X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=CHANGELOG.md;h=7736ce67ec6644c0aedd11ef0eed2d91427d9da0;hb=58f76f2800ec8590ebc2261dac96e8a68de63b79;hp=887b738ff3cbd5ad8ed69ae171ca8105d8db453c;hpb=c0bbd4d91877b3f7eca5b6aba877257acf4eec0b;p=rust-lightning diff --git a/CHANGELOG.md b/CHANGELOG.md index 887b738f..7736ce67 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,20 +1,729 @@ +# 0.0.111 - Sep 12, 2022 - "Saturated with Messages" + +## API Updates + * Support for relaying onion messages has been added via a new + `OnionMessenger` struct when passed as the `OnionMessageHandler` to a + `PeerManager`. Pre-encoded onion messages can also be sent and received + (#1503, #1650, #1652, #1688). + * Rate-limiting of outbound gossip syncs has been rewritten to utilize less + buffering inside LDK. The new rate-limiting is also used for onion messages + to avoid delaying other messages (#1604. #1660, #1683). + * Rather than spawning a full OS thread, `lightning-background-processor` has + a new `process_events_async` method which takes the place of a + `BackgroundProcessor` for those using Rust's async (#1657). + * `ChannelManager::get_persistable_update_future` has been added to block on + a ChannelManager needing re-persistence in a Rust async environment (#1657). + * The `Filter::register_output` return value has been removed, as it was + very difficult to correctly implement (i.e., without blocking). Users + previously using it should instead pass dependent transactions in via + additional `chain::Confirm::transactions_confirmed` calls (#1663). + * `ChannelHandshakeConfig::their_channel_reserve_proportional_millionths` has + been added to allow configuring counterparty reserve values (#1619). + * `KeysInterface::ecdh` has been added as an ECDH oracle (#1503, #1658). + * The `rust-bitcoin` dependency has been updated 0.29 (#1658). + * The `bitcoin_hashes` dependency has been updated 0.11 (#1677). + * `ChannelManager::broadcast_node_announcement` has been moved to + `PeerManager` (#1699). + * `channel_` and `node_announcement`s are now rebroadcast automatically to all + new peers which connect (#1699). + * `{Init,Node}Features` sent to peers/broadcasted are now fetched via the + various `*MessageHandler` traits, rather than hard-coded (#1701, #1688). + * `Event::PaymentPathFailed::rejected_by_dest` has been renamed + `payment_failed_permanently` (#1702). + * `Invoice` now derives the std `Hash` trait (#1575). + * `{Signed,}RawInvoice::hash` have been renamed `signable_hash` (#1714). + * `chain::AccessError` now derives the std `Debug` trait (#1709). + * `ReadOnlyNetworkGraph::list_{channels,nodes}` have been added largely for + users of downstream bindings (#1651). + * `ChannelMonitor::get_counterparty_node_id` is now available (#1635). + +## Bug Fixes + * The script compared with that returned from `chain::Access` was incorrect + ~half of the time, causing spurious gossip rejection (#1666). + * Pending in-flight HTLCs are now considered when calculating new routes, + ensuring, e.g. MPP retries do not take known-saturated paths (#1643). + * Counterparty-revoked outputs are now included in `get_claimable_balance` + output via a new `Balance::CounterpartyRevokedOutputClaimable` (#1495). + * Inbound HTLCs for which we do not (yet) have a preimage are now included in + `get_claimable_balance` via a `Balance::MaybePreimageClaimableHTLC` (#1673). + * Probes that fail prior to being sent over their first hop are correctly + failed with a `Event::ProbeFailed` rather than a `PaymentPathFailed` (#1704). + * Pending `Event::HTLCHandlingFailed`s are no longer lost on restart (#1700). + * HTLCs that fail prior to being sent over their first hop are now marked as + retryable via `!PaymentPathFailed::payment_failed_permanently` (#1702). + * Dust HTLCs are now considered failed in the payment tracking logic after the + commitment transaction confirms, allowing retry on restart (#1691). + * On machines with buggy "monotonic" clocks, LDK will no longer panic if time + goes backwards (#1692). + +## Backwards Compatibility + * The new `current_time` argument to `PeerManager` constructors must be set to + a UNIX timestamp for upgraded nodes; new nodes may use a counter (#1699). + * `Balance::CounterpartyRevokedOutputClaimable` will never be generated for + channels that were observed to go on-chain with LDK versions prior to + 0.0.111 (#1495). + * `ChannelMonitor::get_counterparty_node_id` will return `None` for all + channels opened on a version of LDK prior to 0.0.110 (#1635). + * Setting `their_channel_reserve_proportional_millionths` to any value other + than the default will cause LDK versions prior to 0.0.104 to be unable to + read the serialized `ChannelManager` (#1619). + +## Security +0.0.111 fixes a denial-of-service vulnerability which is reachable from +untrusted input in deployments accepting 0conf channels, or via a race-condition +in deployments creating outbound 0conf channels. + + * LDK versions prior to 0.0.111 may spuriously panic when receiving a block if + they are awaiting the construction of a funding transaction for a 0-conf + channel (#1711). 