X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=CHANGELOG.md;h=3e473a22a1cd0b86fe1dc18d0c1c0f98ff58f6d2;hb=refs%2Fheads%2Fupstream%2Fmain;hp=7736ce67ec6644c0aedd11ef0eed2d91427d9da0;hpb=a922830ebbea1207d178b455237abe5474598026;p=rust-lightning diff --git a/CHANGELOG.md b/CHANGELOG.md index 7736ce67..f3108ae4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,1131 @@ +# 0.0.123 - May 08, 2024 - "BOLT12 Dust Sweeping" + +## API Updates + + * To reduce risk of force-closures and improve HTLC reliability the default + dust exposure limit has been increased to + `MaxDustHTLCExposure::FeeRateMultiplier(10_000)`. Users with existing + channels might want to consider using + `ChannelManager::update_channel_config` to apply the new default (#3045). + * `ChainMonitor::archive_fully_resolved_channel_monitors` is now provided to + remove from memory `ChannelMonitor`s that have been fully resolved on-chain + and are now not needed. It uses the new `Persist::archive_persisted_channel` + to inform the storage layer that such a monitor should be archived (#2964). + * An `OutputSweeper` is now provided which will automatically sweep + `SpendableOutputDescriptor`s, retrying until the sweep confirms (#2825). + * After initiating an outbound channel, a peer disconnection no longer results + in immediate channel closure. Rather, if the peer is reconnected before the + channel times out LDK will automatically retry opening it (#2725). + * `PaymentPurpose` now has separate variants for BOLT12 payments, which + include fields from the `invoice_request` as well as the `OfferId` (#2970). + * `ChannelDetails` now includes a list of in-flight HTLCs (#2442). + * `Event::PaymentForwarded` now includes `skimmed_fee_msat` (#2858). + * The `hashbrown` dependency has been upgraded and the use of `ahash` as the + no-std hash table hash function has been removed. As a consequence, LDK's + `Hash{Map,Set}`s no longer feature several constructors when LDK is built + with no-std; see the `util::hash_tables` module instead. On platforms that + `getrandom` supports, setting the `possiblyrandom/getrandom` feature flag + will ensure hash tables are resistant to HashDoS attacks, though the + `possiblyrandom` crate should detect most common platforms (#2810, #2891). + * `ChannelMonitor`-originated requests to the `ChannelSigner` can now fail and + be retried using `ChannelMonitor::signer_unblocked` (#2816). + * `SpendableOutputDescriptor::to_psbt_input` now includes the `witness_script` + where available as well as new proprietary data which can be used to + re-derive some spending keys from the base key (#2761, #3004). + * `OutPoint::to_channel_id` has been removed in favor of + `ChannelId::v1_from_funding_outpoint` in preparation for v2 channels with a + different `ChannelId` derivation scheme (#2797). + * `PeerManager::get_peer_node_ids` has been replaced with `list_peers` and + `peer_by_node_id`, which provide more details (#2905). + * `Bolt11Invoice::get_payee_pub_key` is now provided (#2909). + * `Default[Message]Router` now take an `entropy_source` argument (#2847). + * `ClosureReason::HTLCsTimedOut` has been separated out from + `ClosureReason::HolderForceClosed` as it is the most common case (#2887). + * `ClosureReason::CooperativeClosure` is now split into + `{Counterparty,Locally}Initiated` variants (#2863). + * `Event::ChannelPending::channel_type` is now provided (#2872). + * `PaymentForwarded::{prev,next}_user_channel_id` are now provided (#2924). + * Channel init messages have been refactored towards V2 channels (#2871). + * `BumpTransactionEvent` now contains the channel and counterparty (#2873). + * `util::scid_utils` is now public, with some trivial utilities to examine + short channel ids (#2694). + * `DirectedChannelInfo::{source,target}` are now public (#2870). + * Bounds in `lightning-background-processor` were simplified by using + `AChannelManager` (#2963). + * The `Persist` impl for `KVStore` no longer requires `Sized`, allowing for + the use of `dyn KVStore` as `Persist` (#2883, #2976). + * `From` is now implemented for `PaymentHash` (#2918). + * `NodeId::from_slice` is now provided (#2942). + * `ChannelManager` deserialization may now fail with `DangerousValue` when + LDK's persistence API was violated (#2974). + +## Bug Fixes + * Excess fees on counterparty commitment transactions are now included in the + dust exposure calculation. This lines behavior up with some cases where + transaction fees can be burnt, making them effectively dust exposure (#3045). + * `Future`s used as an `std::...::Future` could grow in size unbounded if it + was never woken. For those not using async persistence and using the async + `lightning-background-processor`, this could cause a memory leak in the + `ChainMonitor` (#2894). + * Inbound channel requests that fail in + `ChannelManager::accept_inbound_channel` would previously have stalled from + the peer's perspective as no `error` message was sent (#2953). + * Blinded path construction has been tuned to select paths more likely to + succeed, improving BOLT12 payment reliability (#2911, #2912). + * After a reorg, `lightning-transaction-sync` could have failed to follow a + transaction that LDK needed information about (#2946). + * `RecipientOnionFields`' `custom_tlvs` are now propagated to recipients when + paying with blinded paths (#2975). + * `Event::ChannelClosed` is now properly generated and peers are properly + notified for all channels that as a part of a batch channel open fail to be + funded (#3029). + * In cases where user event processing is substantially delayed such that we + complete multiple round-trips with our peers before a `PaymentSent` event is + handled and then restart without persisting the `ChannelManager` after having + persisted a `ChannelMonitor[Update]`, on startup we may have `Err`d trying to + deserialize the `ChannelManager` (#3021). + * If a peer has relatively high latency, `PeerManager` may have failed to + establish a connection (#2993). + * `ChannelUpdate` messages broadcasted for our own channel closures are now + slightly more robust (#2731). + * Deserializing malformed BOLT11 invoices may have resulted in an integer + overflow panic in debug builds (#3032). + * In exceedingly rare cases (no cases of this are known), LDK may have created + an invalid serialization for a `ChannelManager` (#2998). + * Message processing latency handling BOLT12 payments has been reduced (#2881). + * Latency in processing `Event::SpendableOutputs` may be reduced (#3033). + +## Node Compatibility + * LDK's blinded paths were inconsistent with other implementations in several + ways, which have been addressed (#2856, #2936, #2945). + * LDK's messaging blinded paths now support the latest features which some + nodes may begin relying on soon (#2961). + * LDK's BOLT12 structs have been updated to support some last-minute changes to + the spec (#3017, #3018). + * CLN v24.02 requires the `gossip_queries` feature for all peers, however LDK + by default does not set it for those not using a `P2PGossipSync` (e.g. those + using RGS). This change was reverted in CLN v24.02.2 however for now LDK + always sets the `gossip_queries` feature. This change is expected to be + reverted in a future LDK release (#2959). + +## Security +0.0.123 fixes a denial-of-service vulnerability which we believe to be reachable +from untrusted input when parsing invalid BOLT11 invoices containing non-ASCII +characters. + * BOLT11 invoices with non-ASCII characters in the human-readable-part may + cause an out-of-bounds read attempt leading to a panic (#3054). Note