Skip to content

Version 0.30.0 [2020-11-09]

Compare
Choose a tag to compare
@mxinden mxinden released this 10 Nov 08:20
· 2138 commits to master since this release
v0.30.0
fabb00c

Among other changes, this release adds a requirement across all crates for multihash >= v0.11.3. Rust-libp2p versions in combination with multihash < v0.11.3 are vulnerable to DoS attacks. Given that e.g. PeerId::from_bytes is called with unsanitized data from possibly untrusted sources this call can panic with multihash < v0.11.3 see RustSec for details.

In case you run libp2p in untrusted environments please either (a) update to libp2p v0.30.0 or (b) make sure to run with multihash >=v0.11.3 via your downstream Cargo.lock file.

As always all other contained changes are listed in our CHANGELOG.md.