Browse Source

add v0.31.10 changelog entry

pull/4050/head
Anton Kaliaev 5 years ago
parent
commit
7ac8443cc0
No known key found for this signature in database GPG Key ID: 7B6881D965918214
1 changed files with 23 additions and 0 deletions
  1. +23
    -0
      CHANGELOG.md

+ 23
- 0
CHANGELOG.md View File

@ -246,6 +246,29 @@ program](https://hackerone.com/tendermint).
- [node] [\#3716](https://github.com/tendermint/tendermint/issues/3716) Fix a bug where `nil` is recorded as node's address - [node] [\#3716](https://github.com/tendermint/tendermint/issues/3716) Fix a bug where `nil` is recorded as node's address
- [node] [\#3741](https://github.com/tendermint/tendermint/issues/3741) Fix profiler blocking the entire node - [node] [\#3741](https://github.com/tendermint/tendermint/issues/3741) Fix profiler blocking the entire node
## v0.31.10
*October 8, 2019*
The previous patch was insufficient because the attacker could still find a way
to submit a `nil` pubkey by constructing a `PubKeyMultisigThreshold` pubkey
with `nil` subpubkeys for example.
This release provides multiple fixes, which include recovering from panics when
accepting new peers and only allowing `ed25519` pubkeys.
**All clients are recommended to upgrade**
Special thanks to [fudongbai](https://hackerone.com/fudongbai) for pointing
this out.
Friendly reminder, we have a [bug bounty
program](https://hackerone.com/tendermint).
### SECURITY:
- [p2p] [\#4030](https://github.com/tendermint/tendermint/issues/4030) Only allow ed25519 pubkeys when connecting
## v0.31.9 ## v0.31.9
*October 1, 2019* *October 1, 2019*


Loading…
Cancel
Save