0-conf support was added in LDK version 0.0.107. + +In total, this release features 84 files changed, 6306 insertions, 1960 +deletions in 121 commits from 11 authors, in alphabetical order: + * Arik Sosman + * Devrandom + * Duncan Dean + * Elias Rohrer + * Gursharan Singh + * Matt Corallo + * NicolaLS + * Valentine Wallace + * Viktor Tigerström + * jurvis + * ok300 + + +# 0.0.110 - 2022-07-26 - "Routing, With a Vengeance" + +## API Updates + * `ChannelManager::send_probe` and `Score::probe_{failed,successful}` have + been added to make probing more explicit, as well as new + `Event::Probe{Failed,Successful}` events (#1567). + * `ProbabilisticScoringParameters::banned_nodes` has been renamed + `manual_node_penalties` and changed to take msat penalties (#1592). + * Per-payment tracking of failed paths was added to enable configuration of + `ProbabilisticScoringParameters::considered_impossible_penalty_msat` (#1600) + * `ProbabilisticScoringParameters::base_penalty_amount_multiplier_msat` was + added to allow a penalty that is only amount-dependent (#1617). + * `ProbabilisticScoringParameters::amount_penalty_multiplier_msat` was renamed + `liquidity_penalty_amount_multiplier_msat` (#1617). + * A new `Event::HTLCHandlingFailed` has been added which provides visibility + into failures to forward/claim accepted HTLCs (#1403). + * Support has been added for DNS hostnames in the `NetAddress` type, see + [BOLT PR #911](https://github.com/lightning/bolts/pull/911) (#1553). + * `GossipSync` now has `rapid`, `p2p`, and `none` constructors (#1618). + * `lightning-net-tokio` no longer requires types to be in `Arc`s (#1623). + * The `htlc_maximum_msat` field is now required in `ChannelUpdate` gossip + messages. In tests this rejects < 1% of channels (#1519). + * `ReadOnlyNetworkGraph::{channel,node}` have been added to query for + individual channel/node data, primarily for bindings users (#1543). + * `FeeEstimator` implementations are now wrapped internally to ensure values + below 253 sats/kW are never used (#1552). + * Route selection no longer attempts to randomize path selection. This is + unlikely to lead to a material change in the paths selected (#1610). + +## Bug Fixes + * Fixed a panic when deserializing `ChannelDetails` objects (#1588). + * When routing, channels are no longer fully saturated before MPP splits are + generated, instead a configuration knob was added as + `PaymentParameters::max_channel_saturation_power_of_half` (#1605). + * Fixed a panic which occurred in `ProbabilisticScorer` when wallclock time + goes backwards across a restart (#1603). + +## Serialization Compatibility + * All new fields are ignored by prior versions of LDK. All new fields are not + present when reading objects serialized by prior versions of LDK. + * Channel information written in the `NetworkGraph` which is missing + `htlc_maximum_msat` may be dropped on deserialization (#1519). + * Similarly, node information written in the `NetworkGraph` which contains an + invalid hostname may be dropped on deserialization (#1519). + +In total, this release features 79 files changed, 2935 insertions, 1363 +deletions in 52 commits from 9 authors, in alphabetical order: + * Duncan Dean + * Elias Rohrer + * Jeffrey Czyz + * Matt Corallo + * Max Fang + * Viktor Tigerström + * Willem Van Lint + * Wilmer Paulino + * jurvis + +# 0.0.109 - 2022-07-01 - "The Kitchen Sink" + +## API Updates + * `ChannelManager::update_channel_config` has been added to allow the fields + in `ChannelConfig` to be changed in a given channel after open (#1527). + * If we reconnect to a peer which proves we have a stale channel state, rather + than force-closing we will instead panic to provide an opportunity to switch + to the latest state and continue operating without channel loss (#1564). + * A `NodeAlias` struct has been added which handles string sanitization for + node aliases via the `Display` trait (#1544). + * `ProbabilisticScoringParameters` now has a `banned_nodes` set which we will + never route through during path finding (#1550). + * `ProbabilisticScoringParameters` now offers an `anti_probing_penalty_msat` + option to prefer channels which afford better privacy when routing (#1555). + * `ProbabilisticScorer` now provides access to its estimated liquidity range + for a given channel via `estimated_channel_liquidity_range` (#1549). + * `ChannelManager::force_close_channel` has been renamed + `force_close_broadcasting_latest_txn` and + `force_close_without_broadcasting_txn` has been added (#1564). + * Options which cannot be changed at runtime have been moved from + `ChannelConfig` to `ChannelHandshakeConfig` (#1529). + * `find_route` takes `&NetworkGraph` instead of `ReadOnlyNetworkGraph (#1583). + * `ChannelDetails` now contains a copy of the current `ChannelConfig` (#1527). + * The `lightning-invoice` crate now optionally depends on `serde`, with + `Invoice` implementing `serde::{Deserialize,Serialize}` if enabled (#1548). + * Several fields in `UserConfig` have been renamed for clarity (#1540). + +## Bug Fixes + * `find_route` no longer selects routes with more than + `PaymentParameters::max_mpp_path_count` paths, and + `ChannelManager::send_payment` no longer refuses to send along routes with + more than ten paths (#1526). + * Fixed two cases where HTLCs pending at the time a counterparty broadcasts a + revoked commitment transaction are considered resolved prior to their actual + resolution on-chain, possibly passing the update to another channel (#1486). + * HTLCs which are relayed through LDK may now have a total expiry time two + weeks in the future, up from one, reducing forwarding failures (#1532). + +## Serialization Compatibility + * All