that all + BOLT11 invoices containing non-ASCII characters are invalid. + +In total, this release features 150 files changed, 19307 insertions, 6306 +deletions in 360 commits since 0.0.121 from 17 authors, in alphabetical order: + + * Arik Sosman + * Duncan Dean + * Elias Rohrer + * Evan Feenstra + * Jeffrey Czyz + * Keyue Bao + * Matt Corallo + * Orbital + * Sergi Delgado Segura + * Valentine Wallace + * Willem Van Lint + * Wilmer Paulino + * benthecarman + * jbesraa + * olegkubrakov + * optout + * shaavan + + +# 0.0.122 - Apr 09, 2024 - "That Which Is Untested Is Broken" + +## Bug Fixes + * `Route` objects did not successfully round-trip through de/serialization + since LDK 0.0.117, which has now been fixed (#2897). + * Correct deserialization of unknown future enum variants. This ensures + downgrades from future versions of LDK do not result in read failures or + corrupt reads in cases where enums are written (#2969). + * When hitting lnd bug 6039, our workaround previously resulted in + `ChannelManager` persistences on every round-trip with our peer. These + useless persistences are now skipped (#2937). + +In total, this release features 4 files changed, 99 insertions, 55 +deletions in 6 commits from 1 author, in alphabetical order: + * Matt Corallo + + +# 0.0.121 - Jan 22, 2024 - "Unwraps are Bad" + +## Bug Fixes + * Fix a deadlock when calling `batch_funding_transaction_generated` with + invalid input (#2841). + +## Security +0.0.121 fixes a denial-of-service vulnerability which is reachable from +untrusted input from peers in rare cases if we have a public channel or in +common cases if `P2PGossipSync` is used. + * A peer that failed to complete its handshake would cause a reachable + `unwrap` in LDK since 0.0.119 when LDK attempts to broadcast gossip to all + peers (#2842). + +In total, this release features 4 files changed, 52 insertions, 10 +deletions in 4 commits from 2 authors, in alphabetical order: + * Jeffrey Czyz + * Matt Corallo + + +# 0.0.120 - Jan 17, 2024 - "Unblinded Fuzzers" + +## API Updates + * The `PeerManager` bound on `UtxoLookup` was removed entirely. This enables + use of `UtxoLookup` in cases broken in 0.0.119 by #2773 (#2822). + * LDK now exposes and fully implements the route blinding feature (#2812). + * The `lightning-transaction-sync` crate no longer relies on system time + without the `time` feature (#2799, #2817). + * `lightning::onion_message`'s module layout has changed (#2821). + * `Event::ChannelClosed` now includes the `channel_funding_txo` (#2800). + * `CandidateRouteHop` variants were destructured into individual structs, + hiding some fields which were not generally consumable (#2802). + +## Bug Fixes + * Fixed a rare issue where `lightning-net-tokio` may not fully flush its send + buffer, leading to connection hangs (#2832). + * Fixed a panic which may occur when connecting to a peer if we opened a second + channel with that peer while they were disconnected (#2808). + * Retries for a payment which previously failed in a blinded path will now + always use an alternative blinded path (#2818). + * `Feature`'s `Eq` and `Hash` implementation now ignore dummy bytes (#2808). + * Some missing `DiscardFunding` or `ChannelClosed` events are now generated in + rare funding-related failures (#2809). + * Fixed a privacy issue in blinded path generation where the real + `cltv_expiry_delta` would be exposed to senders (#2831). + +## Security +0.0.120 fixes a denial-of-service vulnerability which is reachable from +untrusted input from peers if the `UserConfig::manually_accept_inbound_channels` +option is enabled. + * A peer that sent an `open_channel` message with the `channel_type` field + unfilled would trigger a reachable `unwrap` since LDK 0.0.117 (#2808). + * In protocols where a funding output is shared with our counterparty before + it is given to LDK, a malicious peer could have caused a reachable panic + by reusing the same funding info in (#2809). + +In total, this release features 67 files changed, 3016 insertions, 2473 +deletions in 79 commits from 9 authors, in alphabetical order: + * Elias Rohrer + * Jeffrey Czyz + * José A.P + * Matt Corallo + * Tibo-lg + * Valentine Wallace + * benthecarman + * optout + * shuoer86 + + +# 0.0.119 - Dec 15, 2023 - "Spring Cleaning for Christmas" + +## API Updates + * The LDK crate ecosystem MSRV has been increased to 1.63 (#2681). + * The `bitcoin` dependency has been updated to version 0.30 (#2740). + * `lightning-invoice::payment::*` have been replaced with parameter generation + via `payment_parameters_from[_zero_amount]_invoice` (#2727). + * `{CoinSelection,Wallet}Source::sign_tx` are now `sign_psbt`, providing more + information, incl spent outputs, about the transaction being signed (#2775). + * Logger `Record`s now include `channel_id` and `peer_id` fields. These are + opportunistically filled in when a log record is specific to a given channel + and/or peer, and may occasionally be spuriously empty (#2314). + * When handling send or reply onion messages (e.g. for BOLT12 payments), a new + `Event::ConnectionNeeded` may be raised, indicating a direct connection + should be made to a payee or an introduction point. This event is expected to + be removed once onion message forwarding is widespread in the network (#2723) + * Scoring data decay now happens via `ScoreUpDate::time_passed`, called from + `lightning-background-processor`. `process_events_async` now takes a new + time-fetch function, and `ScoreUpDate` methods now take the current time as a + `Duration` argument. This avoids fetching time during pathfinding (#2656). + * Receiving payments to multi-hop blinded paths is now supported (#2688). + * `MessageRouter` and `Router` now feature methods to generate blinded paths to + the local node for incoming messages and payments. `Router` now extends + `MessageRouter`, and both are used in `ChannelManager` when processing or + creating BOLT12 structures to generate multi-hop blinded paths (#1781). + * `lightning-transaction-sync` now supports Electrum-based sync (#2685). + * `Confirm::get_relevant_txids` now returns the height at which a transaction + was confirmed. This can be used to assist in reorg detection (#2685). + * `ConfirmationTarget::MaxAllowedNonAnchorChannelRemoteFee` has been removed. + Non-anchor channel feerates are bounded indirectly through + `ChannelConfig::max_dust_htlc_exposure` (#2696). + * `lightning-invoice` `Description`s now rely on `UntrustedString` for + sanitization (#2730). + * `ScoreLookUp::channel_penalty_msat` now uses `CandidateRouteHop` (#2551). + * The `EcdsaChannelSigner` trait was moved to `lightning::sign::ecdsa` (#2512). + * `SignerProvider::get_destination_script` now takes `channel_keys_id` (#2744) + * `SpendableOutputDescriptor::StaticOutput` now has `channel_keys_id` (#2749). + * `EcdsaChannelSigner::sign_counterparty_commitment` now takes HTLC preimages + for both inbound and outbound HTLCs (#2753). + * `ClaimedHTLC` now includes a `counterparty_skimmed_fee_msat` field (#2715). + * `peel_payment_onion` was added to decode an encrypted onion for a payment + without receiving an HTLC. This allows for stateless verification of if a + theoretical payment would be accepted prior to receipt (#2700). + * `create_payment_onion` was added to construct an encrypted onion for a + payment path without sending an HTLC immediately (#2677). + * Various keys used in channels are now wrapped to provide type-safety for + specific usages of the keys (#2675). + * `TaggedHash` now includes the raw `tag` and `merkle_root` (#2687). + * `Offer::is_expired_no_std` was