Browse Source

update changelog and version

pull/4664/head
Anton Kaliaev 5 years ago
committed by Tess Rinearson
parent
commit
4f88071324
3 changed files with 63 additions and 2 deletions
  1. +61
    -0
      CHANGELOG.md
  2. +1
    -1
      CHANGELOG_PENDING.md
  3. +1
    -1
      version/version.go

+ 61
- 0
CHANGELOG.md View File

@ -1,5 +1,66 @@
# Changelog # Changelog
## v0.33.3
*April 6, 2020*
This security release fixes:
### Denial of service 1
Tendermint 0.33.2 and earlier does not limit P2P connection requests number.
For each p2p connection, Tendermint allocates ~0.5MB. Even though this
memory is garbage collected once the connection is terminated (due to duplicate
IP or reaching a maximum number of inbound peers), temporary memory spikes can
lead to OOM (Out-Of-Memory) exceptions.
Tendermint 0.33.3 (and 0.32.10) limits the total number of P2P incoming
connection requests to to `p2p.max_num_inbound_peers +
len(p2p.unconditional_peer_ids)`.
Notes:
- Tendermint does not rate limit P2P connection requests per IP (an attacker
can saturate all the inbound slots);
- Tendermint does not rate limit HTTP(S) requests. If you expose any RPC
endpoints to the public, please make sure to put in place some protection
(https://www.nginx.com/blog/rate-limiting-nginx/). We may implement this in
the future ([\#1696](https://github.com/tendermint/tendermint/issues/1696)).
### Denial of service 2
Tendermint 0.33.2 and earlier does not reclaim `activeID` of a peer after it's
removed in `Mempool` reactor. This does not happen all the time. It only
happens when a connection fails (for any reason) before the Peer is created and
added to all reactors. `RemovePeer` is therefore called before `AddPeer`, which
leads to always growing memory (`activeIDs` map). The `activeIDs` map has a
maximum size of 65535 and the node will panic if this map reaches the maximum.
An attacker can create a lot of connection attempts (exploiting Denial of
service 1), which ultimately will lead to the node panicking.
Tendermint 0.33.3 (and 0.32.10) claims `activeID` for a peer in `InitPeer`,
which is executed before `MConnection` is started.
Notes:
- `InitPeer` function was added to all reactors to combat a similar issue -
[\#3338](https://github.com/tendermint/tendermint/issues/3338);
- Denial of service 2 is independent of Denial of service 1 and can be executed
without it.
**All clients are recommended to upgrade**
Special thanks to [fudongbai](https://hackerone.com/fudongbai) for finding
and reporting this.
Friendly reminder, we have a [bug bounty
program](https://hackerone.com/tendermint).
### SECURITY:
- [mempool] Reserve IDs in InitPeer instead of AddPeer (@tessr)
- [p2p] Limit the number of incoming connections (@melekes)
## v0.33.2 ## v0.33.2
*March 11, 2020* *March 11, 2020*


+ 1
- 1
CHANGELOG_PENDING.md View File

@ -1,4 +1,4 @@
## v0.33.3
## v0.33.4
- Nodes are no longer guaranteed to contain all blocks up to the latest height. The ABCI app can now control which blocks to retain through the ABCI field `ResponseCommit.retain_height`, all blocks and associated data below this height will be removed. - Nodes are no longer guaranteed to contain all blocks up to the latest height. The ABCI app can now control which blocks to retain through the ABCI field `ResponseCommit.retain_height`, all blocks and associated data below this height will be removed.


+ 1
- 1
version/version.go View File

@ -20,7 +20,7 @@ const (
// Must be a string because scripts like dist.sh read this file. // Must be a string because scripts like dist.sh read this file.
// XXX: Don't change the name of this variable or you will break // XXX: Don't change the name of this variable or you will break
// automation :) // automation :)
TMCoreSemVer = "0.33.2"
TMCoreSemVer = "0.33.3"
// ABCISemVer is the semantic version of the ABCI library // ABCISemVer is the semantic version of the ABCI library
ABCISemVer = "0.16.1" ABCISemVer = "0.16.1"


Loading…
Cancel
Save