doc/releases.md @@ -217,6 +217,13 @@ be produced with a version string that does not have a trailing pre-release tag: #define NODE_VERSION_IS_RELEASE 1 ``` +If this is a security release, set the `NODE_VERSION_IS_SECURITY_RELEASE` macro +value to `1`. + +```c +#define NODE_VERSION_IS_SECURITY_RELEASE 1 +``` + **Also consider whether to bump `NODE_MODULE_VERSION`**: This macro is used to signal an ABI version for native addons. It currently has @@ -488,6 +495,7 @@ On release proposal branch, edit `src/node_version.h` again and: - Increment `NODE_PATCH_VERSION` by one - Change `NODE_VERSION_IS_RELEASE` back to `0` +- Change `NODE_VERSION_IS_SECURITY_RELEASE` back to `0` Commit this change with the following commit message format: @@ -514,8 +522,9 @@ $ git push upstream v1.x-staging Cherry-pick the release commit to `master`. After cherry-picking, edit `src/node_version.h` to ensure the version macros contain whatever values were -previously on `master`. `NODE_VERSION_IS_RELEASE` should be `0`. **Do not** -cherry-pick the "Working on vx.y.z" commit to `master`. +previously on `master`. `NODE_VERSION_IS_RELEASE` and +`NODE_VERSION_IS_SECURITY_RELEASE` should be `0`. **Do not** cherry-pick the +"Working on vx.y.z" commit to `master`. Run `make lint` before pushing to `master`, to make sure the Changelog formatting passes the lint rules on `master`. diff --git a/src/node_metadata.cc b/src/node_metadata.cc index 602115ad4f2590..e3bc7abdfe6746 100644 --- a/src/node_metadata.cc +++ b/src/node_metadata.cc @@ -95,6 +95,8 @@ Metadata::Release::Release() : name(NODE_RELEASE) { lts = NODE_VERSION_LTS_CODENAME; #endif // NODE_VERSION_IS_LTS + security = NODE_VERSION_IS_SECURITY_RELEASE != 0; + #ifdef NODE_HAS_RELEASE_URLS #define NODE_RELEASE_URLPFX NODE_RELEASE_URLBASE "v" NODE_VERSION_STRING "/" #define NODE_RELEASE_URLFPFX NODE_RELEASE_URLPFX "node-v" NODE_VERSION_STRING diff --git a/src/node_metadata.h b/src/node_metadata.h index c6f379f085de03..d062006b990fac 100644 --- a/src/node_metadata.h +++ b/src/node_metadata.h @@ -80,6 +80,7 @@ class Metadata { Release(); std::string name; + bool security; #if NODE_VERSION_IS_LTS std::string lts; #endif // NODE_VERSION_IS_LTS diff --git a/src/node_process_object.cc b/src/node_process_object.cc index e533245703e8cc..84251f7ffb6226 100644 --- a/src/node_process_object.cc +++ b/src/node_process_object.cc @@ -112,6 +112,11 @@ MaybeLocal CreateProcessObject( Local release = Object::New(env->isolate()); READONLY_PROPERTY(process, "release", release); READONLY_STRING_PROPERTY(release, "name", per_process::metadata.release.name); + if (per_process::metadata.release.security) { + READONLY_TRUE_PROPERTY(release, "security"); + } else { + READONLY_FALSE_PROPERTY(release, "security"); + } #if NODE_VERSION_IS_LTS READONLY_STRING_PROPERTY(release, "lts", per_process::metadata.release.lts); #endif // NODE_VERSION_IS_LTS diff --git a/src/node_report.cc b/src/node_report.cc index d917a772812b27..a6a50ee201978b 100644 --- a/src/node_report.cc +++ b/src/node_report.cc @@ -596,6 +596,8 @@ static void PrintComponentVersions(JSONWriter* writer) { static void PrintRelease(JSONWriter* writer) { writer->json_objectstart("release"); writer->json_keyvalue("name", node::per_process::metadata.release.name); + writer->json_keyvalue("security", + node::per_process::metadata.release.security); #if NODE_VERSION_IS_LTS writer->json_keyvalue("lts", node::per_process::metadata.release.lts); #endif diff --git a/src/node_v8_platform-inl.h b/src/node_v8_platform-inl.h index e36f0a7d88bea4..1ef110eb5ff0b6 100644 --- a/src/node_v8_platform-inl.h +++ b/src/node_v8_platform-inl.h @@ -53,6 +53,8 @@ class NodeTraceStateObserver trace_process->BeginDictionary("release"); trace_process->SetString("name", per_process::metadata.release.name.c_str()); + trace_process->SetBoolean("security", + per_process::metadata.release.security); #if NODE_VERSION_IS_LTS trace_process->SetString("lts", per_process::metadata.release.lts.c_str()); #endif diff --git a/src/node_version.h b/src/node_version.h index 448fe507d053db..5af4b7ca68f23f 100644 --- a/src/node_version.h +++ b/src/node_version.h @@ -30,6 +30,7 @@ #define NODE_VERSION_LTS_CODENAME "" #define NODE_VERSION_IS_RELEASE 0 +#define NODE_VERSION_IS_SECURITY_RELEASE 0 #ifndef NODE_STRINGIFY #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n) diff --git a/test/parallel/test-process-release.js b/test/parallel/test-process-release.js index f36062da4d2598..85cac2c9b1685b 100644 --- a/test/parallel/test-process-release.js +++ b/test/parallel/test-process-release.js @@ -7,6 +7,8 @@ const versionParts = process.versions.node.split('.'); assert.strictEqual(process.release.name, 'node'); +assert.strictEqual(typeof process.release.security, 'boolean'); + // It's expected that future LTS release lines will have additional // branches in here if (versionParts[0] === '4' && versionParts[1] >= 2) { diff --git a/test/parallel/test-trace-events-metadata.js b/test/parallel/test-trace-events-metadata.js index 863b2175f6c8a0..37c5f045a89fef 100644 --- a/test/parallel/test-trace-events-metadata.js +++ b/test/parallel/test-trace-events-metadata.js @@ -61,6 +61,7 @@ proc.once('exit', common.mustCall(() => { trace.args.process.arch === process.arch && trace.args.process.platform === process.platform && trace.args.process.release.name === process.release.name && + trace.args.process.release.security === process.release.security && (!process.release.lts || trace.args.process.release.lts === process.release.lts)));