added (#2689). + * `PaymentPurpose::preimage()` was added (#2768). + * `temporary_channel_id` can now be specified in `create_channel` (#2699). + * Wire definitions for splicing messages were added (#2544). + * Various `lightning-invoice` structs now impl `Display`, now have pub fields, + or impl `From` (#2730). + * The `Hash` trait is now implemented for more structs, incl P2P msgs (#2716). + +## Performance Improvements + * Memory allocations (though not memory usage) have been substantially reduced, + meaning less overhead and hopefully less memory fragmentation (#2708, #2779). + +## Bug Fixes + * Since 0.0.117, calling `close_channel*` on a channel which has not yet been + funded would previously result in an infinite loop and hang (#2760). + * Since 0.0.116, sending payments requiring data in the onion for the recipient + which was too large for the onion may have caused corruption which resulted + in payment failure (#2752). + * Cooperative channel closure on channels with remaining output HTLCs may have + spuriously force-closed (#2529). + * In LDK versions 0.0.116 through 0.0.118, in rare cases where skimmed fees are + present on shutdown the `ChannelManager` may fail to deserialize (#2735). + * `ChannelConfig::max_dust_exposure` values which, converted to absolute fees, + exceeded 2^63 - 1 would result in an overflow and could lead to spurious + payment failures or channel closures (#2722). + * In cases where LDK is operating with provably-stale state, it panics to + avoid funds loss. This may not have happened in cases where LDK was behind + only exactly one state, leading instead to a revoked broadcast and funds + loss (#2721). + * Fixed a bug where decoding `Txid`s from Bitcoin Core JSON-RPC responses using + `lightning-block-sync` would not properly byte-swap the hash. Note that LDK + does not use this API internally (#2796). + +## Backwards Compatibility + * `ChannelManager`s written with LDK 0.0.119 are no longer readable by versions + of LDK prior to 0.0.113. Users wishing to downgrade to LDK 0.0.112 or before + can read an 0.0.119-serialized `ChannelManager` with a version of LDK from + 0.0.113 to 0.0.118, re-serialize it, and then downgrade (#2708). + * Nodes that upgrade to 0.0.119 and subsequently downgrade after receiving a + payment to a blinded path may leak recipient information if one or more of + those HTLCs later fails (#2688). + * Similarly, forwarding a blinded HTLC and subsequently downgrading to an LDK + version prior to 0.0.119 may result in leaking the path information to the + payment sender (#2540). + +In total, this release features 148 files changed, 13780 insertions, 6279 +deletions in 280 commits from 22 authors, in alphabetical order: + * Arik Sosman + * Chris Waterson + * Elias Rohrer + * Evan Feenstra + * Gursharan Singh + * Jeffrey Czyz + * John Cantrell + * Lalitmohansharma1 + * Matt Corallo + * Matthew Rheaume + * Orbital + * Rachel Malonson + * Valentine Wallace + * Willem Van Lint + * Wilmer Paulino + * alexanderwiederin + * benthecarman + * henghonglee + * jbesraa + * olegkubrakov + * optout + * shaavan + + +# 0.0.118 - Oct 23, 2023 - "Just the Twelve Sinks" + +## API Updates + * BOLT12 sending and receiving is now supported as an alpha feature. You may + run into unexpected issues and will need to have a direct connection with + the offer's blinded path introduction points as messages are not yet routed. + We are seeking feedback from early testers (#2578, #2039). + * `ConfirmationTarget` has been rewritten to provide information about the + specific use LDK needs the feerate estimate for, rather than the generic + low-, medium-, and high-priority estimates. This allows LDK users to more + accurately target their feerate estimates (#2660). For those wishing to + retain their existing behavior, see the table below for conversion. + * `ChainHash` is now used in place of `BlockHash` where it represents the + genesis block (#2662). + * `lightning-invoice` payment utilities now take a `Deref` to + `AChannelManager` (#2652). + * `peel_onion` is provided to statelessly decode an `OnionMessage` (#2599). + * `ToSocketAddrs` + `Display` are now impl'd for `SocketAddress` (#2636, #2670) + * `Display` is now implemented for `OutPoint` (#2649). + * `Features::from_be_bytes` is now provided (#2640). + +For those moving to the new `ConfirmationTarget`, the new variants in terms of +the old mempool/low/medium/high priorities are as follows: + * `OnChainSweep` = `HighPriority` + * `MaxAllowedNonAnchorChannelRemoteFee` = `max(25 * 250, HighPriority * 10)` + * `MinAllowedAnchorChannelRemoteFee` = `MempoolMinimum` + * `MinAllowedNonAnchorChannelRemoteFee` = `Background - 250` + * `AnchorChannelFee` = `Background` + * `NonAnchorChannelFee` = `Normal` + * `ChannelCloseMinimum` = `Background` + +## Bug Fixes + * Calling `ChannelManager::close_channel[_with_feerate_and_script]` on a + channel which did not exist would immediately hang holding several key + `ChannelManager`-internal locks (#2657). + * Channel information updates received from a failing HTLC are no longer + applied to our `NetworkGraph`. This prevents a node which we attempted to + route a payment through from being able to learn the sender of the payment. + In some rare cases, this may result in marginally reduced payment success + rates (#2666). + * Anchor outputs are now properly considered when calculating the amount + available to send in HTLCs. This can prevent force-closes in anchor channels + when sending payments which overflow the available balance (#2674). + * A peer that sends an `update_fulfill_htlc` message for a forwarded HTLC, + then reconnects prior to sending a `commitment_signed` (thus retransmitting + their `update_fulfill_htlc`) may result in the channel stalling and being + unable to make progress (#2661). + * In exceedingly rare circumstances, messages intended to be sent to a peer + prior to reconnection can be sent after reconnection. This could result in + undefined channel state and force-closes (#2663). + +## Backwards Compatibility + + * Creating a blinded path to receive a payment then downgrading to LDK prior to + 0.0.117 may result in failure to receive the payment (#2413). + * Calling `ChannelManager::pay_for_offer` or + `ChannelManager::create_refund_builder` may prevent downgrading to LDK prior + to 0.0.118 until the payment times out and has been removed (#2039). + +## Node Compatibility + * LDK now sends a bogus `channel_reestablish` message to peers when they ask to + resume an unknown channel. This should cause LND nodes to force-close and + broadcast the latest channel state to the chain. In order to trigger this + when we wish to force-close a channel, LDK now disconnects immediately after + sending a channel-closing `error` message. This should result in cooperative + peers also working to confirm the latest commitment transaction when we wish + to force-close (#2658). + +## Security +0.0.118 expands mitigations against transaction cycling attacks to non-anchor +channels, though note that no mitigations which exist today are considered robust +to prevent the class of attacks. + * In order to mitigate against transaction cycling attacks, non-anchor HTLC + transactions are now properly re-signed before broadcasting (#2667). + +In total, this release features 61 files changed, 3470 insertions, 1503 +deletions in 85 commits from 12 authors, in alphabetical order: + * Antonio Yang + * Elias Rohrer + * Evan Feenstra + * Fedeparma74 + * Gursharan Singh + * Jeffrey Czyz + * Matt Corallo + * Sergi Delgado Segura + * Vladimir Fomene + * Wilmer Paulino + * benthecarman + * slanesuke + + +# 0.0.117 - Oct 3, 2023 - "Everything but the Twelve Sinks" + +## API Updates + * `ProbabilisticScorer`'s internal models have been substantially improved, + including better decaying (#1789), a more granular historical channel + liquidity tracker (#2176) and a now-default option to make our estimate for a + channel's current liquidity nonlinear in the channel's capacity (#2547). In + total, these changes should result in improved payment success rates at the + cost of slightly worse routefinding performance. + * Support for custom TLVs for recipients of HTLCs has been added (#2308). + * Support for generating transactions for third-party watchtowers has been + added to `ChannelMonitor/Update`s (#2337). + * `KVStorePersister` has been replaced with a more generic and featureful + `KVStore` interface (#2472). + * A new `MonitorUpdatingPersister` is provided which wraps a `KVStore` and + implements `Persist` by writing differential updates rather than full + `ChannelMonitor`s (#2359). + * Batch funding of outbound channels is now supported using the new + `ChannelManager::batch_funding_transaction_generated` method (#2486). + * `ChannelManager::send_preflight_probes` has been added to probe a payment's + potential paths while a user is providing approval for a payment (#2534). + * Fully asynchronous `ChannelMonitor` updating is available as an alpha + preview. There remain a few known but incredibly rare race conditions which + may lead to loss of funds (#2112, #2169, #2562). + * `ChannelMonitorUpdateStatus::PermanentFailure` has been removed in favor of a + new `ChannelMonitorUpdateStatus::UnrecoverableError`. The new variant panics + on use, rather than force-closing a channel in an unsafe manner, which the + previous variant did (#2562). Rather than panicking with the new variant, + users may wish to use the new asynchronous `ChannelMonitor` updating using + `ChannelMonitorUpdateStatus::InProgress`. + * `RouteParameters::max_total_routing_fee_msat` was added to limit the fees + paid when routing, defaulting to 1% + 50sats when using the new + `from_payment_params_and_value` constructor (#2417, #2603, #2604). + * Implementations of `UtxoSource` are now provided in `lightning-block-sync`. + Those running with a full node should use this to validate gossip (#2248). + * `LockableScore` now supports read locking for parallel routefinding (#2197). + * `ChannelMonitor::get_spendable_outputs` was added to allow for re-generation + of `SpendableOutputDescriptor`s for a channel after they were provided via + `Event::SpendableOutputs` (#2609, #2624). + * `[u8; 32]` has been replaced with a `ChannelId` newtype for chan ids (#2485). + * `NetAddress` was renamed `SocketAddress` (#2549) and `FromStr` impl'd (#2134) + * For `no-std` users, `parse_onion_address` was added which creates a + `NetAddress` from a "...onion" string and port (#2134, #2633). + * HTLC information is now provided in `Event::PaymentClaimed::htlcs` (#2478). + * The success probability used in historical penalties when scoring is now + available via `historical_estimated_payment_success_probability` (#2466). + * `RecentPaymentDetails::*::payment_id` has been added (#2567). + * `Route` now contains a `RouteParameters` rather than a `PaymentParameters`, + tracking the original arguments passed to routefinding (#2555). + * `Balance::*::claimable_amount_satoshis` was renamed `amount_satoshis` (#2460) + * `*Features::set_*_feature_bit` have been added for non-custom flags (#2522). + * `channel_id` was added to `SpendableOutputs` events (#2511). + * `counterparty_node_id` and `channel_capacity_sats` were added to + `ChannelClosed` events (#2387). + * `ChannelMonitor` now implements `Clone` for `Clone`able signers (#2448). + * `create_onion_message` was added to build an onion message (#2583, #2595). + * `HTLCDescriptor` now implements `Writeable`/`Readable` (#2571). + * `SpendableOutputDescriptor` now implements `Hash` (#2602). + * `MonitorUpdateId` now implements `Debug` (#2594). + * `Payment{Hash,Id,Preimage}` now implement `Display` (#2492). + * `NodeSigner::sign_bolt12_invoice{,request}` were added for future use (#2432) + +## Backwards Compatibility + * Users migrating to the new `KVStore` can use a concatentation of + `[{primary_namespace}/[{secondary_namespace}/]]{key}` to build a key + compatible with the previous `KVStorePersister` interface (#2472). + * Downgrading after receipt of a payment with custom HTLC TLVs may result in + unintentionally accepting payments with TLVs you do not understand (#2308). + * `Route` objects (including pending payments) written by LDK versions prior + to 0.0.117 won't be retryable after being deserialized by LDK 0.0.117 or + above (#2555). + * Users of the `MonitorUpdatingPersister` can upgrade seamlessly from the + default `KVStore` `Persist` implementation, however the stored + `ChannelMonitor`s are deliberately unreadable by the default `Persist`. This + ensures the correct downgrade procedure is followed, which is: (#2359) + * First, make a backup copy of all channel state, + * then ensure all `ChannelMonitorUpdate`s stored are fully applied to the + relevant `ChannelMonitor`, + * finally, write each full `ChannelMonitor` using your new `Persist` impl. + +## Bug Fixes + * Anchor channels which were closed by a counterparty broadcasting its + commitment transaction (i.e. force-closing) would previously not generate a + `SpendableOutputs` event for our `to_remote` (i.e. non-HTLC-encumbered) + balance. Those with such balances available should fetch the missing + `SpendableOutputDescriptor`s using the new + `ChannelMonitor::get_spendable_outputs` method (#2605). + * Anchor channels may result in spurious or missing `Balance` entries for HTLC + balances (#2610). + * `ChannelManager::send_spontaneous_payment_with_retry` spuriously did not + provide the recipient with enough information to claim the payment, leading + to all spontaneous payments failing (#2475). + `send_spontaneous_payment_with_route` was unaffected. + * The `keysend` feature on node announcements was spuriously un-set in 0.0.112 + and has been re-enabled (#2465). + * Fixed several races which could lead to deadlock when force-closing a channel + (#2597). These races have not been seen in production. + * The `ChannelManager` is persisted substantially less when it has not changed, + leading to substantially less I/O traffic for it (#2521, #2617). + * Passing new block data to `ChainMonitor` no longer results in all other + monitor operations being blocked until it completes (#2528). + * When retrying payments, any excess amount sent to the recipient in order to + meet an `htlc_minimum` constraint on the path is now no longer included in + the amount we send in the retry (#2575). + * Several edge cases in route-finding around HTLC minimums were fixed which + could have caused invalid routes or panics when built with debug assertions + (#2570, #2575). + * Several edge cases in route-finding around HTLC minimums and route hints + were fixed which would spuriously result in no route found (#2575, #2604). + * The `user_channel_id` passed to `SignerProvider::generate_channel_keys_id` + for inbound channels is now correctly using the one passed to + `ChannelManager::accept_inbound_channel` rather than a default value (#2428). + * Users of `impl_writeable_tlv_based!