Skip to content

Latest commit

 

History

History
180 lines (139 loc) · 8.08 KB

CHANGELOG.md

File metadata and controls

180 lines (139 loc) · 8.08 KB

CHANGELOG

v0.34.29

June 14, 2023

Provides several minor bug fixes, as well as fixes for several low-severity security issues.

BUG FIXES

  • [state/kvindex] Querying event attributes that are bigger than int64 is now enabled. (#771)
  • [pubsub] Pubsub queries are now able to parse big integers (larger than int64). Very big floats are also properly parsed into very big integers instead of being truncated to int64. (#771)

IMPROVEMENTS

  • [rpc] Remove response data from response failure logs in order to prevent large quantities of log data from being produced (#654)

SECURITY FIXES

  • [rpc/jsonrpc/client] Low severity - Prevent RPC client credentials from being inadvertently dumped to logs (#788)
  • [cmd/cometbft/commands/debug/kill] Low severity - Fix unsafe int cast in debug kill command (#794)
  • [consensus] Low severity - Avoid recursive call after rename to (*PeerState).MarshalJSON (#863)
  • [mempool/clist_mempool] Low severity - Prevent a transaction from appearing twice in the mempool (#890: @otrack)

v0.34.28

April 26, 2023

This release fixes several bugs, and has had to introduce one small Go API-breaking change in the crypto/merkle package in order to address what could be a security issue for some users who directly and explicitly make use of that code.

BREAKING CHANGES

  • [crypto/merkle] Do not allow verification of Merkle Proofs against empty trees (nil root). Proof.ComputeRootHash now panics when it encounters an error, but Proof.Verify does not panic (#558)

BUG FIXES

  • [consensus] Unexpected error conditions in ApplyBlock are non-recoverable, so ignoring the error and carrying on is a bug. We replaced a return that disregarded the error by a panic. (#496)
  • [consensus] Rename (*PeerState).ToJSON to MarshalJSON to fix a logging data race (#524)
  • [light] Fixed an edge case where a light client would panic when attempting to query a node that (1) has started from a non-zero height and (2) does not yet have any data. The light client will now, correctly, not panic and keep the node in its list of providers in the same way it would if it queried a node starting from height zero that does not yet have data (#575)

IMPROVEMENTS

v0.34.27

Feb 27, 2023

This is the first official release of CometBFT - a fork of Tendermint Core. This particular release is intended to be compatible with the Tendermint Core v0.34 release series.

For details as to how to upgrade to CometBFT from Tendermint Core, please see our upgrading guidelines.

If you have any questions, comments, concerns or feedback on this release, we would love to hear from you! Please contact us via GitHub Discussions, Discord (in the #cometbft channel) or Telegram.

Special thanks to @wcsiu, @ze97286, @faddat and @JayT106 for their contributions to this release!

BREAKING CHANGES

  • Rename binary to cometbft and Docker image to cometbft/cometbft (#152)
  • The TMHOME environment variable was renamed to CMTHOME, and all environment variables starting with TM_ are instead prefixed with CMT_ (#211)
  • Use Go 1.19 to build CometBFT, since Go 1.18 has reached end-of-life. (#360)

BUG FIXES

  • [consensus] Fixed a busy loop that happened when sending of a block part failed by sleeping in case of error. (#4)
  • [state/kvindexer] Resolved crashes when event values contained slashes, introduced after adding event sequences. (#383: @jmalicevic)
  • [consensus] Short-term fix for the case when needProofBlock cannot find previous block meta by defaulting to the creation of a new proof block. (#386: @adizere)
    • Special thanks to the Vega.xyz team, and in particular to Zohar (@ze97286), for reporting the problem and working with us to get to a fix.
  • [p2p] Correctly use non-blocking TrySendEnvelope method when attempting to send messages, as opposed to the blocking SendEnvelope method. It is unclear whether this has a meaningful impact on P2P performance, but this patch does correct the underlying behaviour to what it should be (tendermint/tendermint#9936)

DEPENDENCIES

FEATURES

  • [rpc] Add match_event query parameter to indicate to the RPC that it should match events within attributes, not only within a height (tendermint/tendermint#9759)

IMPROVEMENTS

  • [e2e] Add functionality for uncoordinated (minor) upgrades (#56)
  • [tools/tm-signer-harness] Remove the folder as it is unused (#136)
  • Append the commit hash to the version of CometBFT being built (#204)
  • [mempool/v1] Suppress "rejected bad transaction" in priority mempool logs by reducing log level from info to debug (#314: @JayT106)
  • [consensus] Add consensus_block_gossip_parts_received and consensus_step_duration_seconds metrics in order to aid in investigating the impact of database compaction on consensus performance (tendermint/tendermint#9733)
  • [state/kvindexer] Add match.event keyword to support condition evaluation based on the event the attributes belong to (tendermint/tendermint#9759)
  • [p2p] Reduce log spam through reducing log level of "Dialing peer" and "Added peer" messages from info to debug (tendermint/tendermint#9764: @faddat)
  • [consensus] Reduce bandwidth consumption of consensus votes by roughly 50% through fixing a small logic bug (tendermint/tendermint#9776)

CometBFT is a fork of Tendermint Core as of late December 2022.

Bug bounty

Friendly reminder, we have a bug bounty program.

Previous changes

For changes released before the creation of CometBFT, please refer to the Tendermint Core CHANGELOG.md.