new fields are ignored by prior versions of LDK. All new fields are not + present when reading objects serialized by prior versions of LDK. + * `ChannelConfig`'s serialization format has changed and is not compatible + with any previous version of LDK. Attempts to read values written by a + previous version of LDK will fail and attempts to read newly written objects + using a previous version of LDK will fail. It is not expected that users are + serializing `ChannelConfig` using the LDK serialization API, however, if a + backward compatibility wrapper is required, please open an issue. + +## Security +0.0.109 fixes a denial-of-service vulnerability which is reachable from +untrusted input in some application deployments. + + * Third parties which are allowed to open channels with an LDK-based node may + fund a channel with a bogus and maliciously-crafted transaction which, when + spent, can cause a panic in the channel's corresponding `ChannelMonitor`. + Such a channel is never usable as it cannot be funded with a funding + transaction which matches the required output script, allowing the + `ChannelMonitor` for such channels to be safely purged as a workaround on + previous versions of LDK. Thanks to Eugene Siegel for reporting this issue. + +In total, this release features 32 files changed, 1948 insertions, 532 +deletions in 33 commits from 9 authors, in alphabetical order: + * Antoine Riard + * Daniel Granhão + * Elias Rohrer + * Jeffrey Czyz + * Matt Corallo + * Matt Faltyn + * NicolaLS + * Valentine Wallace + * Wilmer Paulino + + +# 0.0.108 - 2022-06-10 - "You Wanted It To Build?! Why Didn't You Say So?" + +## Bug Fixes + * Fixed `lightning-background-processor` build in release mode. + +In total, this release features 9 files changed, 120 insertions, 74 +deletions in 5 commits from 4 authors, in alphabetical order: + * Elias Rohrer + * Matt Corallo + * Max Fang + * Viktor Tigerström + +# 0.0.107 - 2022-06-08 - "BlueWallet's Wishlist" + +## API Updates + * Channels larger than 16777215 sats (Wumbo!) are now supported and can be + enabled for inbound channels using + `ChannelHandshakeLimits::max_funding_satoshis` (#1425). + * Support for feature `option_zeroconf`, allowing immediate forwarding of + payments after channel opening. This is configured for outbound channels + using `ChannelHandshakeLimits::trust_own_funding_0conf` whereas + `ChannelManager::accept_inbound_channel_from_trusted_peer_0conf` has to be + used for accepting inbound channels (#1401, #1505). + * `ChannelManager::claim_funds` no longer returns a `bool` to indicate success. + Instead, an `Event::PaymentClaimed` is generated if the claim was successful. + Likewise, `ChannelManager::fail_htlc_backwards` no longer has a return value + (#1434). + * `lightning-rapid-gossip-sync` is a new crate for syncing gossip data from a + server, primarily aimed at mobile devices (#1155). + * `RapidGossipSync` can be passed to `BackgroundProcessor` in order to persist + the `NetworkGraph` and handle `NetworkUpdate`s during event handling (#1433, + #1517). + * `NetGraphMsgHandler` has been renamed to `P2PGossipSync`, the `network_graph` + module has been renamed to `gossip`, and `NetworkUpdate::ChannelClosed` has + been renamed `NetworkUpdate::ChannelFailure` (#1159). + * Added a `filtered_block_connected` method to `chain::Listen` and a default + implementation of `block_connected` for those fetching filtered instead of + full blocks (#1453). + * The `lightning-block-sync` crate's `BlockSource` trait methods now take + `&self` instead of `&mut self` (#1307). + * `inbound_payment` module is now public to allow for creating invoices without + a `ChannelManager` (#1384). + * `lightning-block-sync`'s `init` and `poll` modules support `&dyn BlockSource` + which can be determined at runtime (#1423). + * `lightning-invoice` crate's `utils` now accept an expiration time (#1422, + #1474). + * `Event::PaymentForwarded` includes `prev_channel_id` and `next_channel_id` + (#1419, #1475). + * `chain::Watch::release_pending_monitor_events`' return type now associates + `MonitorEvent`s with funding `OutPoints` (#1475). + * `lightning-background-processor` crate's `Persister` trait has been moved to + `lightning` crate's `util::persist` module, which now has a general + `KVStorePersister` trait. Blanket implementations of `Persister` and + `chainmonitor::Persist` are given for types implementing `KVStorePersister`. + ` lightning-persister`'s `FilesystemPersister` implements `KVStorePersister` + (#1417). + * `ChannelDetails` and `ChannelCounterparty` include fields for HTLC minimum + and maximum values (#1378). + * Added a `max_inbound_htlc_value_in_flight_percent_of_channel` field to + `ChannelHandshakeConfig`, capping the total value of outstanding inbound + HTLCs for a channel (#1444). + * `ProbabilisticScorer` is parameterized by a `Logger`, which it uses to log + channel liquidity updates or lack thereof (#1405). + * `ChannelDetails` has an `outbound_htlc_limit_msat` field, which should be + used in routing instead of `outbound_capacity_msat` (#1435). + * `ProbabilisticScorer`'s channel liquidities can be logged via + `debug_log_liquidity_stats` (#1460). + * `BackgroundProcessor` now takes an optional `WriteableScore` which it will + persist using the `Persister` trait's new `persist_scorer` method (#1416). + * Upgraded to `bitcoin` crate version 0.28.1 (#1389). + * `ShutdownScript::new_witness_program` now takes a `WitnessVersion` instead of + a `NonZeroU8` (#1389). + * Channels will no longer be automatically force closed when the counterparty + is disconnected due to incompatibility (#1429). + * `ChannelManager` methods for funding, accepting, and closing channels now + take a `counterparty_node_id` parameter, which has also been added as a field + to `Event::FundingGenerationReady` (#1479, #1485). + * `InvoicePayer::new` now takes a `Retry` enum (replacing the `RetryAttempts` + struct), which supports both attempt- and timeout-based retrying (#1418). + * `Score::channel_penalty_msat` takes a `ChannelUsage` struct, which contains + the capacity as an `EffectiveCapacity` enum and any potential in-flight HTLC + value, rather than a single `u64`. Used by `ProbabilisticScorer` for more + accurate penalties (#1456). + * `build_route_from_hops` is a new function useful for constructing a `Route` + given a specific list of public keys (#1491). + * `FundingLocked` message has been renamed `ChannelReady`, and related + identifiers have been renamed accordingly (#1506). + * `core2::io` or `std::io` (depending on feature flags `no-std` or `std`) is + exported as a `lightning::io` module (#1504). + * The deprecated `Scorer` has been removed in favor or `ProbabilisticScorer` + (#1512). + +## Performance Improvements + * `lightning-persister` crate's `FilesystemPersister` is faster by 15x (#1404). + * Log gossip query messages at `GOSSIP` instead of `TRACE` to avoid + overwhelming default logging (#1421). + * `PeerManager` supports processing messages from different peers in parallel, + and this is taken advantage of in gossip processing (#1023). + * Greatly reduced per-channel and per-node memory usage due to upgrade of + `secp256k1` crate to 0.22.1 and `bitcoin` crate to 0.28.1 + * Reduced per-peer memory usage in `PeerManager` (#1472). + +## Spec Compliance + * `find_route` now assumes variable-length onions by default for nodes where + support for the feature is unknown (#1414). + * A `warn` message is now sent when receiving a `channel_reestablish` with an + old commitment transaction number rather than immediately force-closing the + channel (#1430). + * When a `channel_update` message is included in an onion error's `failuremsg`, + its message type is now encoded. Reading such messages is also supported + (#1465). + +## Bug Fixes + * Fixed a bug where crashing while persisting a `ChannelMonitorUpdate` for a + part of a multi-path payment could cause loss of funds due to a partial + payment claim on restart (#1434). + * `BackgroundProcessor` has been fixed to improve serialization reliability on + slow systems which can avoid force-closes (#1436). + * `gossip_timestamp_filter` filters are now honored when sending gossip to + peers (#1452). + * During a reorg, only force-close a channel if its funding transaction is + unconfirmed rather than as it loses confirmations (#1461). + * Fixed a rare panic in `lightning-net-tokio` when fetching a peer's socket + address after the connection has been closed caused by a race condition + (#1449). + * `find_route` will no longer return routes that would cause onion construction + to fail in some cases (#1476). + * `ProbabilisticScorer` uses more precision when approximating `log10` (#1406). + +## Serialization Compatibility + * All above new events/fields are ignored by prior clients. All above new + events/fields are not present when reading objects serialized by prior + versions of the library. + * `ChannelManager` serialization is no longer compatible with versions prior to + 0.0.99 (#1401). + * Channels with `option_zeroconf` feature enabled (not required for 0-conf + channel use) will be unreadable by versions prior to 0.0.107 (#1401, #1505). + +In total, this release features 96 files changed, 9304 insertions, 4503 +deletions in 153 commits from 18 authors, in alphabetical order: + * Arik Sosman + * Devrandom + * Duncan Dean + * Elias Rohrer + * Jeffrey Czyz + * John Cantrell + * John Corser + * Jurvis Tan + * Justin Moon + * KaFai Choi + * Matt Faltyn + * Matt Corallo + * Valentine Wallace + * Viktor Tigerström + * Vincenzo Palazzo + * atalw + * dependabot[bot] + * shamardy + + +# 0.0.106 - 2022-04-03 + +## API Updates + * Minimum supported rust version (MSRV) is now 1.41.1 (#1310). + * Lightning feature `option_scid_alias` is now supported and may be negotiated + when opening a channel with a peer. It can be configured via + `ChannelHandshakeConfig::negotiate_scid_privacy` and is off by default but + will be on by default in the future (#1351). + * `OpenChannelRequest` now has a `channel_type` field indicating the features + the channel will operate with and should be used to filter channels with + undesirable features (#1351). See the Serialization Compatibility section. + * `ChannelManager` supports sending and receiving short channel id aliases in + the `funding_locked` message. These are used when forwarding payments and + constructing invoice route hints for improved privacy. `ChannelDetails` has a + `inbound_scid_alias` field and a `get_inbound_payment_scid` method to support + the latter (#1311). + * `DefaultRouter` and `find_route` take an additional random seed to improve + privacy by adding a random CLTV expiry offset to each path's final hop. This + helps obscure the intended recipient from adversarial intermediate hops + (#1286). The seed is also