` no longer have use requirements (#2506). + * No longer force-close channels when counterparties send a `channel_update` + with a bogus `htlc_minimum_msat`, which LND users can manually build (#2611). + +## Node Compatibility + * LDK now ignores `error` messages generated by LND in response to a + `shutdown` message, avoiding force-closes due to LND bug 6039. This may + lead to non-trivial bandwidth usage with LND peers exhibiting this bug + during the cooperative shutdown process (#2507). + +## Security +0.0.117 fixes several loss-of-funds vulnerabilities in anchor output channels, +support for which was added in 0.0.116, in reorg handling, and when accepting +channel(s) from counterparties which are miners. + * When a counterparty broadcasts their latest commitment transaction for a + channel with anchor outputs, we'd previously fail to build claiming + transactions against any HTLC outputs in that transaction. This could lead + to loss of funds if the counterparty is able to eventually claim the HTLC + after a timeout (#2606). + * Anchor channels HTLC claims on-chain previously spent the entire value of any + HTLCs as fee, which has now been fixed (#2587). + * If a channel is closed via an on-chain commitment transaction confirmation + with a pending outbound HTLC in the commitment transaction, followed by a + reorg which replaces the confirmed commitment transaction with a different + (but non-revoked) commitment transaction, all before we learn the payment + preimage for this HTLC, we may previously have not generated a proper + claiming transaction for the HTLC's value (#2623). + * 0.0.117 now correctly handles channels for which our counterparty funded the + channel with a coinbase transaction. As such transactions are not spendable + until they've reached 100 confirmations, this could have resulted in + accepting HTLC(s) which are not enforcible on-chain (#1924). + +In total, this release features 121 files changed, 20477 insertions, 8184 +deletions in 381 commits from 27 authors, in alphabetical order: + * Alec Chen + * Allan Douglas R. de Oliveira + * Antonio Yang + * Arik Sosman + * Chris Waterson + * David Caseria + * DhananjayPurohit + * Dom Zippilli + * Duncan Dean + * Elias Rohrer + * Erik De Smedt + * Evan Feenstra + * Gabor Szabo + * Gursharan Singh + * Jeffrey Czyz + * Joseph Goulden + * Lalitmohansharma1 + * Matt Corallo + * Rachel Malonson + * Sergi Delgado Segura + * Valentine Wallace + * Vladimir Fomene + * Willem Van Lint + * Wilmer Paulino + * benthecarman + * jbesraa + * optout + + +# 0.0.116 - Jul 21, 2023 - "Anchoring the Roadmap" + +## API Updates + + * Support for zero-HTLC-fee anchor output channels has been added and is now + considered beta (#2367). Users who set + `ChannelHandshakeConfig::negotiate_anchors_zero_fee_htlc_tx` should be + prepared to handle the new `Event::BumpTransaction`, e.g. via the + `BumpTransactionEventHandler` (#2089). Note that in order to do so you must + ensure you always have a reserve of available unspent on-chain funds to use + for CPFP. LDK currently makes no attempt to ensure this for you. + * Users who set `ChannelHandshakeConfig::negotiate_anchors_zero_fee_htlc_tx` + and wish to accept inbound anchor-based channels must do so manually by + setting `UserConfig::manually_accept_inbound_channels` (#2368). + * Support forwarding and accepting HTLCs with a reduced amount has been added, + to support LSPs skimming a fee on the penultimate hop (#2319). + * BOLT11 and BOLT12 Invoice and related types have been renamed to include a + BOLTNN prefix, ensuring uniqueness in `lightning{,-invoice}` crates (#2416). + * `Score`rs now have an associated type which represents a parameter passed + when calculating penalties. This allows for the same `Score`r to be used with + different penalty calculation parameters (#2237). + * `DefaultRouter` is no longer restrained to a `Mutex`-wrapped `Score`, + allowing it to be used in `no-std` builds (#2383). + * `CustomMessageHandler::provided_{node,init}_features` and various custom + feature bit methods on `*Features` were added (#2204). + * Keysend/push payments using MPP are now supported when receiving if + `UserConfig::accept_mpp_keysend` is set and when sending if specified in the + `PaymentParameters`. Note that not all recipients support this (#2156). + * A new `ConfirmationTarget::MempoolMinimum` has been added (#2415). + * `SpendableOutputDescriptor::to_psbt_input` was added (#2286). + * `ChannelManager::update_partial_channel_config` was added (#2330). + * `ChannelDetails::channel_shutdown_state` was added (#2347). + * The shutdown script can now be provided at shutdown time via + `ChannelManager::close_channel_with_feerate_and_script` (#2219). + * `BroadcasterInterface` now takes multiple transactions at once. While not + available today, in the future single calls should be passed to a full node + via a single batch/package transaction acceptance API (#2272). + * `Balance::claimable_amount_satoshis` was added (#2333). + * `payment_{hash,preimage}` have been added to some `Balance` variants (#2217). + * The `lightning::chain::keysinterface` is now `lightning::sign` (#2246). + * Routing to a blinded path has been implemented, though sending to such a + route is not yet supported in `ChannelManager` (#2120). + * `OffersMessageHandler` was added for offers-related onion messages (#2294). + * The `CustomMessageHandler` parameter to `PeerManager` has moved to + `MessageHandler` from `PeerManager::new` explicitly (#2249). + * Various P2P messages for dual funding channel establishment have been added, + though handling for them is not yet in `ChannelManager` (#1794) + * Script-fetching methods in `sign` interfaces can now return errors, see docs + for the implications of failing (#2213). + * The `data_loss_protect` option is now required when reading + `channel_reestablish` messages, as many others have done (#2253). + * `InFlightHtlcs::add_inflight_htlc` has been added (#2042). + * The `init` message `networks` field is now written and checked (#2329). + * `PeerManager` generics have been simplified with the introduction of the + `APeerManager` trait (#2249). + * `ParitalOrd` and `Ord` are now implemented for `Invoice` (#2279). + * `ParitalEq` and `Debug` are now implemented for `InMemorySigner` (#2328). + * `ParitalEq` and `Eq` are now implemented for `PaymentError` (#2316). + * `NetworkGraph::update_channel_from_announcement_no_lookup` was added (#2222). + * `lightning::routing::gossip::verify_{channel,node}_announcement` was added + (#2307). + +## Backwards Compatibility + * `PaymentParameters` written with blinded path info using LDK 0.0.115 will not + be readable in LDK 0.0.116, and vice versa. + * Forwarding less than `Event::HTLCIntercepted::expected_outbound_amount_msat` + in `ChannelManager::forward_intercepted_htlc` may prevent the + `ChannelManager` from being read by LDK prior to 0.0.116 (#2319) + * Setting `ChannelConfig::accept_underpaying_htlcs` may prevent the + `ChannelManager` from being read by LDK prior to 0.0.116 and un-setting the + parameter between restarts may lead to payment failures (#2319). + * `ChannelManager::create_inbound_payment{,_for_hash}_legacy` has been removed, + removing the ability to create inbound payments which are claimable after + downgrade to LDK 0.0.103 and prior. In the future handling such payments will + also be removed (#2351). + * Some fields required by LDK 0.0.103 and earlier are no longer written, thus + deserializing objects written by 0.0.116 with 0.0.103 may now fail (#2351). + +## Bug Fixes + * `ChannelDetails::next_outbound_htlc_limit_msat` was made substantially more + accurate and a corresponding `next_outbound_htlc_minimum_msat` was added. + This resolves issues where unpayable routes were generated due to + overestimation of the amount which