doc: provide info on impact of recent vulns

build.js

@@ -270,7 +270,7 @@ function getSource (callback) {
         },
         banner: {
           visible: true,
-          link: 'https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/'
+          link: 'https://nodejs.org/en/blog/vulnerability/jan-2018-spectre-meltdown/'
         }
       }
     }

locale/ar/index.md

@@ -1,7 +1,7 @@
 ---
 layout: index.hbs
 labels:
-  banner: مستجدات أمنية مهمة، المرجو التحميل الآن !
+  banner: Spectre and Meltdown in the context of Node.js.
   current-version: الاصدار الحالي
   download: تحميل
   download-for: تحميل النسخة الخاصة ب

locale/ca/index.md

@@ -1,7 +1,7 @@
 ---
 layout: index.hbs
 labels:
-  banner: Important security releases, please update now!
+  banner: Spectre and Meltdown in the context of Node.js.
   current-version: Versió actual
   download: Descarregar
   download-for: Descarregar per

locale/de/index.md

@@ -1,7 +1,7 @@
 ---
 layout: index.hbs
 labels:
-  banner: Wichtige Sicherheits-Updates, bitte aktualisieren Sie jetzt!
+  banner: Spectre and Meltdown in the context of Node.js.
   current-version: Aktuelle Version
   download: Download
   download-for: Herunterladen für

locale/en/blog/vulnerability/jan-2018-spectre-meltdown

@@ -0,0 +1,42 @@
+---
+date: 2018-01-08T17:30:00.617Z
+category: vulnerability
+title: Meltdown and Spectre - Impact On Node.js
+slug: jan-2018-spectre-meltdown
+layout: blog-post.hbs
+author: Michael Dawson
+---
+
+# Summary
+
+Project zero has recently announced some new attacks that have received a
+lot of attention:
+https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html.
+
+The risk from these attacks to systems running Node.js resides in the
+systems in which your Node.js applications run, as opposed to the
+Node.js runtime itself. The trust model for Node.js assumes you are
+running trusted code and does not provide any separation between code
+running within the runtime itself. Therefore, untrusted code that
+would be necessary to execute these attacks in Node.js could already
+affect the execution of your Node.js applications in ways that
+are more severe than possible through these new attacks.
+
+This does not mean that you don't need to protect yourself from
+these new attacks when running Node.js applications. If an attacker
+manages to run malicious code on an upatched OS (whether using
+JavaScript or something else) they may be able to access memory and or
+data that they should not have access to.  In order to protect yourself
+from these cases, apply the security patches for your operating
+system. You do not need to update the Node.js runtime.
+
+# Contact and future updates
+
+The current Node.js security policy can be found at https://nodejs.org/en/security/.
+
+Please contact security@nodejs.org if you wish to report a vulnerability in Node.js.
+
+Subscribe to the low-volume announcement-only nodejs-sec mailing list at
+https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date
+on security vulnerabilities and security-related releases of Node.js and
+the projects maintained in the [nodejs GitHub organisation](https://github.com/nodejs/).

locale/en/index.md

@@ -1,7 +1,7 @@
 ---
 layout: index.hbs
 labels:
-  banner: Important security releases, please update now!
+  banner: Spectre and Meltdown in the context of Node.js.
   current-version: Current Version
   download: Download
   download-for: Download for

locale/es/index.md

@@ -1,7 +1,7 @@
 ---
 layout: index.hbs
 labels:
-  banner: Important security releases, please update now!
+  banner: Spectre and Meltdown in the context of Node.js.
   current-version: Versión Actual
   download: Descargar
   download-for: Descargar para

locale/fr/index.md

@@ -1,7 +1,7 @@
 ---
 layout: index.hbs
 labels:
-  banner: Mises à jour de sécurité importantes, veuillez mettre à jour!
+  banner: Spectre and Meltdown in the context of Node.js.
   current-version: Version actuelle
   download: Téléchargements
   download-for: Téléchargements pour

locale/gl/index.md

@@ -1,7 +1,7 @@
 ---
 layout: index.hbs
 labels:
-  banner: Important security releases, please update now!
+  banner: Spectre and Meltdown in the context of Node.js.
   current-version: Versión Actual
   download: Descargar
   download-for: Descargar para

locale/it/index.md

@@ -1,7 +1,7 @@
 ---
 layout: index.hbs
 labels:
-  banner: Important security releases, please update now!
+  banner: Spectre and Meltdown in the context of Node.js.
   current-version: Versione corrente
   download: Download
   download-for: Download per

locale/ja/index.md

@@ -1,7 +1,7 @@
 ---
 layout: index.hbs
 labels:
-  banner: Important security releases, please update now!
+  banner: Spectre and Meltdown in the context of Node.js.
   current-version: 最新のバージョン
   download: ダウンロード
   download-for: ダウンロード

locale/ko/index.md

@@ -1,7 +1,7 @@
 ---
 layout: index.hbs
 labels:
-  banner: Important security releases, please update now!
+  banner: Spectre and Meltdown in the context of Node.js.
   current-version: 현재 버전
   download: 다운로드
   download-for: 다운로드 -

locale/uk/index.md

@@ -1,7 +1,7 @@
 ---
 layout: index.hbs
 labels:
-  banner: Important security releases, please update now!
+  banner: Spectre and Meltdown in the context of Node.js.
   current-version: Поточна версія
   download: Завантажити
   download-for: Завантажити для

locale/zh-cn/index.md

@@ -1,7 +1,7 @@
 ---
 layout: index.hbs
 labels:
-  banner: 重要的安全版本，请立即更新！
+  banner: Spectre and Meltdown in the context of Node.js.
   current-version: 当前版本
   download: 下载
   download-for: 下载为