Skip to content

Version 0.30.0 [2020-11-09]
Compare
Choose a tag to compare
@mxinden mxinden released this 10 Nov 08:20
· 2112 commits to master since this release
v0.30.0
This tag was signed with the committer’s verified signature. The key has expired.
mxinden Max Inden
GPG key ID: 5403C5464810BC26
Expired
Learn about vigilant mode.
fabb00c
This commit was signed with the committer’s verified signature. The key has expired.
mxinden Max Inden
GPG key ID: 5403C5464810BC26
Expired
Learn about vigilant mode.

Among other changes, this release adds a requirement across all crates for multihash >= v0.11.3. Rust-libp2p versions in combination with multihash < v0.11.3 are vulnerable to DoS attacks. Given that e.g. PeerId::from_bytes is called with unsanitized data from possibly untrusted sources this call can panic with multihash < v0.11.3 see RustSec for details.

In case you run libp2p in untrusted environments please either (a) update to libp2p v0.30.0 or (b) make sure to run with multihash >=v0.11.3 via your downstream Cargo.lock file.

As always all other contained changes are listed in our CHANGELOG.md.

Assets 2
Loading