From: Matt Corallo <git@bluematt.me>
Date: Mon, 28 Feb 2022 22:53:16 +0000 (+0000)
Subject: Update CHANGELOG with security info for 0.0.105
X-Git-Tag: v0.0.105^2
X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=d798ac15c0d23403b1a21db086388415f3666ed8;p=rust-lightning

Update CHANGELOG with security info for 0.0.105
---

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 780b6720d..c353a1bb9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -78,8 +78,19 @@
    0.0.104 or before and then upgrading again will invalidate existing phantom
    SCIDs which may be included in invoices (#1199).
 
-In total, this release features 108 files changed, 6914 insertions, 2095
-deletions in 102 commits from 15 authors, in alphabetical order:
+## Security
+0.0.105 fixes two denial-of-service vulnerabilities which may be reachable from
+untrusted input in certain application designs.
+
+ * Route calculation spuriously panics when a routing decision is made for a
+   path where the second-to-last hop is a private channel, included due to a
+   multi-hop route hint in an invoice.
+ * `ChannelMonitor::get_claimable_balances` spuriously panics in some scenarios
+   when the LDK application's local commitment transaction is confirmed while
+   HTLCs are still pending resolution.
+
+In total, this release features 109 files changed, 7270 insertions, 2131
+deletions in 108 commits from 15 authors, in alphabetical order:
  * Conor Okus
  * Devrandom
  * Elias Rohrer