From 2af25aea6cfe6ac4ddac40ceddfb8c8eee17d0e6 Mon Sep 17 00:00:00 2001 From: Thane Thomson Date: Wed, 26 Apr 2023 07:01:53 -0400 Subject: [PATCH] Release v0.37.1 (#757) * Prepare v0.37.1 release changelog Signed-off-by: Thane Thomson * Build changelog Signed-off-by: Thane Thomson * Add upgrading guidelines entry Signed-off-by: Thane Thomson * Bump version to 0.37.1 Signed-off-by: Thane Thomson * Rename Tendermint Core to CometBFT on v0.37.x branch Signed-off-by: Thane Thomson * Update release date Signed-off-by: Thane Thomson --------- Signed-off-by: Thane Thomson --- .../breaking-changes/558-tm10011.md | 0 .../496-error-on-applyblock-should-panic.md | 0 .../bug-fixes/524-rename-peerstate-tojson.md | 0 .../bug-fixes/575-fix-light-client-panic.md | 0 .../638-json-rpc-error-message.md | 0 .changelog/v0.37.1/summary.md | 6 ++++ CHANGELOG.md | 33 +++++++++++++++++++ UPGRADING.md | 13 ++++++-- version/version.go | 2 +- 9 files changed, 50 insertions(+), 4 deletions(-) rename .changelog/{unreleased => v0.37.1}/breaking-changes/558-tm10011.md (100%) rename .changelog/{unreleased => v0.37.1}/bug-fixes/496-error-on-applyblock-should-panic.md (100%) rename .changelog/{unreleased => v0.37.1}/bug-fixes/524-rename-peerstate-tojson.md (100%) rename .changelog/{unreleased => v0.37.1}/bug-fixes/575-fix-light-client-panic.md (100%) rename .changelog/{unreleased => v0.37.1}/improvements/638-json-rpc-error-message.md (100%) create mode 100644 .changelog/v0.37.1/summary.md diff --git a/.changelog/unreleased/breaking-changes/558-tm10011.md b/.changelog/v0.37.1/breaking-changes/558-tm10011.md similarity index 100% rename from .changelog/unreleased/breaking-changes/558-tm10011.md rename to .changelog/v0.37.1/breaking-changes/558-tm10011.md diff --git a/.changelog/unreleased/bug-fixes/496-error-on-applyblock-should-panic.md b/.changelog/v0.37.1/bug-fixes/496-error-on-applyblock-should-panic.md similarity index 100% rename from .changelog/unreleased/bug-fixes/496-error-on-applyblock-should-panic.md rename to .changelog/v0.37.1/bug-fixes/496-error-on-applyblock-should-panic.md diff --git a/.changelog/unreleased/bug-fixes/524-rename-peerstate-tojson.md b/.changelog/v0.37.1/bug-fixes/524-rename-peerstate-tojson.md similarity index 100% rename from .changelog/unreleased/bug-fixes/524-rename-peerstate-tojson.md rename to .changelog/v0.37.1/bug-fixes/524-rename-peerstate-tojson.md diff --git a/.changelog/unreleased/bug-fixes/575-fix-light-client-panic.md b/.changelog/v0.37.1/bug-fixes/575-fix-light-client-panic.md similarity index 100% rename from .changelog/unreleased/bug-fixes/575-fix-light-client-panic.md rename to .changelog/v0.37.1/bug-fixes/575-fix-light-client-panic.md diff --git a/.changelog/unreleased/improvements/638-json-rpc-error-message.md b/.changelog/v0.37.1/improvements/638-json-rpc-error-message.md similarity index 100% rename from .changelog/unreleased/improvements/638-json-rpc-error-message.md rename to .changelog/v0.37.1/improvements/638-json-rpc-error-message.md diff --git a/.changelog/v0.37.1/summary.md b/.changelog/v0.37.1/summary.md new file mode 100644 index 000000000..ba3efa9d7 --- /dev/null +++ b/.changelog/v0.37.1/summary.md @@ -0,0 +1,6 @@ +*April 26, 2023* + +This release fixes several bugs, and has had to introduce one small Go +API-breaking change in the `crypto/merkle` package in order to address what +could be a security issue for some users who directly and explicitly make use of +that code. diff --git a/CHANGELOG.md b/CHANGELOG.md index c61b66f12..964b002f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,38 @@ # CHANGELOG +## v0.37.1 + +*April 26, 2023* + +This release fixes several bugs, and has had to introduce one small Go +API-breaking change in the `crypto/merkle` package in order to address what +could be a security issue for some users who directly and explicitly make use of +that code. + +### BREAKING CHANGES + +- `[crypto/merkle]` Do not allow verification of Merkle Proofs against empty trees (`nil` root). `Proof.ComputeRootHash` now panics when it encounters an error, but `Proof.Verify` does not panic + ([\#558](https://github.com/cometbft/cometbft/issues/558)) + +### BUG FIXES + +- `[consensus]` Unexpected error conditions in `ApplyBlock` are non-recoverable, so ignoring the error and carrying on is a bug. We replaced a `return` that disregarded the error by a `panic`. + ([\#496](https://github.com/cometbft/cometbft/pull/496)) +- `[consensus]` Rename `(*PeerState).ToJSON` to `MarshalJSON` to fix a logging data race + ([\#524](https://github.com/cometbft/cometbft/pull/524)) +- `[light]` Fixed an edge case where a light client would panic when attempting + to query a node that (1) has started from a non-zero height and (2) does + not yet have any data. The light client will now, correctly, not panic + _and_ keep the node in its list of providers in the same way it would if + it queried a node starting from height zero that does not yet have data + ([\#575](https://github.com/cometbft/cometbft/issues/575)) + +### IMPROVEMENTS + +- `[jsonrpc/client]` Improve the error message for client errors stemming from + bad HTTP responses. + ([cometbft/cometbft\#638](https://github.com/cometbft/cometbft/pull/638)) + ## v0.37.0 *March 6, 2023* diff --git a/UPGRADING.md b/UPGRADING.md index 10ddabd26..7473556c2 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -1,7 +1,14 @@ -# Upgrading Tendermint Core +# Upgrading CometBFT -This guide provides instructions for upgrading to specific versions of -Tendermint Core. +This guide provides instructions for upgrading to specific versions of CometBFT. + +## v0.37.1 + +For users explicitly making use of the Go APIs provided in the `crypto/merkle` +package, please note that, in order to fix a potential security issue, we had to +make a breaking change here. This change should only affect a small minority of +users. For more details, please see +[\#557](https://github.com/cometbft/cometbft/issues/557). ## v0.37.0 diff --git a/version/version.go b/version/version.go index 3f7968bd3..fc7b20968 100644 --- a/version/version.go +++ b/version/version.go @@ -5,7 +5,7 @@ const ( // The default version of TMCoreSemVer is the value used as the // fallback version of CometBFT when not using git describe. // It is formatted with semantic versioning. - TMCoreSemVer = "0.37.0" + TMCoreSemVer = "0.37.1" // ABCISemVer is the semantic version of the ABCI protocol ABCISemVer = "1.0.0" ABCIVersion = ABCISemVer