Browse Source

changelog: update 0.34.3 changelog with details on security vuln (#6108)

Closes #6095.
pull/6111/head
Tess Rinearson 4 years ago
committed by GitHub
parent
commit
df0b868415
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions
  1. +6
    -5
      CHANGELOG.md

+ 6
- 5
CHANGELOG.md View File

@ -22,18 +22,19 @@ Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermi
*January 19, 2021* *January 19, 2021*
This release includes a fix for a high-severity security vulnerability.
More information on this vulnerability will be released on January 26, 2021
and this changelog will be updated.
This release includes a fix for a high-severity security vulnerability,
a DoS-vector that impacted Tendermint Core v0.34.0-v0.34.2. For more details, see
[Security Advisory Mulberry](https://github.com/tendermint/tendermint/security/advisories/GHSA-p658-8693-mhvg)
or https://nvd.nist.gov/vuln/detail/CVE-2021-21271.
It also updates GoGo Protobuf to 1.3.2 in order to pick up the fix for
Tendermint Core v0.34.3 also updates GoGo Protobuf to 1.3.2 in order to pick up the fix for
https://nvd.nist.gov/vuln/detail/CVE-2021-3121. https://nvd.nist.gov/vuln/detail/CVE-2021-3121.
Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermint). Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermint).
### BUG FIXES ### BUG FIXES
- [evidence] [N/A] Use correct source of evidence time (@cmwaters)
- [evidence] [[security fix]](https://github.com/tendermint/tendermint/security/advisories/GHSA-p658-8693-mhvg) Use correct source of evidence time (@cmwaters)
- [proto] [\#5886](https://github.com/tendermint/tendermint/pull/5889) Bump gogoproto to 1.3.2 (@marbar3778) - [proto] [\#5886](https://github.com/tendermint/tendermint/pull/5889) Bump gogoproto to 1.3.2 (@marbar3778)
## v0.34.2 ## v0.34.2


Loading…
Cancel
Save