Skip to content

Add release notes and bump version for 0.1.3 #3759

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Apr 30, 2025
Merged

Add release notes and bump version for 0.1.3 #3759

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8e962d7
Add release notes for LDK 0.1.3
TheBlueMatt Apr 30, 2025
0edff53
Bump the `lightning` crate to 0.1.3
TheBlueMatt Apr 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,27 @@
# 0.1.3 - Apr 30, 2025 - "Routing Unicode in 2025"

## Bug Fixes
* `Event::InvoiceReceived` is now only generated once for each `Bolt12Invoice`
received matching a pending outbound payment. Previously it would be provided
each time we received an invoice, which may happen many times if the sender
sends redundant messages to improve success rates (#3658).
* LDK's router now more fully saturates paths which are subject to HTLC
maximum restrictions after the first hop. In some rare cases this can result
in finding paths when it would previously spuriously decide it cannot find
enough diverse paths (#3707, #3755).

## Security
0.1.3 fixes a denial-of-service vulnerability which cause a crash of an
LDK-based node if an attacker has access to a valid `Bolt12Offer` which the
LDK-based node created.
* A malicious payer which requests a BOLT 12 Invoice from an LDK-based node
(via the `Bolt12InvoiceRequest` message) can cause the panic of the
LDK-based node due to the way `String::truncate` handles UTF-8 codepoints.
The codepath can only be reached once the received `Botlt12InvoiceRequest`
has been authenticated to be based on a valid `Bolt12Offer` which the same
LDK-based node issued (#3747, #3750).


# 0.1.2 - Apr 02, 2025 - "Foolishly Edgy Cases"

## API Updates
Expand Down Expand Up @@ -35,6 +59,7 @@
vulnerable to pinning attacks if they are not yet claimable by our
counterparty, potentially reducing our exposure to pinning attacks (#3564).


# 0.1.1 - Jan 28, 2025 - "Onchain Matters"

## API Updates
Expand Down Expand Up @@ -71,6 +96,7 @@ cause force-closure of unrelated channels.
when they broadcast the stale commitment (#3556). Thanks to Matt Morehouse for
reporting this issue.


# 0.1 - Jan 15, 2025 - "Human Readable Version Numbers"

The LDK 0.1 release represents an important milestone for the LDK project. While
Expand Down
2 changes: 1 addition & 1 deletion lightning/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "lightning"
version = "0.1.2"
version = "0.1.3"
authors = ["Matt Corallo"]
license = "MIT OR Apache-2.0"
repository = "https://github.com/lightningdevkit/rust-lightning/"
Expand Down
Loading