We just pushed out a small May update (0.5.4) to the Azure SDK for Node.js, with which we now deploy:
- node.js 0.6.17
- iisnode 0.1.19
Here are the important changes and additions in this release:
- The updated node.js version addresses the recently announced node.js security vulnerability. The vulnerability affects all server-side deployments using versions prior to 0.6.17. If you have deployed a node.js application on Azure using our tooling, you are probably using a version of node.js that is vulerable. Please redeploy your application using the updated tooling to ensure your deployment is secure.
- This is not completely new, but a few weeks ago we also released a refresh (0.5.3) of the npm package for Azure, adding support for accessing the Azure role service runtime. That enables you to: get role configuration settings, work with local role resources (including local storage), get information about the current role instance, as well as other role instances in your application. We have a nice example of this functionality posted here.
- iisnode 0.1.19 brings improved configuration support using YAML files. For a lot of scenarios, you may now be able to configure your app by deploying an iisnode.yml file, instead of messy XML inside your Web.config.
# The optional iisnode.yml file provides overrides of
# the iisnode configuration settings specified in web.config.
nodeProcessCommandLine: "c:\program files\nodejs\node.exe"
# so on...
Here is a one-click install of the new bits.