Release Notes and CHANGELOG for v0.41.1

CHANGELOG.md

@@ -31,25 +31,25 @@ Types of changes (Stanzas):
 "State Machine Breaking" for any changes that result in a different AppState given same genesisState and txList.
 Ref: https://keepachangelog.com/en/1.0.0/
 -->
-# Unreleased
-
-### Improvements
-
-* (x/ibc) [\#8458](https://github.com/cosmos/cosmos-sdk/pull/8458) Add `packet_connection` attribute to ibc events to enable relayer filtering
 
 # Changelog
 
-## Unreleased
+## [v0.41.1](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.41.1) - 2021-02-17
 
 ### Bug Fixes
 
+* (grpc) [\#8549](https://github.com/cosmos/cosmos-sdk/pull/8549) Make gRPC requests go through ABCI and disallow concurrency.
+* (x/staking) [\#8546](https://github.com/cosmos/cosmos-sdk/pull/8546) Fix caching bug where concurrent calls to GetValidator could cause a node to crash
 * (server) [\#8481](https://github.com/cosmos/cosmos-sdk/pull/8481) Don't create files when running `{appd} tendermint show-*` subcommands.
 * (client/keys) [\#8436](https://github.com/cosmos/cosmos-sdk/pull/8436) Fix keybase->keyring keys migration.
+* (crypto/hd) [\#8607](https://github.com/cosmos/cosmos-sdk/pull/8607) Make DerivePrivateKeyForPath error and not panic on trailing slashes.
 
 ### Improvements
 
+* (x/ibc) [\#8458](https://github.com/cosmos/cosmos-sdk/pull/8458) Add `packet_connection` attribute to ibc events to enable relayer filtering
 * [\#8396](https://github.com/cosmos/cosmos-sdk/pull/8396) Add support for ARM platform
 * (x/bank) [\#8479](https://github.com/cosmos/cosmos-sdk/pull/8479) Aditional client denom metadata validation for `base` and `display` denoms.
+* (codec/types) [\#8605](https://github.com/cosmos/cosmos-sdk/pull/8605) Avoid unnecessary allocations for NewAnyWithCustomTypeURL on error.
 
 ## [v0.41.0](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.41.0) - 2021-01-26
 

RELEASE_NOTES.md

@@ -1,30 +1,39 @@
-# Cosmos SDK v0.41.0 "Stargate" Release Notes
+# Cosmos SDK v0.41.1 "Stargate" Release Notes
 
-This release includes two breaking changes, and a few minor bugfixes.
+This release includes two security patches, and does not introduce any breaking changes. It is **highly recommended** that all applications using v0.41.0 upgrade to v0.41.1 as soon as possible.
 
-See the [Cosmos SDK v0.41.0 milestone](https://github.com/cosmos/cosmos-sdk/milestone/37?closed=1) on our issue tracker for details.
+See the [Cosmos SDK v0.41.1 milestone](https://github.com/cosmos/cosmos-sdk/milestone/38?closed=1) on our issue tracker for details.
 
-### Support Amino JSON for IBC MsgTransfer
+### Security Patch #1: All gRPC requests are now routed through ABCI
 
-This change **breaks state backward compatibility**.
+When Tendermint commits a new block, the `versions` map in IAVL MutableTree is updated. If, at the same time, a concurrent gRPC request is performed, it will read the same `versions` map, causing the node to crash.
 
-At the moment hardware wallets are [unable to sign messages using `SIGN_MODE_DIRECT` because the cosmos ledger app does not support proto encoding and`SIGN_MODE_TEXTUAL` is not available yet](https://https://github.com/cosmos/cosmos-sdk/issues/8266).
+The patch consists of routing all gRPC requests through ABCI. The Go implementation of ABCI uses global lock on all requests, making them linearizable (received one at a time) which in turn prevents concurrent map reads and writes.
 
-In order to enable hardware wallets users to interact with IBC, amino JSON support was added to `MsgTransfer` only.
+We are exploring on ways of introducing concurrent gRPC queries in [#8591](https://github.com/cosmos/cosmos-sdk/issues/8591).
 
-### Counterparty.ChannelID not available in OnChanOpenAck callback implementation.
+This bug has been reported via HackerOne.
 
-This change **breaks state backward compatibility**.
+### Security Patch #2: Remove `GetValidator` cache map
 
-In a previous version the `Counterparty.ChannelID` was available for an `OnChanOpenAck` callback implementation (read via `channelKeeper.GetChannel()`. Due to a regression, the channelID is currently empty.
+The `x/staking` keeper holds an internal `validatorCache` cache map of validators. When multipile gRPC queries are performed simulataneously, concurrent reads and writes of this map can happen, causing the node to crash.
 
-The issue has been fixed by reordering IBC `ChanOpenAck` and `ChanOpenConfirm` to execute the core handlers logic first, followed by application callbacks.
+The patch removes the `validatorCache` altogether. Benchmarks show that the removal of the cache map even increases performance.
 
-It breaks state backward compatibility because the current change consumes more gas, which means that in an updated node a TX might fail because it ran out of gas whilst in older versions it would be successful.
+Is is important to note that the Security Patch #1 should also fix this bug, as it forces synchronous gRPC queries and therefore synchronous map reads/writes. However, it was deemed useful to include this bugfix too in this release.
 
-### Bug Fixes
+### Bug Fixes & Improvements
 
-Now `x/bank` correctly verifies balances and metadata at init genesis stage.
+Several bug fixes and non-breaking improvements are included in this release.
 
-`simapp` correctly adds the coins of genesis accounts to supply.
+Tendermint has been bumped to v0.34.4 to address a memory leak.
 
+Environment variables are now correctly populated to CLI flags. When using the Tendermint subcommands `tendermint show-*` from the CLI, the SDK doesn't create new files anymore.
+
+Keyring imports from older versions are fixed.
+
+Additional validation for client denom metadata has been added.
+
+On the IBC side, a `packet_connection` attribute has been added to IBC events to enable relayer filtering.
+
+For the full change log, please see the [CHANGELOG](https://github.com/cosmos/cosmos-sdk/blob/v0.41.0/CHANGELOG.md).