is payable over one of our channels as + the first hop (#2312). + * A rare case where delays in processing `Event`s generated by + `ChannelMonitor`s could lead to loss of those events in case of an untimely + crash. This could lead to the loss of an `Event::SpendableOutputs` (#2369). + * Fixed a regression in 0.0.115 which caused `PendingHTLCsForwardable` events + to be missed when processing phantom node receives. This caused such + payments to be delayed until a further, unrelated HTLC came in (#2395). + * Peers which are unresponsive to channel messages for several timer ticks are + now disconnected to allow for on-reconnection state machine reset. This + works around some issues in LND prior to 16.3 which can cause channels to + hang and eventually force-close (#2293). + * `ChannelManager::new` now requires the current time (either from a recent + block header or the system clock), ensuring invoices created immediately + after startup aren't already expired (#2372). + * Resolved an issue where reading a `ProbabilisticScorer` on some platforms + (e.g. iOS) can lead to a panic (#2322). + * `ChannelConfig::max_dust_htlc_exposure` is now allowed to scale based on + current fees, and the default has been updated to do so. This substantially + reduces the chance of force-closure due to dust exposure. Note that existing + channels will retain their current value and you may wish to update the + value on your existing channels on upgrade (#2354). + * `PeerManager::process_events` no longer blocks in any case. This fixes a bug + where reentrancy from `PeerManager` into user code which eventually calls + `process_events` could lead to a deadlock (#2280). + * The persist timing of network graph and scoring in + `lightning-background-processor` has been tweaked to provide more reliable + persistence after updates to either (#2226). + * The number of route hints added to BOLT 11 invoices by the + `lightning-invoice::utils` builders has been reduced to three to ensure + invoices can be represented in scan-able QR codes (#2044). + * Fixed sending large onion messages, which would previously have resulted in + an HMAC error on the second hop (#2277). + * Fixed a memory leak that may occur when a `ChannelManager` or + `ChannelMonitor` is `drop`ed (#2233). + * A potential deadlock in calling `NetworkGraph::eq` was resolved (#2284). + * Fixed an overflow which prevented disconnecting peers in some minor cases + with more than 31 peers (#2245). + * Gossip messages with an unknown chain hash are now ignored (#2230). + * Rapid Gossip Sync processing now fails on an unknown chain hash (#2324). + * `RouteHintHop::htlc_maximum_msat` is now enforced. Note that BOLT11 route + hints do not have such a field so this code is generally unused (#2305). + +## Security +0.0.116 fixes a denial-of-service vulnerability which is reachable from +untrusted input from channel counterparties if a 0-conf channel exists with +that counterparty. + * A premature `announcement_signatures` message from a peer prior to a 0-conf + channel's funding transaction receiving any confirmations would panic in any + version since 0-conf channels were introduced (#2439). + +In total, this release features 142 files changed, 21033 insertions, 11066 +deletions in 327 commits from 21 authors, in alphabetical order: + * Alec Chen + * Andrei + * Antoine Riard + * Arik Sosman + * Chad Upjohn + * Daniel Granhão + * Duncan Dean + * Elias Rohrer + * Fred Walker + * Gleb Naumenko + * Jeffrey Czyz + * Martin Habovstiak + * Matt Corallo + * Tony Giorgio + * Valentine Wallace + * Vladimir Fomene + * Willem Van Lint + * Wilmer Paulino + * benthecarman + * ff + * henghonglee + + +# 0.0.115 - Apr 24, 2023 - "Rebroadcast the Bugfixes" + +## API Updates + * The MSRV of the main LDK crates has been increased to 1.48 (#2107). + * Attempting to claim an un-expired payment on a channel which has closed no + longer fails. The expiry time of payments is exposed via + `PaymentClaimable::claim_deadline` (#2148). + * `payment_metadata` is now supported in `Invoice` deserialization, sending, + and receiving (via a new `RecipientOnionFields` struct) (#2139, #2127). + * `Event::PaymentFailed` now exposes a failure reason (#2142). + * BOLT12 messages now support stateless generation and validation (#1989). + * The `NetworkGraph` is now pruned of stale data after RGS processing (#2161). + * Max inbound HTLCs in-flight can be changed in the handshake config (#2138). + * `lightning-transaction-sync` feature `esplora-async-https` was added (#2085). + * A `ChannelPending` event is now emitted after the initial handshake (#2098). + * `PaymentForwarded::outbound_amount_forwarded_msat` was added (#2136). + * `ChannelManager::list_channels_by_counterparty` was added (#2079). + * `ChannelDetails::feerate_sat_per_1000_weight` was added (#2094). + * `Invoice::fallback_addresses` was added to fetch `bitcoin` types (#2023). + * The offer/refund description is now exposed in `Invoice{,Request}` (#2206). + +## Backwards Compatibility + * Payments sent with the legacy `*_with_route` methods on LDK 0.0.115+ will no + longer be retryable via the LDK 0.0.114- `retry_payment` method (#2139). + * `Event::PaymentPathFailed::retry` was removed and will always be `None` for + payments initiated on 0.0.115 which fail on an earlier version (#2063). + * `Route`s and `PaymentParameters` with blinded path information will not be + readable on prior versions of LDK. Such objects are not currently constructed + by LDK, but may be when processing BOLT12 data in a coming release (#2146). + * Providing `ChannelMonitorUpdate`s generated by LDK 0.0.115 to a + `ChannelMonitor` on 0.0.114 or before may panic (#2059). Note that this is + in general unsupported, and included here only for completeness. + +## Bug Fixes + * Fixed a case where `process_events_async` may `poll` a `Future` which has + already completed (#2081). + * Fixed deserialization of `u16` arrays. This bug may have previously corrupted + the historical buckets in a `ProbabilisticScorer`. Users relying on the + historical buckets may wish to wipe their scorer on upgrade to remove corrupt + data rather than waiting on it to decay (#2191). + * The `process_events_async` task is now `Send` and can thus be polled on a + multi-threaded runtime (#2199). + * Fixed a missing macro export causing + `impl_writeable_tlv_based_enum{,_upgradable}` calls to not compile (#2091). + * Fixed compilation of `lightning-invoice` with both `no-std` and serde (#2187) + * Fix an issue where the `background-processor` would not wake when a + `ChannelMonitorUpdate` completed asynchronously, causing delays (#2090). + * Fix an issue where `process_events_async` would exit immediately (#2145). + * `Router` calls from the `ChannelManager` now call `find_route_with_id` rather + than `find_route`, as was intended and described in the API (#2092). + * Ensure `process_events_async` always exits if any sleep future returns true, + not just if all sleep futures repeatedly return true (#2145). + * `channel_update` messages no longer set the disable bit unless the peer has + been disconnected for some time. This should resolve cases where channels are + disabled for extended periods of time (#2198). + * We no longer remove CLN nodes from the network graph for violating the BOLT + spec in some cases after failing to pay through them (#2220). + * Fixed a debug assertion which may panic under heavy load (#2172). + * `CounterpartyForceClosed::peer_msg` is now wrapped in UntrustedString (#2114) + * Fixed a potential deadlock in `funding_transaction_generated` (#2158). + +## Security + * Transaction re-broadcasting is now substantially more aggressive, including a + new regular rebroadcast feature called on a timer from the + `background-processor` or from `ChainMonitor::rebroadcast_pending_claims`. + This should substantially increase transaction confirmation reliability + without relying on downstream `TransactionBroadcaster` implementations for + rebroadcasting (#2203, #2205, #2208). + * Implemented the changes from BOLT PRs #1031, #1032, and #1040 which resolve a + privacy vulnerability which allows an intermediate node on the path to + discover the final destination for a payment (#2062). + +In total, this release features 110 files changed, 11928 insertions, 6368 +deletions in 215 commits from 21 authors, in alphabetical order: + * Advait + * Alan Cohen + * Alec Chen + * Allan Douglas R. de Oliveira + * Arik Sosman + * Elias Rohrer + * Evan Feenstra + * Jeffrey Czyz + * John Cantrell + * Lucas Soriano del Pino + * Marc Tyndel + * Matt Corallo + * Paul Miller + * Steven + * Steven Williamson + * Steven Zhao + * Tony Giorgio + * Valentine Wallace + * Wilmer Paulino + * benthecarman + * munjesi + + +# 0.0.114 - Mar 3, 2023 - "Faster Async BOLT12 Retries" + +## API Updates + * `InvoicePayer` has been removed and its features moved directly into + `ChannelManager`. As such it now requires a simplified `Router` and supports + `send_payment_with_retry` (and friends). `ChannelManager::retry_payment` was + removed in favor of the automated retries. Invoice payment utilities in + `lightning-invoice` now call the new code (#1812, #1916, #1929, #2007, etc). + * `Sign`/`BaseSign` has been renamed `ChannelSigner`, with `EcdsaChannelSigner` + split out in anticipation of future schnorr/taproot support (#1967). + * The catch-all `KeysInterface` was split into `EntropySource`, `NodeSigner`, + and `SignerProvider`. `KeysManager` implements all three (#1910, #1930). + * `KeysInterface::get_node_secret` is now `KeysManager::get_node_secret_key` + and is no longer required for external signers (#1951, #2070). + * A `lightning-transaction-sync` crate has been added which implements keeping + LDK in sync with the chain via an esplora server (#1870). Note that it can + only be used on nodes that *never* ran a previous version of LDK. + * `Score` is updated in `BackgroundProcessor` instead of via `Router` (#1996). + * `ChainAccess::get_utxo` (now `UtxoAccess`) can now be resolved async (#1980). + * BOLT12 `Offer`, `InvoiceRequest`, `Invoice` and `Refund` structs as well as + associated builders have been added. Such invoices cannot yet be paid due to + missing support for blinded path payments (#1927, #1908, #1926). + * A `lightning-custom-message` crate has been added to make combining multiple + custom messages into one enum/handler easier (#1832). + * `Event::PaymentPathFailed` is now generated for failure to send an HTLC + over the first hop on our local channel (#2014, #2043). + * `lightning-net-tokio` no longer requires an `Arc` on `PeerManager` (#1968). + * `ChannelManager::list_recent_payments` was added (#1873). + * `lightning-background-processor` `std` is now optional in async mode (#1962). + * `create_phantom_invoice` can now be used in `no-std` (#1985). + * The required final CLTV delta on inbound payments is now configurable (#1878) + * bitcoind RPC error code and message are now surfaced in `block-sync` (#2057). + * Get `historical_estimated_channel_liquidity_probabilities` was added (#1961). + * `ChannelManager::fail_htlc_backwards_with_reason` was added (#1948). + * Macros which implement serialization using TLVs or straight writing of struct + fields are now public (#1823, #1976, #1977). + +## Backwards Compatibility + * Any inbound payments with a custom final CLTV delta will be rejected by LDK + if you downgrade prior to receipt (#1878). + * `Event::PaymentPathFailed::network_update` will always be `None` if an + 0.0.114-generated event is read by a prior version of LDK (#2043). + * `Event::PaymentPathFailed::all_paths_failed` will always be false if an + 0.0.114-generated event is read by a prior version of LDK. Users who rely on + it to determine payment retries should migrate to `Event::PaymentFailed`, in + a separate release prior to upgrading to LDK 0.0.114 if downgrading is + supported (#2043). + +## Performance Improvements + * Channel data is now stored per-peer and channel updates across multiple + peers can be operated on simultaneously (#1507). + * Routefinding is roughly 1.5x faster (#1799). + * Deserializing a `NetworkGraph` is roughly 6x faster (#2016). + * Memory usage for a `NetworkGraph` has been reduced substantially (#2040). + * `KeysInterface::get_secure_random_bytes` is roughly 200x faster (#1974). + +## Bug Fixes + * Fixed a bug where a delay in processing a `PaymentSent` event longer than the + time taken to persist a `ChannelMonitor` update, when occurring immediately + prior to a crash, may result in the `PaymentSent` event being lost (#2048). + * Fixed spurious rejections of rapid gossip sync data when the graph has been + updated by other means between gossip syncs (#2046). + * Fixed a panic in `KeysManager` when the high bit of `starting_time_nanos` + is set (#1935). + * Resolved an issue where the `ChannelManager::get_persistable_update_future` + future would fail to wake until a second notification occurs (#2064). + * Resolved a memory leak when using `ChannelManager::send_probe` (#2037). + * Fixed a deadlock on some platforms at least when using async `ChannelMonitor` + updating (#2006). + * Removed debug-only assertions which were reachable in threaded code (#1964). + * In some cases when payment sending fails on our local channel retries no + longer take the same path and thus never succeed (#2014). + * Retries for spontaneous payments have been fixed (#2002). + * Return an `Err` if `lightning-persister` fails to read the directory listing + rather than panicing (#1943). + * `peer_disconnected` will now never be called without `peer_connected` (#2035) + +## Security +0.0.114 fixes several denial-of-service vulnerabilities which are reachable from +untrusted input from channel counterparties or in deployments accepting inbound +connections or channels. It also fixes a denial-of-service vulnerability in rare +cases in the route finding logic. + * The number of pending un-funded channels as well as peers without funded + channels is now limited to avoid denial of service (#1988). + * A second `channel_ready` message received immediately after the first could + lead to a spurious panic (#2071). This issue was introduced with 0conf + support in LDK 0.0.107. + * A division-by-zero issue was fixed in the `ProbabilisticScorer` if the amount + being sent (including previous-hop fees) is equal to a channel's capacity + while walking the graph (#2072). The division-by-zero was introduced with + historical data tracking in LDK 0.0.112. + +In total, this release features 130 files changed, 21457 insertions, 10113 +deletions in 343 commits from 18 authors, in alphabetical order: + * Alec Chen + * Allan Douglas R. de Oliveira + * Andrei + * Arik Sosman + * Daniel Granhão + * Duncan Dean + * Elias Rohrer + * Jeffrey Czyz + * John Cantrell + * Kurtsley + * Matt Corallo + * Max Fang + * Omer Yacine + * Valentine Wallace + * Viktor Tigerström + * Wilmer Paulino + * benthecarman + * jurvis + + +# 0.0.113 - Dec 16, 2022 - "Big Movement Intercepted" + +## API Updates + * `ChannelManager::send_payment` now takes an explicit `PaymentId` which is a + loose idempotency token. See `send_payment` docs for more (#1761, #1826). + * HTLCs