projects / rust-lightning / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #1398 from jkczyz/2022-03-middle-hop-fix
[rust-lightning] / CHANGELOG.md
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 780b6720dba80db930f57aadac92293d0be5e506..c353a1bb99365ab82ae2e5767a13c8aa2654b637 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -78,8 +78,19 @@
    0.0.104 or before and then upgrading again will invalidate existing phantom
    SCIDs which may be included in invoices (#1199).
 
-In total, this release features 108 files changed, 6914 insertions, 2095
-deletions in 102 commits from 15 authors, in alphabetical order:
+## Security
+0.0.105 fixes two denial-of-service vulnerabilities which may be reachable from
+untrusted input in certain application designs.
+
+ * Route calculation spuriously panics when a routing decision is made for a
+   path where the second-to-last hop is a private channel, included due to a
+   multi-hop route hint in an invoice.
+ * `ChannelMonitor::get_claimable_balances` spuriously panics in some scenarios
+   when the LDK application's local commitment transaction is confirmed while
+   HTLCs are still pending resolution.
+
+In total, this release features 109 files changed, 7270 insertions, 2131
+deletions in 108 commits from 15 authors, in alphabetical order:
  * Conor Okus
  * Devrandom
  * Elias Rohrer
Personal fork of Rust-Lightning. Upstream is https://github.com/rust-bitcoin/rust-lightning