diff --git a/CHANGELOG.md b/CHANGELOG.md index 48ed63855..c680928e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,11 +2,21 @@ ## v0.32.5 -### Security +*September 30, 2019* -- [p2p] [TODO](hxxp://githublink) Fix for panic on nil public key send to a peer +This release fixes a major security vulnerability found in the `p2p` package. +All clients are recommended to upgrade. See [TODO](hxxp://githublink) for +details. + +Special thanks to [fudongbai](https://hackerone.com/fudongbai) for discovering +and reporting this issue. + +Friendly reminder, we have a [bug bounty +program](https://hackerone.com/tendermint). +### SECURITY: +- [p2p] [TODO](hxxp://githublink) Fix for panic on nil public key send to a peer ## v0.32.4 @@ -30,9 +40,9 @@ program](https://hackerone.com/tendermint). - [deps] [\#3951](https://github.com/tendermint/tendermint/pull/3951) bump github.com/stretchr/testify from 1.3.0 to 1.4.0 - [deps] [\#3945](https://github.com/tendermint/tendermint/pull/3945) bump github.com/gorilla/websocket from 1.2.0 to 1.4.1 - [deps] [\#3948](https://github.com/tendermint/tendermint/pull/3948) bump github.com/libp2p/go-buffer-pool from 0.0.1 to 0.0.2 -- [deps] [\#3943](https://github.com/tendermint/tendermint/pull/3943) bump github.com/fortytw2/leaktest from 1.2.0 to 1.3.0 -- [deps] [\#3939](https://github.com/tendermint/tendermint/pull/3939) bump github.com/rs/cors from 1.6.0 to 1.7.0 -- [deps] [\#3937](https://github.com/tendermint/tendermint/pull/3937) bump github.com/magiconair/properties from 1.8.0 to 1.8.1 +- [deps] [\#3943](https://github.com/tendermint/tendermint/pull/3943) bump github.com/fortytw2/leaktest from 1.2.0 to 1.3.0 +- [deps] [\#3939](https://github.com/tendermint/tendermint/pull/3939) bump github.com/rs/cors from 1.6.0 to 1.7.0 +- [deps] [\#3937](https://github.com/tendermint/tendermint/pull/3937) bump github.com/magiconair/properties from 1.8.0 to 1.8.1 - [deps] [\#3947](https://github.com/tendermint/tendermint/pull/3947) update gogo/protobuf version from v1.2.1 to v1.3.0 - [deps] [\#4001](https://github.com/tendermint/tendermint/pull/4001) bump github.com/tendermint/tm-db from 0.1.1 to 0.2.0 diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md index 043c66c7e..578c0bc1a 100644 --- a/CHANGELOG_PENDING.md +++ b/CHANGELOG_PENDING.md @@ -1,4 +1,4 @@ -## v0.32.5 +## v0.32.6 \*\*