used to randomize candidate paths during route + selection (#1359). + * The `lightning-block-sync` crate's `init::synchronize_listeners` method + interface has been relaxed to support multithreaded environments (#1349). + * `ChannelManager::create_inbound_payment_for_hash`'s documentation has been + corrected to remove the one-year restriction on `invoice_expiry_delta_secs`, + which is only applicable to the deprecated `create_inbound_payment_legacy` + and `create_inbound_payment_for_hash_legacy` methods (#1341). + * `Features` mutator methods now take `self` by reference instead of by value + (#1331). + * The CLTV of the last hop in a path is now included when comparing against + `RouteParameters::max_total_cltv_expiry_delta` (#1358). + * Invoice creation functions in `lightning-invoice` crate's `utils` module + include versions that accept a description hash instead of only a description + (#1361). + * `RoutingMessageHandler::sync_routing_table` has been renamed `peer_connected` + (#1368). + * `MessageSendEvent::SendGossipTimestampFilter` has been added to indicate that + a `gossip_timestamp_filter` should be sent (#1368). + * `PeerManager` takes an optional `NetAddress` in `new_outbound_connection` and + `new_inbound_connection`, which is used to report back the remote address to + the connecting peer in the `init` message (#1326). + * `ChannelManager::accept_inbound_channel` now takes a `user_channel_id`, which + is used in a similar manner as in outbound channels. (#1381). + * `BackgroundProcessor` now persists `NetworkGraph` on a timer and upon + shutdown as part of a new `Persister` trait, which also includes + `ChannelManager` persistence (#1376). + * `ProbabilisticScoringParameters` now has a `base_penalty_msat` option, which + default to 500 msats. It is applied at each hop to help avoid longer paths + (#1375). + * `ProbabilisticScoringParameters::liquidity_penalty_multiplier_msat`'s default + value is now 40,000 msats instead of 10,000 msats (#1375). + * The `lightning` crate has a `grind_signatures` feature used to produce + signatures with low r-values for more predictable transaction weight. This + feature is on by default (#1388). + * `ProbabilisticScoringParameters` now has a `amount_penalty_multiplier_msat` + option, which is used to further penalize large amounts (#1399). + * `PhantomRouteHints`, `FixedPenaltyScorer`, and `ScoringParameters` now + implement `Clone` (#1346). + +## Bug Fixes + * Fixed a compilation error in `ProbabilisticScorer` under `--feature=no-std` + (#1347). + * Invoice creation functions in `lightning-invoice` crate's `utils` module + filter invoice hints in order to limit the invoice size (#1325). + * Fixed a bug where a `funding_locked` message was delayed by a block if the + funding transaction was confirmed while offline, depending on the ordering + of `Confirm::transactions_confirmed` calls when brought back online (#1363). + * Fixed a bug in `NetGraphMsgHandler` where it didn't continue to receive + gossip messages from peers after initial connection (#1368, #1382). + * `ChannelManager::timer_tick_occurred` will now timeout a received multi-path + payment (MPP) after three ticks if not received in full instead of waiting + until near the HTLC timeout block(#1353). + * Fixed an issue with `find_route` causing it to be overly aggressive in using + MPP over channels to the same first hop (#1370). + * Reduced time spent processing `channel_update` messages by checking + signatures after checking if no newer messages have already been processed + (#1380). + * Fixed a few issues in `find_route` which caused preferring paths with a + higher cost (#1398). + * Fixed an issue in `ProbabilisticScorer` where a channel with not enough + liquidity could still be used when retrying a failed payment if it was on a + path with an overall lower cost (#1399). + +## Serialization Compatibility + * Channels open with `option_scid_alias` negotiated will be incompatible with + prior releases (#1351). This may occur in the following cases: + * Outbound channels when `ChannelHandshakeConfig::negotiate_scid_privacy` is + enabled. + * Inbound channels when automatically accepted from an `OpenChannel` message + with a `channel_type` that has `ChannelTypeFeatures::supports_scid_privacy` + return true. See `UserConfig::accept_inbound_channels`. + * Inbound channels when manually accepted from an `OpenChannelRequest` with a + `channel_type` that has `ChannelTypeFeatures::supports_scid_privacy` return + true. See `UserConfig::manually_accept_inbound_channels`. + +In total, this release features 43 files changed, 4052 insertions, 1274 +deletions in 75 commits from 11 authors, in alphabetical order: + * Devrandom + * Duncan Dean + * Elias Rohrer + * Jeffrey Czyz + * Jurvis Tan + * Luiz Parreira + * Matt Corallo + * Omar Shamardy + * Viktor Tigerström + * dependabot[bot] + * psycho-pirate + + +# 0.0.105 - 2022-02-28 + +## API Updates + * `Phantom node` payments are now supported, allowing receipt of a payment on + any one of multiple nodes without any coordination across the nodes being + required. See the new `PhantomKeysManager`'s docs for more, as well as + requirements on `KeysInterface::get_inbound_payment_key_material` and + `lightning_invoice::utils::create_phantom_invoice` (#1199). + * In order to support phantom node payments, several `KeysInterface` methods + now accept a `Recipient` parameter to select