Skip to content

Commit b4d5fe2

Browse files
TheBlueMattTheBlueMatt
authored
Merge pull request lightningdevkit#3759 from TheBlueMatt/2025-04-0.1.3-relnotes
Add release notes and bump version for 0.1.3
2 parents b8e48ac + 0edff53 commit b4d5fe2

File tree

2 files changed

+27
-1
lines changed

2 files changed

+27
-1
lines changed

CHANGELOG.md

+26
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,27 @@
1+
# 0.1.3 - Apr 30, 2025 - "Routing Unicode in 2025"
2+
3+
## Bug Fixes
4+
* `Event::InvoiceReceived` is now only generated once for each `Bolt12Invoice`
5+
received matching a pending outbound payment. Previously it would be provided
6+
each time we received an invoice, which may happen many times if the sender
7+
sends redundant messages to improve success rates (#3658).
8+
* LDK's router now more fully saturates paths which are subject to HTLC
9+
maximum restrictions after the first hop. In some rare cases this can result
10+
in finding paths when it would previously spuriously decide it cannot find
11+
enough diverse paths (#3707, #3755).
12+
13+
## Security
14+
0.1.3 fixes a denial-of-service vulnerability which cause a crash of an
15+
LDK-based node if an attacker has access to a valid `Bolt12Offer` which the
16+
LDK-based node created.
17+
* A malicious payer which requests a BOLT 12 Invoice from an LDK-based node
18+
(via the `Bolt12InvoiceRequest` message) can cause the panic of the
19+
LDK-based node due to the way `String::truncate` handles UTF-8 codepoints.
20+
The codepath can only be reached once the received `Botlt12InvoiceRequest`
21+
has been authenticated to be based on a valid `Bolt12Offer` which the same
22+
LDK-based node issued (#3747, #3750).
23+
24+
125
# 0.1.2 - Apr 02, 2025 - "Foolishly Edgy Cases"
226

327
## API Updates
@@ -35,6 +59,7 @@
3559
vulnerable to pinning attacks if they are not yet claimable by our
3660
counterparty, potentially reducing our exposure to pinning attacks (#3564).
3761

62+
3863
# 0.1.1 - Jan 28, 2025 - "Onchain Matters"
3964

4065
## API Updates
@@ -71,6 +96,7 @@ cause force-closure of unrelated channels.
7196
when they broadcast the stale commitment (#3556). Thanks to Matt Morehouse for
7297
reporting this issue.
7398

99+
74100
# 0.1 - Jan 15, 2025 - "Human Readable Version Numbers"
75101

76102
The LDK 0.1 release represents an important milestone for the LDK project. While

lightning/Cargo.toml

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "lightning"
3-
version = "0.1.2"
3+
version = "0.1.3"
44
authors = ["Matt Corallo"]
55
license = "MIT OR Apache-2.0"
66
repository = "https://github.com/lightningdevkit/rust-lightning/"

0 commit comments

Comments
 (0)