|
49 | 49 | * Several spurious debug assertions were fixed (#4537, #4618). |
50 | 50 |
|
51 | 51 | ## Security |
52 | | -0.1.10 fixes a sanitization issue. |
| 52 | +0.1.10 fixes a sanitization issue and several denial-of-service vulnerabilities. |
| 53 | + * `Bolt11Invoice::recover_payee_pub_key` no longer panics if called on an |
| 54 | + invoice which set an explicit public key, rather than relying on public key |
| 55 | + recovery. This method is called from `payment_parameters_from_invoice` and |
| 56 | + `payment_parameters_from_variable_amount_invoice` (#4717). |
| 57 | + * Maliciously-crafted unpayable invoices which have overflowing feerates will |
| 58 | + no longer cause an `unwrap` failure panic (#4716). |
| 59 | + * `possiblyrandom` did not properly generate random data except when it was |
| 60 | + explicitly configured to. By default this means LDK is vulnerable to various |
| 61 | + HashDoS attacks (#4719). |
| 62 | + * `OMNameResolver` will no longer panic when looking up payment instructions |
| 63 | + which include unicode characters at the start of a TXT record (#4718). |
53 | 64 | * `PrintableString` did not properly sanitize unicode format characters, |
54 | 65 | allowing an attacker to corrupt the rendering of logs or UI (#4593, #4605). |
| 66 | + * RGS data is now limited in how large of a graph it is able to cause a client |
| 67 | + to store in memory. Note that RGS data is still considered a DoS vector in |
| 68 | + general and you should only use semi-trusted RGS data (#4713). |
| 69 | + * Counterparty-provided strings in failure messages are no longer logged in |
| 70 | + full, reducing the ability of such a counterparty to spam our logs (#4714). |
| 71 | + * Reading a corrupted `ChannelManager` or `ProbabilisticScorer` can no longer |
| 72 | + cause us to allocate large amounts of memory (#4712). |
55 | 73 |
|
56 | 74 | Thanks to Project Loupe for reporting most of the issues fixed in this release. |
57 | 75 |
|
|
0 commit comments