between the local `node_id` and + a phantom-specific one. + * `ProbabilisticScorer`, a `Score` based on learning the current balances of + channels in the network, was added. It attempts to better capture payment + success probability than the existing `Scorer`, though may underperform on + nodes with low payment volume. We welcome feedback on performance (#1227). + * `Score::channel_penalty_msat` now always takes the channel value, instead of + an `Option` (#1227). + * `UserConfig::manually_accept_inbound_channels` was added which, when set, + generates a new `Event::OpenChannelRequest`, which allows manual acceptance + or rejection of incoming channels on a per-channel basis (#1281). + * `Payee` has been renamed to `PaymentParameters` (#1271). + * `PaymentParameters` now has a `max_total_cltv_expiry_delta` field. This + defaults to 1008 and limits the maximum amount of time an HTLC can be pending + before it will either fail or be claimed (#1234). + * The `lightning-invoice` crate now supports no-std environments. This required + numerous API changes around timestamp handling and std+no-std versions of + several methods that previously assumed knowledge of the time (#1223, #1230). + * `lightning-invoice` now supports parsing invoices with expiry times of more + than one year. This required changing the semantics of `ExpiryTime` (#1273). + * The `CounterpartyCommitmentSecrets` is now public, allowing external uses of + the `BOLT 3` secret storage scheme (#1299). + * Several `Sign` methods now receive HTLC preimages as proof of state + transition, see new documentation for more (#1251). + * `KeysInterface::sign_invoice` now provides the HRP and other invoice data + separately to make it simpler for external signers to parse (#1272). + * `Sign::sign_channel_announcement` now returns both the node's signature and + the per-channel signature. `InMemorySigner` now requires the node's secret + key in order to implement this (#1179). + * `ChannelManager` deserialization will now fail if the `KeysInterface` used + has a different `node_id` than the `ChannelManager` expects (#1250). + * A new `ErrorAction` variant was added to send `warning` messages (#1013). + * Several references to `chain::Listen` objects in `lightning-block-sync` no + longer require a mutable reference (#1304). + +## Bug Fixes + * Fixed a regression introduced in 0.0.104 where `ChannelManager`'s internal + locks could have an order violation leading to a deadlock (#1238). + * Fixed cases where slow code (including user I/O) could cause us to + disconnect peers with ping timeouts in `BackgroundProcessor` (#1269). + * Now persist the `ChannelManager` prior to `BackgroundProcessor` stopping, + preventing race conditions where channels are closed on startup even with a + clean shutdown. This requires that users stop network processing and + disconnect peers prior to `BackgroundProcessor` shutdown (#1253). + * Fields in `ChannelHandshakeLimits` provided via the `override_config` to + `create_channel` are now applied instead of the default config (#1292). + * Fixed the generation of documentation on docs.rs to include API surfaces + which are hidden behind feature flags (#1303). + * Added the `channel_type` field to `accept_channel` messages we send, which + may avoid some future compatibility issues with other nodes (#1314). + * Fixed a bug where, if a previous LDK run using `lightning-persister` crashed + while persisting updated data, we may have failed to initialize (#1332). + * Fixed a rare bug where having both pending inbound and outbound HTLCs on a + just-opened inbound channel could cause `ChannelDetails::balance_msat` to + underflow and be reported as large, or cause panics in debug mode (#1268). + * Moved more instances of verbose gossip logging from the `Trace` level to the + `Gossip` level (#1220). + * Delayed `announcement_signatures` until the channel has six confirmations, + slightly improving propagation of channel announcements (#1179). + * Several fixes in script and transaction weight calculations when anchor + outputs are enabled (#1229). + +## Serialization Compatibility + * Using `ChannelManager` data written by versions prior to 0.0.105 will result + in preimages for HTLCs that were pending at startup to be missing in calls + to `KeysInterface` methods (#1251). + * Any phantom invoice payments received on a node that is not upgraded to + 0.0.105 will fail with an "unknown channel" error. Further, downgrading to + 0.0.104 or before and then upgrading again will invalidate existing phantom + SCIDs which may be included in invoices (#1199). + +## Security +0.0.105 fixes two denial-of-service vulnerabilities which may be reachable from +untrusted input in certain application designs. + + * Route calculation spuriously panics when a routing decision is made for a + path where the second-to-last hop is a private channel, included due to a + multi-hop route hint in an invoice. + * `ChannelMonitor::get_claimable_balances` spuriously panics in some scenarios + when the LDK application's local commitment transaction is confirmed while + HTLCs are still pending resolution. + +In total, this release features 109 files changed, 7270 insertions, 2131 +deletions in 108 commits from 15 authors, in alphabetical order: + * Conor Okus + * Devrandom + * Elias Rohrer + * Jeffrey Czyz + * Jurvis Tan + * Ken Sedgwick + * Matt Corallo + * Naveen + * Tibo-lg + * Valentine