Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump minimum required Bitcoin Core version from 0.18 to 22.0 #1719

Merged
merged 1 commit into from
Aug 9, 2024
Merged

Bump minimum required Bitcoin Core version from 0.18 to 22.0 #1719

merged 1 commit into from
Aug 9, 2024

Conversation

kristapsk
Copy link
Member

@kristapsk kristapsk commented Jul 10, 2024
edited
Loading

There have been multiple vulnerabilities disclosed for older versions, we should not recommend people using them.

@kristapsk
Copy link
Member Author

For reviewers - please check that I haven't missed any mentions of older Bitcoin Core versions somewhere.

@kristapsk kristapsk added security dependencies Pull requests that update a dependency file Testing documentation labels Jul 10, 2024
MarnixCroes
MarnixCroes reviewed Jul 10, 2024
View reviewed changes
Copy link
Contributor

@MarnixCroes MarnixCroes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cACK

here is a mention too

joinmarket-clientserver/docs/TESTING.md

Line 3 in 30874b7

Work in your `jmvenv` virtual environment as for all Joinmarket work. Make sure to have [bitcoind](https://bitcoin.org/en/full-node) 0.18 or newer installed. Also need miniircd installed to the root (i.e. in your `joinmarket-clientserver` directory):

@MarnixCroes
Copy link
Contributor

why v20 and not 21?
there are also three disclosure for v20 version(s)

@kristapsk
Copy link
Member Author

why v20 and not 21? there are also three disclosure for v20 version(s)

Ohh, right! Looked at https://bitcoincore.org recent posts, but they announced so many at the same time as separate posts that to see v20, one must open https://bitcoincore.org/en/blog/ with more history.

@kristapsk kristapsk marked this pull request as draft July 10, 2024 07:59
@kristapsk kristapsk force-pushed the min-bitcoin-core-0.18 branch from 81607a6 to c51db62 Compare July 10, 2024 15:32
@kristapsk kristapsk changed the title Bump minimum required Bitcoin Core version from 0.18 to 0.20 Bump minimum required Bitcoin Core version from 0.18 to 0.21 Jul 10, 2024
@kristapsk
Copy link
Member Author

why v20 and not 21? there are also three disclosure for v20 version(s)

Ohh, right! Looked at https://bitcoincore.org recent posts, but they announced so many at the same time as separate posts that to see v20, one must open https://bitcoincore.org/en/blog/ with more history.

Updated from v20 to v21.

@kristapsk kristapsk marked this pull request as ready for review July 10, 2024 15:34
@kristapsk kristapsk force-pushed the min-bitcoin-core-0.18 branch from c51db62 to 902289c Compare July 10, 2024 16:40
MarnixCroes
MarnixCroes approved these changes Jul 11, 2024
View reviewed changes
Copy link
Contributor

@MarnixCroes MarnixCroes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm 902289c

@MarnixCroes
Copy link
Contributor

new ones got disclosed, for <v22.
bitcoin-core/bitcoincore.org#1049

and iirc the next one will be disclosed in september and then another later this year.

I think bumping the min version still makes sense, just to keep in mind that it will need to be bumped more regularly

@kristapsk kristapsk force-pushed the min-bitcoin-core-0.18 branch from 902289c to 6b46239 Compare August 2, 2024 14:28
@kristapsk
Copy link
Member Author

new ones got disclosed, for <v22. bitcoin-core/bitcoincore.org#1049

and iirc the next one will be disclosed in september and then another later this year.

I think bumping the min version still makes sense, just to keep in mind that it will need to be bumped more regularly

Thanks for notifying, updated to v22.

@kristapsk kristapsk changed the title Bump minimum required Bitcoin Core version from 0.18 to 0.21 Bump minimum required Bitcoin Core version from 0.18 to 0.22 Aug 2, 2024
@kristapsk
Bump minimum required Bitcoin Core version from 0.18 to 22.0
ee4a3fa 
There have been multiple vulnerabilities disclosed for older versions, we should not recommend people using them.

* Disclosure of memory DoS due to malicious P2P message - https://bitcoincore.org/en/2024/07/03/disclose-inv-buffer-blowup/
* Disclosure of CPU DoS due to malicious P2P message - https://bitcoincore.org/en/2024/07/03/disclose-getdata-cpu/
* Disclosure of crash due to malicious BIP72 URI - https://bitcoincore.org/en/2024/07/03/disclose-bip70-crash/
* Disclosure of netsplit due to malicious P2P messages by first 200 peers - https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/
* Disclosure of CPU/memory DoS due to many malicious peers - https://bitcoincore.org/en/2024/07/03/disclose-unbounded-banlist/
* Disclosure of censoring unconfirmed transactions to a specific victim - https://bitcoincore.org/en/2024/07/03/disclose_already_asked_for/
* Security advisories for bugs fixed as of Bitcoin Core v22.0 - bitcoin-core/bitcoincore.org#1049
@kristapsk kristapsk force-pushed the min-bitcoin-core-0.18 branch from 6b46239 to ee4a3fa Compare August 9, 2024 09:19
@kristapsk kristapsk changed the title Bump minimum required Bitcoin Core version from 0.18 to 0.22 Bump minimum required Bitcoin Core version from 0.18 to 22.0 Aug 9, 2024
@kristapsk
Copy link
Member Author

kristapsk commented Aug 9, 2024
edited
Loading

This had been open for long enough time, there were no objections, merging.

@kristapsk kristapsk merged commit 75e0bc4 into JoinMarket-Org:master Aug 9, 2024
11 checks passed
@kristapsk kristapsk deleted the min-bitcoin-core-0.18 branch August 9, 2024 10:06
@kristapsk kristapsk mentioned this pull request Sep 19, 2024
Merged
kristapsk added a commit that referenced this pull request Sep 20, 2024
@kristapsk
Merge #1731: Bump minimum required Bitcoin Core version from 22.0 to …
cd0f46b 
…24.0.1

b456968 Bump minimum required Bitcoin Core version from 22.0 to 24.0.1 (Kristaps Kaupe)

Pull request description:

  Security vulnerability has been disclosed for versions older than 24.0.1, which are also currently EOL. https://bitcoincore.org/en/2024/09/18/disclose-headers-oom/

  Similar to #1719.

Top commit has no ACKs.

Tree-SHA512: a922aaece30abb116f3155c68484b6bca2a8593d3f462b711cfbd1b03781606eee1e6f348d9e2d35a67b65121a6faaba617d9b6f58502d705c81c43ea145ea31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MarnixCroes MarnixCroes MarnixCroes approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file documentation security Testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kristapsk @MarnixCroes