bound for SCIDs from `ChannelManager::get_intercept_scid` are now + intercepted and can be forwarded manually over any channel (#1835, #1893). + * `Confirm::get_relevant_txids` now returns a `BlockHash`, expanding the set + of cases where `transaction_unconfirmed` must be called, see docs (#1796). + * Pending outbound payments are no longer automatically timed-out a few blocks + after failure. Thus, in order to avoid leaking memory, you MUST call + `ChannelManager::abandon_payment` when you no longer wish to retry (#1761). + * `ChannelManager::abandon_payment` docs were updated to note that the payment + may return to pending after a restart if no persistence occurs (#1907). + * `Event::PaymentReceived` has been renamed `Event::PaymentClaimable` (#1891). + * `Event` handling is now optionally async for Rust users (#1787). + * `user_channel_id` is now a `u128` and random for inbound channels (#1790). + * A new `ChannelReady` event is generated whenever a channel becomes ready to + be used, i.e., after both sides sent the `channel_ready` message (#1743). + * `NetworkGraph` now prunes channels where either node is offline for 2 weeks + and refuses to accept re-announcements of pruned channels (#1735). + * Onion messages are now read in `CustomOnionMessageHandler` rather than via + `MaybeReadableArgs` (#1809). + * Added a new util to generate an invoice with a custom hash (#1894) - +`create_invoice_from_channelmanager_and_duration_since_epoch_with_payment_hash` + * `Sign`ers are now by default re-derived using `KeysInterface`'s new + `derive_channel_signer` rather than `read_chan_signer` (#1867). + * `Confirm::transactions_confirmed` is now idempotent (#1861). + * `ChannelManager::compute_inflight_htlcs` has been added to fetch in-flight + HTLCs for scoring. Note that `InvoicePayer` does this for you (#1830). + * Added `PaymentClaimable::via_channel_id` (#1856). + * Added the `node_id` (phantom or regular) to payment events (#1766). + * Added the funding transaction `confirmations` to `ChannelDetails` (#1856). + * `BlindedRoute` has been renamed `BlindedPath` (#1918). + * Support for the BOLT 4 "legacy" onion format has been removed, in line with + its removal in the spec and vanishingly rare use (#1413). + * `ChainMonitor::list_pending_monitor_updates` was added (#1834). + * Signing for non-zero-fee anchor commitments is supported again (#1828). + * Several helpers for transaction matching and generation are now pub (#1839). + +## Bug Fixes + * Fixed a rare race where a crash may result in a pending HTLC not being + failed backwards, leading to a force-closure by our counterparty (#1857). + * Avoid incorrectly assigning a lower-bound on channel liquidity when routing + fails due to a closed channel earlier in the path (#1817). + * If a counterparty increases the channel fee, but not enough per our own fee + estimator, we no longer force-close the channel (#1852). + * Several bugs in the `lightning-background-processor` `future` feature were + fixed, including requirements doc corrections (#1843, #1845, #1851). + * Some failure messages sent back when failing an HTLC were corrected (#1895). + * `rapid-gossip-sync` no longer errors if an update is applied duplicatively + or in rare cases when the graph is updated from payment failures (#1833). + * Sending onion messages to a blinded path in which we're the introduction + node no longer fails (#1791). + +## Backwards Compatibility + * No `ChannelReady` events will be generated for previously existing channels, + including those which become ready after upgrading to 0.0.113 (#1743). + * Once `UserConfig::accept_intercept_htlcs` is set, downgrades to LDK versions + prior to 0.0.113 are not supported (#1835). + * Existing payments may see a `PaymentClaimable::user_channel_id` of 0 (#1856) + * When downgrading to a version of LDK prior to 0.0.113 when there are + resolved payments waiting for a small timeout, the payments may not be + removed, preventing payments with the same `PaymentId` (#1761). + +In total, this release features 76 files changed, 11639 insertions, 6067 +deletions in 210 commits from 18 authors, in alphabetical order: + * Antoine Riard + * Arik Sosman + * Devrandom + * Duncan Dean + * Elias Rohrer + * Gleb Naumenko + * Jeffrey Czyz + * John Cantrell + * Matt Corallo + * Tee8z + * Tobin C. Harding + * Tristan F + * Valentine Wallace + * Viktor Tigerström + * Wilmer Paulino + * benthecarman + * jurvis + * ssbright + + +# 0.0.112 - Oct 25, 2022 - "History Matters" + +## API Updates + * `Result<(), ChannelMonitorUpdateErr>` return values have been replaced with + a `ChannelMonitorUpdateStatus` trinary enum. This better denotes that + `ChannelMonitorUpdateStatus::InProgress` is not an error, but asynchronous + persistence of a monitor update. Note that asynchronous persistence still + has some edge cases and is not yet recommended for production (#1106). + * `ChannelMonitor` persistence failure no longer automatically broadcasts the + latest commitment transaction. See the + `ChannelMonitorUpdateStatus::PermanentFailure` docs for more info (#1106). + * `*Features::known` has been replaced with individual + `*MessageHandler::provided_*_features` methods (#1707). + * `OnionMessenger` now takes a `CustomOnionMessageHandler` implementation, + allowing you to send and receive custom onion messages (#1748). + * `ProbabilisticScorer` now tracks the historical distribution of liquidity + estimates for channels. See new `historical_*` parameters in + `ProbabilisticScoringParameters` for more details (#1625). + * `lightning-block-sync`'s `BlockSource` trait now supports BIP 157/158 + filtering clients by returning only header data for some blocks (#1706). + * `lightning-invoice`'s `Router` trait now accepts an `InFlightHtlcs` to + ensure we do not over-use a remote channel's funds during routing (#1694). + Note that this was previously backported to 0.0.111 for bindings users. + * `NetworkGraph::remove_stale_channels` has been renamed + `NetworkGraph::remove_stale_channels_and_tracking` as `NetworkGraph` now + refuses to re-add nodes and channels that were recently removed (#1649). + * The `lightning-rapid-gossip-sync` crate now supports `no-std` (#1708). + * The default `ProbabilisticScoringParameters::liquidity_offset_half_life` has + been increased to six hours from one (#1754). + * All commitment transaction building logic for anchor outputs now assumes the + no-HTLC-tx-fee variant (#1685). + * A number of missing `Eq` implementations were added (#1763). + +## Bug Fixes + * `lightning-background-processor` now builds without error with the `futures` + feature (#1744). + * `ChannelManager::get_persistable_update_future`'s returned `Future` has been + corrected to not fail to be awoken in some cases (#1758). + * Asynchronously performing the initial `ChannelMonitor` persistence is now + safe (#1678). + * Redundantly applying rapid gossip sync updates no longer `Err`s (#1764). + * Nodes which inform us via payment failures that they should no longer be + used are now removed from the network graph. Some LND nodes spuriously + generate this error and may remove themselves from our graph (#1649). + +In total, this release features 134 files changed, 6598 insertions, 4370 +deletions in 109 commits from 13 authors, in alphabetical order: + * Duncan Dean + * Elias Rohrer + * Gabriel Comte + * Gursharan Singh + * Jeffrey Czyz + * Jurvis Tan + * Matt Corallo + * Max Fang + * Paul Miller + * Valentine Wallace + * Viktor Tigerström + * Wilmer Paulino + * acid-bit + # 0.0.111 - Sep 12, 2022 - "Saturated with Messages" ## API Updates