Wallace + * Viktor Tigerström + * dependabot[bot] + * hackerrdave + * naveen + * vss96 + + +# 0.0.104 - 2021-12-17 + +## API Updates + * A `PaymentFailed` event is now provided to indicate a payment has failed + fully. This event is generated either after + `ChannelManager::abandon_payment` is called for a given payment, or the + payment times out, and there are no further pending HTLCs for the payment. + This event should be used to detect payment failure instead of + `PaymentPathFailed::all_paths_failed`, unless no payment retries occur via + `ChannelManager::retry_payment` (#1202). + * Payment secrets are now generated deterministically using material from + the new `KeysInterface::get_inbound_payment_key_material` (#1177). + * A `PaymentPathSuccessful` event has been added to ease passing success info + to a scorer, along with a `Score::payment_path_successful` method to accept + such info (#1178, #1197). + * `Score::channel_penalty_msat` has additional arguments describing the + channel's capacity and the HTLC amount being sent over the channel (#1166). + * A new log level `Gossip` has been added, which is used for verbose + information generated during network graph sync. Enabling the + `max_level_trace` feature or ignoring `Gossip` log entries reduces log + growth during initial start up from many GiB to several MiB (#1145). + * The `allow_wallclock_use` feature has been removed in favor of only using + the `std` and `no-std` features (#1212). + * `NetworkGraph` can now remove channels that we haven't heard updates for in + two weeks with `NetworkGraph::remove_stale_channels{,with_time}`. The first + is called automatically if a `NetGraphMsgHandler` is passed to + `BackgroundProcessor::start` (#1212). + * `InvoicePayer::pay_pubkey` was added to enable sending "keysend" payments to + supported recipients, using the `InvoicePayer` to handle retires (#1160). + * `user_payment_id` has been removed from `PaymentPurpose`, and + `ChannelManager::create_inbound_payment{,_for_hash}` (#1180). + * Updated documentation for several `ChannelManager` functions to remove stale + references to panics which no longer occur (#1201). + * The `Score` and `LockableScore` objects have moved into the + `routing::scoring` module instead of being in the `routing` module (#1166). + * The `Time` parameter to `ScorerWithTime` is no longer longer exposed, + instead being fixed based on the `std`/`no-std` feature (#1184). + * `ChannelDetails::balance_msat` was added to fetch a channel's balance + without subtracting the reserve values, lining up with on-chain claim amounts + less on-chain fees (#1203). + * An explicit `UserConfig::accept_inbound_channels` flag is now provided, + removing the need to set `min_funding_satoshis` to > 21 million BTC (#1173). + * Inbound channels that fail to see the funding transaction confirm within + 2016 blocks are automatically force-closed with + `ClosureReason::FundingTimedOut` (#1083). + * We now accept a channel_reserve value of 0 from counterparties, as it is + insecure for our counterparty but not us (#1163). + * `NetAddress::OnionV2` parsing was removed as version 2 onion services are no + longer supported in modern Tor (#1204). + * Generation and signing of anchor outputs is now supported in the + `KeysInterface`, though no support for them exists in the channel itself (#1176) + +## Bug Fixes + * Fixed a race condition in `InvoicePayer` where paths may be retried after + the retry count has been exceeded. In this case the + `Event::PaymentPathFailed::all_paths_failed` field is not a reliable payment + failure indicator. There was no acceptable alternative indicator, + `Event::PaymentFailed` as been added to provide one (#1202). + * Reduced the blocks-before-timeout we expect of outgoing HTLCs before + refusing to forward. This check was overly strict and resulted in refusing + to forward som HTLCs to a next hop that had a lower security threshold than + us (#1119). + * LDK no longer attempt to update the channel fee for outbound channels when + we cannot afford the new fee. This could have caused force-closure by our + channel counterparty (#1054). + * Fixed several bugs which may have prevented the reliable broadcast of our + own channel announcements and updates (#1169). + * Fixed a rare bug which may have resulted in spurious route finding failures + when using last-hop hints and MPP with large value payments (#1168). + * `KeysManager::spend_spendable_outputs` no longer adds a change output that + is below the dust threshold for non-standard change scripts (#1131). + * Fixed a minor memory leak when attempting to send a payment that fails due + to an error when updating the `ChannelMonitor` (#1143). + * Fixed a bug where a `FeeEstimator` that returns values rounded to the next + sat/vbyte may result in force-closures (#1208). + * Handle MPP timeout HTLC error codes, instead of considering the recipient to + have sent an invalid error, removing them from the network graph (#1148) + +## Serialization Compatibility + * All above new events/fields are ignored by prior clients. All above new + events/fields are not present when reading objects serialized by prior + versions of the library. + * Payment secrets are now generated deterministically. This reduces the memory + footprint for inbound payments, however, newly-generated inbound payments + using `ChannelManager::create_inbound_payment{,_for_hash}` will