Cradicle Explorer
bitcoin
/ doc / release-notes / release-notes-0.10.3.md
release-notes-0.10.3.md
  1  Bitcoin Core version 0.10.3 is now available from:
  2  
  3    <https://bitcoin.org/bin/bitcoin-core-0.10.3/>
  4  
  5  This is a new minor version release, bringing security fixes and translation 
  6  updates. It is recommended to upgrade to this version as soon as possible.
  7  
  8  Please report bugs using the issue tracker at github:
  9  
 10    <https://github.com/bitcoin/bitcoin/issues>
 11  
 12  Upgrading and downgrading
 13  =========================
 14  
 15  How to Upgrade
 16  --------------
 17  
 18  If you are running an older version, shut it down. Wait until it has completely
 19  shut down (which might take a few minutes for older versions), then run the
 20  installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or
 21  bitcoind/bitcoin-qt (on Linux).
 22  
 23  Downgrade warning
 24  ------------------
 25  
 26  Because release 0.10.0 and later makes use of headers-first synchronization and
 27  parallel block download (see further), the block files and databases are not
 28  backwards-compatible with pre-0.10 versions of Bitcoin Core or other software:
 29  
 30  * Blocks will be stored on disk out of order (in the order they are
 31  received, really), which makes it incompatible with some tools or
 32  other programs. Reindexing using earlier versions will also not work
 33  anymore as a result of this.
 34  
 35  * The block index database will now hold headers for which no block is
 36  stored on disk, which earlier versions won't support.
 37  
 38  If you want to be able to downgrade smoothly, make a backup of your entire data
 39  directory. Without this your node will need start syncing (or importing from
 40  bootstrap.dat) anew afterwards. It is possible that the data from a completely
 41  synchronised 0.10 node may be usable in older versions as-is, but this is not
 42  supported and may break as soon as the older version attempts to reindex.
 43  
 44  This does not affect wallet forward or backward compatibility.
 45  
 46  Notable changes
 47  ===============
 48  
 49  Fix buffer overflow in bundled upnp
 50  ------------------------------------
 51  
 52  Bundled miniupnpc was updated to 1.9.20151008. This fixes a buffer overflow in
 53  the XML parser during initial network discovery.
 54  
 55  Details can be found here: http://talosintel.com/reports/TALOS-2015-0035/
 56  
 57  This applies to the distributed executables only, not when building from source or
 58  using distribution provided packages.
 59  
 60  Additionally, upnp has been disabled by default. This may result in a lower
 61  number of reachable nodes on IPv4, however this prevents future libupnpc
 62  vulnerabilities from being a structural risk to the network
 63  (see https://github.com/bitcoin/bitcoin/pull/6795).
 64  
 65  Test for LowS signatures before relaying
 66  -----------------------------------------
 67  
 68  Make the node require the canonical 'low-s' encoding for ECDSA signatures when
 69  relaying or mining.  This removes a nuisance malleability vector.
 70  
 71  Consensus behavior is unchanged.
 72  
 73  If widely deployed this change would eliminate the last remaining known vector
 74  for nuisance malleability on SIGHASH_ALL P2PKH transactions. On the down-side
 75  it will block most transactions made by sufficiently out of date software.
 76  
 77  Unlike the other avenues to change txids on transactions this
 78  one was randomly violated by all deployed bitcoin software prior to
 79  its discovery. So, while other malleability vectors where made
 80  non-standard as soon as they were discovered, this one has remained
 81  permitted. Even BIP62 did not propose applying this rule to
 82  old version transactions, but conforming implementations have become
 83  much more common since BIP62 was initially written.
 84  
 85  Bitcoin Core has produced compatible signatures since a28fb70e in
 86  September 2013, but this didn't make it into a release until 0.9
 87  in March 2014; Bitcoinj has done so for a similar span of time.
 88  Bitcoinjs and electrum have been more recently updated.
 89  
 90  This does not replace the need for BIP62 or similar, as miners can
 91  still cooperate to break transactions.  Nor does it replace the
 92  need for wallet software to handle malleability sanely[1]. This
 93  only eliminates the cheap and irritating DOS attack.
 94  
 95  [1] On the Malleability of Bitcoin Transactions
 96  Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, Łukasz Mazurek
 97  http://fc15.ifca.ai/preproceedings/bitcoin/paper_9.pdf
 98  
 99  Minimum relay fee default increase
100  -----------------------------------
101  
102  The default for the `-minrelaytxfee` setting has been increased from `0.00001`
103  to `0.00005`.
104  
105  This is necessitated by the current transaction flooding, causing
106  outrageous memory usage on nodes due to the mempool ballooning. This is a
107  temporary measure, bridging the time until a dynamic method for determining
108  this fee is merged (which will be in 0.12).
109  
110  (see https://github.com/bitcoin/bitcoin/pull/6793, as well as the 0.11.0
111  release notes, in which this value was suggested)
112  
113  0.10.3 Change log
114  =================
115  
116  Detailed release notes follow. This overview includes changes that affect external
117  behavior, not code moves, refactors or string updates.
118  
119  - #6186 `e4a7d51` Fix two problems in CSubnet parsing
120  - #6153 `ebd7d8d` Parameter interaction: disable upnp if -proxy set
121  - #6203 `ecc96f5` Remove P2SH coinbase flag, no longer interesting
122  - #6226 `181771b` json: fail read_string if string contains trailing garbage
123  - #6244 `09334e0` configure: Detect (and reject) LibreSSL
124  - #6276 `0fd8464` Fix getbalance * 0
125  - #6274 `be64204` Add option `-alerts` to opt out of alert system
126  - #6319 `3f55638` doc: update mailing list address
127  - #6438 `7e66e9c` openssl: avoid config file load/race
128  - #6439 `255eced` Updated URL location of netinstall for Debian
129  - #6412 `0739e6e` Test whether created sockets are select()able
130  - #6694 `f696ea1` [QT] fix thin space word wrap line brake issue
131  - #6704 `743cc9e` Backport bugfixes to 0.10
132  - #6769 `1cea6b0` Test LowS in standardness, removes nuisance malleability vector.
133  - #6789 `093d7b5` Update miniupnpc to 1.9.20151008
134  - #6795 `f2778e0` net: Disable upnp by default
135  - #6797 `91ef4d9` Do not store more than 200 timedata samples
136  - #6793 `842c48d` Bump minrelaytxfee default
137  
138  Credits
139  =======
140  
141  Thanks to everyone who directly contributed to this release:
142  
143  - Adam Weiss
144  - Alex Morcos
145  - Casey Rodarmor
146  - Cory Fields
147  - fanquake
148  - Gregory Maxwell
149  - Jonas Schnelli
150  - J Ross Nicoll
151  - Luke Dashjr
152  - Pavel Vasin
153  - Pieter Wuille
154  - randy-waterhouse
155  - ฿tcDrak
156  - Tom Harding
157  - Veres Lajos
158  - Wladimir J. van der Laan
159  
160  And all those who contributed additional code review and/or security research:
161  
162  - timothy on IRC for reporting the issue
163  - Vulnerability in miniupnp discovered by Aleksandar Nikolic of Cisco Talos
164  
165  As well as everyone that helped translating on [Transifex](https://www.transifex.com/projects/p/bitcoin/).