Apologies if somebody already mentioned this and I didn’t see the post, but Node’s recently announced and patched a denial-of-service vulnerability:
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
It looks like @benjamn updated meteor 1.5.1 to use the fixed version of node (4.8.4), but I thought I’d mention it in case folks like me have old apps in production and hadn’t noticed the change.
EDIT: as noted in this github issue: https://github.com/meteor/meteor/issues/8896
EDIT: you’ll have to meteor update --release 1.5.1