not be + receivable using versions prior to 0.0.104. + `ChannelManager::create_inbound_payment{,_for_hash}_legacy` are provided for + backwards compatibility (#1177). + * `PaymentPurpose::InvoicePayment::user_payment_id` will be 0 when reading + objects written with 0.0.104 when read by 0.0.103 and previous (#1180). + +In total, this release features 51 files changed, 5356 insertions, 2238 +deletions in 107 commits from 9 authors, in alphabetical order: + * Antoine Riard + * Conor Okus + * Devrandom + * Duncan Dean + * Elias Rohrer + * Jeffrey Czyz + * Ken Sedgwick + * Matt Corallo + * Valentine Wallace + + # 0.0.103 - 2021-11-02 ## API Updates * This release is almost entirely focused on a new API in the `lightning-invoice` crate - the `InvoicePayer`. `InvoicePayer` is a - struct which takes a reference to a `ChannelManager` and a `NetworkGraph` + struct which takes a reference to a `ChannelManager` and a `Router` and retries payments as paths fail. It limits retries to a configurable number, but is not serialized to disk and may retry additional times across a serialization/load. In order to learn about failed payments, it must receive `Event`s directly from the `ChannelManager`, wrapping a user-provided `EventHandler` which it provides all unhandled events to (#1059). - * `get_route` has been renamed `find_route` (#1059) and now takes a `Payee` - struct in replacement of a number of its long list of arguments (#1134). - `Payee` is further stored in the `Route` object returned and provided in the - `RouteParameters` contained in `Event::PaymentPathFailed` (#1059). - * `ChannelMonitor`s must now be persisted after calls which provide new block + * `get_route` has been renamed `find_route` (#1059) and now takes a + `RouteParameters` struct in replacement of a number of its long list of + arguments (#1134). The `Payee` in the `RouteParameters` is stored in the + `Route` object returned and provided in the `RouteParameters` contained in + `Event::PaymentPathFailed` (#1059). + * `ChannelMonitor`s must now be persisted after calls that provide new block data, prior to `MonitorEvent`s being passed back to `ChannelManager` for processing. If you are using a `ChainMonitor` this is handled for you. The `Persist` API has been updated to `Option`ally take the @@ -29,6 +738,9 @@ * `Event::PaymentSent` now includes the full fee which was spent across all payment paths which were fulfilled or pending when the payment was fulfilled (#1142). + * `Event::PaymentSent` and `Event::PaymentPathFailed` now include the + `PaymentId` which matches the `PaymentId` returned from + `ChannelManager::send_payment` or `InvoicePayer::pay_invoice` (#1059). * `NetGraphMsgHandler` now takes a `Deref` to the `NetworkGraph`, allowing for shared references to the graph data to make serialization and references to the graph data in the `InvoicePayer`'s `Router` simpler (#1149). @@ -36,16 +748,18 @@ `NodeId` of both the source and destination nodes of a channel (#1133). ## Bug Fixes - * Delay disconnecting peers if we receive messages from them even if it takes - a while to receive a pong from them. Further, avoid sending too many gossip - messages between pings to ensure we should always receive pongs in a timely - manner. Together, these should significantly reduce instances of us failing - to remain connected to a peer during initial gossip sync (#1137). - * If a payment is sent, creating an outbound HTLC and sending it to our + * Previous versions would often disconnect peers during initial graph sync due + to ping timeouts while processing large numbers of gossip messages. We now + delay disconnecting peers if we receive messages from them even if it takes + a while to receive a pong from them. Further, we avoid sending too many + gossip messages between pings to ensure we should always receive pongs in a + timely manner (#1137). + * If a payment was sent, creating an outbound HTLC and sending it to our counterparty (implying the `ChannelMonitor` was persisted on disk), but the `ChannelManager` was not persisted prior to shutdown/crash, no - `Event::PaymentPathFailed` event will be generated if the HTLC is eventually - failed on chain (#1104). + `Event::PaymentPathFailed` event was generated if the HTLC was eventually + failed on chain. Events are now consistent irrespective of `ChannelManager` + persistence or non-persistence (#1104). ## Serialization Compatibility * All above new Events/fields are ignored by prior clients. All above new @@ -244,7 +958,7 @@ deletions in 89 commits from 12 authors, in alphabetical order: * vss96 -# 0.0.100 - 2021-08-17 +# 0.0.100 - 2021-08-17 - "Oh, so *that's* what's going on inside the box" ## API Updates * The `lightning` crate can now be built in no_std mode, making it easy to @@ -337,7 +1051,7 @@ In total, this release features 59 files changed, 5861 insertions, and 2082 deletions in 95 commits from 6 authors. -# 0.0.99 - 2021-07-09 +# 0.0.99 - 2021-07-09 - "It's a Bugz Life" ## API Updates @@ -408,7 +1122,7 @@ deletions in 95 commits from 6 authors. versions. If you have such a `ChannelManager` available, a simple patch will allow it to deserialize. Please file an issue if you need assistance (#973). -# 0.0.98 - 2021-06-11 +# 0.0.98 - 2021-06-11 - "It's ALIVVVVEEEEEEE" 0.0.98 should be considered a release candidate to the first alpha release of Rust-Lightning and the broader LDK. It represents several years of work