1  Bitcoin Core version 0.9.1 is now available from:
 2  
 3    https://bitcoin.org/bin/0.9.1/
 4  
 5  This is a security update. It is recommended to upgrade to this release
 6  as soon as possible.
 7  
 8  It is especially important to upgrade if you currently have version
 9  0.9.0 installed and are using the graphical interface OR you are using
10  bitcoind from any pre-0.9.1 version, and have enabled SSL for RPC and
11  have configured allowip to allow rpc connections from potentially
12  hostile hosts.
13  
14  Please report bugs using the issue tracker at github:
15  
16    https://github.com/bitcoin/bitcoin/issues
17  
18  How to Upgrade
19  --------------
20  
21  If you are running an older version, shut it down. Wait until it has completely
22  shut down (which might take a few minutes for older versions), then run the
23  installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or
24  bitcoind/bitcoin-qt (on Linux).
25  
26  If you are upgrading from version 0.7.2 or earlier, the first time you run
27  0.9.1 your blockchain files will be re-indexed, which will take anywhere from 
28  30 minutes to several hours, depending on the speed of your machine.
29  
30  0.9.1 Release notes
31  =======================
32  
33  No code changes were made between 0.9.0 and 0.9.1. Only the dependencies were changed.
34  
35  - Upgrade OpenSSL to 1.0.1g. This release fixes the following vulnerabilities which can
36    affect the Bitcoin Core software:
37  
38    - CVE-2014-0160 ("heartbleed")
39      A missing bounds check in the handling of the TLS heartbeat extension can
40      be used to reveal up to 64k of memory to a connected client or server.
41  
42    - CVE-2014-0076
43      The Montgomery ladder implementation in OpenSSL does not ensure that
44      certain swap operations have a constant-time behavior, which makes it
45      easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache
46      side-channel attack.
47  
48  - Add statically built executables to Linux build
49  
50  Credits
51  --------
52  
53  Credits go to the OpenSSL team for fixing the vulnerabilities quickly.