Kerberos version 0.0.5 builds upon the earlier 0.0.4 release, offering developers an updated Kerberos library for Node.js applications. The key change introduced in version 0.0.5 is the addition of a runtime dependency on the "nan" package, specifically version 1.3.0. This "nan" (Native Abstraction for Node.js) dependency is crucial for ensuring compatibility across different Node.js versions, simplifying the process of compiling native addons. Developers using kerberos 0.0.5 can expect improved stability and reduced compilation issues when deploying their applications across various Node.js environments. Both versions share a common foundation, providing core Kerberos functionality to Node.js projects. They are both licensed under Apache 2.0, allowing for flexible use in open-source and commercial projects. The source code is maintained on GitHub, facilitating community contributions and issue tracking. Both versions use "nodeunit" for development-time testing. While the core Kerberos functionality remains consistent, the introduction of the "nan" dependency in version 0.0.5 represents a significant enhancement, streamlining the development experience and broadening compatibility for developers targeting diverse Node.js deployments. If you had issues building the previous version, this version addresses those with the addition of nan. Existing users should carefully test the updated version since it brings in a new dependency which can lead to other errors.
All the vulnerabilities related to the version 0.0.5 of the package
DLL Injection in kerberos
Version of kerberos prior to 1.0.0 are vulnerable to DLL Injection. The package loads DLLs without specifying a full path. This may allow attackers to create a file with the same name in a folder that precedes the intended file in the DLL path search. Doing so would allow attackers to execute arbitrary code in the machine.
Upgrade to version 1.0.0 or later.
