+# 0.0.123 - May 08, 2024 - "BOLT12 Dust Sweeping"
+
+## API Updates
+
+ * To reduce risk of force-closures and improve HTLC reliability the default
+ dust exposure limit has been increased to
+ `MaxDustHTLCExposure::FeeRateMultiplier(10_000)`. Users with existing
+ channels might want to consider using
+ `ChannelManager::update_channel_config` to apply the new default (#3045).
+ * `ChainMonitor::archive_fully_resolved_channel_monitors` is now provided to
+ remove from memory `ChannelMonitor`s that have been fully resolved on-chain
+ and are now not needed. It uses the new `Persist::archive_persisted_channel`
+ to inform the storage layer that such a monitor should be archived (#2964).
+ * An `OutputSweeper` is now provided which will automatically sweep
+ `SpendableOutputDescriptor`s, retrying until the sweep confirms (#2825).
+ * After initiating an outbound channel, a peer disconnection no longer results
+ in immediate channel closure. Rather, if the peer is reconnected before the
+ channel times out LDK will automatically retry opening it (#2725).
+ * `PaymentPurpose` now has separate variants for BOLT12 payments, which
+ include fields from the `invoice_request` as well as the `OfferId` (#2970).
+ * `ChannelDetails` now includes a list of in-flight HTLCs (#2442).
+ * `Event::PaymentForwarded` now includes `skimmed_fee_msat` (#2858).
+ * The `hashbrown` dependency has been upgraded and the use of `ahash` as the
+ no-std hash table hash function has been removed. As a consequence, LDK's
+ `Hash{Map,Set}`s no longer feature several constructors when LDK is built
+ with no-std; see the `util::hash_tables` module instead. On platforms that
+ `getrandom` supports, setting the `possiblyrandom/getrandom` feature flag
+ will ensure hash tables are resistant to HashDoS attacks, though the
+ `possiblyrandom` crate should detect most common platforms (#2810, #2891).
+ * `ChannelMonitor`-originated requests to the `ChannelSigner` can now fail and
+ be retried using `ChannelMonitor::signer_unblocked` (#2816).
+ * `SpendableOutputDescriptor::to_psbt_input` now includes the `witness_script`
+ where available as well as new proprietary data which can be used to
+ re-derive some spending keys from the base key (#2761, #3004).
+ * `OutPoint::to_channel_id` has been removed in favor of
+ `ChannelId::v1_from_funding_outpoint` in preparation for v2 channels with a
+ different `ChannelId` derivation scheme (#2797).
+ * `PeerManager::get_peer_node_ids` has been replaced with `list_peers` and
+ `peer_by_node_id`, which provide more details (#2905).
+ * `Bolt11Invoice::get_payee_pub_key` is now provided (#2909).
+ * `Default[Message]Router` now take an `entropy_source` argument (#2847).
+ * `ClosureReason::HTLCsTimedOut` has been separated out from
+ `ClosureReason::HolderForceClosed` as it is the most common case (#2887).
+ * `ClosureReason::CooperativeClosure` is now split into
+ `{Counterparty,Locally}Initiated` variants (#2863).
+ * `Event::ChannelPending::channel_type` is now provided (#2872).
+ * `PaymentForwarded::{prev,next}_user_channel_id` are now provided (#2924).
+ * Channel init messages have been refactored towards V2 channels (#2871).
+ * `BumpTransactionEvent` now contains the channel and counterparty (#2873).
+ * `util::scid_utils` is now public, with some trivial utilities to examine
+ short channel ids (#2694).
+ * `DirectedChannelInfo::{source,target}` are now public (#2870).
+ * Bounds in `lightning-background-processor` were simplified by using
+ `AChannelManager` (#2963).
+ * The `Persist` impl for `KVStore` no longer requires `Sized`, allowing for
+ the use of `dyn KVStore` as `Persist` (#2883, #2976).
+ * `From<PaymentPreimage>` is now implemented for `PaymentHash` (#2918).
+ * `NodeId::from_slice` is now provided (#2942).
+ * `ChannelManager` deserialization may now fail with `DangerousValue` when
+ LDK's persistence API was violated (#2974).
+
+## Bug Fixes
+ * Excess fees on counterparty commitment transactions are now included in the
+ dust exposure calculation. This lines behavior up with some cases where
+ transaction fees can be burnt, making them effectively dust exposure (#3045).
+ * `Future`s used as an `std::...::Future` could grow in size unbounded if it
+ was never woken. For those not using async persistence and using the async
+ `lightning-background-processor`, this could cause a memory leak in the
+ `ChainMonitor` (#2894).
+ * Inbound channel requests that fail in
+ `ChannelManager::accept_inbound_channel` would previously have stalled from
+ the peer's perspective as no `error` message was sent (#2953).
+ * Blinded path construction has been tuned to select paths more likely to
+ succeed, improving BOLT12 payment reliability (#2911, #2912).
+ * After a reorg, `lightning-transaction-sync` could have failed to follow a
+ transaction that LDK needed information about (#2946).
+ * `RecipientOnionFields`' `custom_tlvs` are now propagated to recipients when
+ paying with blinded paths (#2975).
+ * `Event::ChannelClosed` is now properly generated and peers are properly
+ notified for all channels that as a part of a batch channel open fail to be
+ funded (#3029).
+ * In cases where user event processing is substantially delayed such that we
+ complete multiple round-trips with our peers before a `PaymentSent` event is
+ handled and then restart without persisting the `ChannelManager` after having
+ persisted a `ChannelMonitor[Update]`, on startup we may have `Err`d trying to
+ deserialize the `ChannelManager` (#3021).
+ * If a peer has relatively high latency, `PeerManager` may have failed to
+ establish a connection (#2993).
+ * `ChannelUpdate` messages broadcasted for our own channel closures are now
+ slightly more robust (#2731).
+ * Deserializing malformed BOLT11 invoices may have resulted in an integer
+ overflow panic in debug builds (#3032).
+ * In exceedingly rare cases (no cases of this are known), LDK may have created
+ an invalid serialization for a `ChannelManager` (#2998).
+ * Message processing latency handling BOLT12 payments has been reduced (#2881).
+ * Latency in processing `Event::SpendableOutputs` may be reduced (#3033).
+
+## Node Compatibility
+ * LDK's blinded paths were inconsistent with other implementations in several
+ ways, which have been addressed (#2856, #2936, #2945).
+ * LDK's messaging blinded paths now support the latest features which some
+ nodes may begin relying on soon (#2961).
+ * LDK's BOLT12 structs have been updated to support some last-minute changes to
+ the spec (#3017, #3018).
+ * CLN v24.02 requires the `gossip_queries` feature for all peers, however LDK
+ by default does not set it for those not using a `P2PGossipSync` (e.g. those
+ using RGS). This change was reverted in CLN v24.02.2 however for now LDK
+ always sets the `gossip_queries` feature. This change is expected to be
+ reverted in a future LDK release (#2959).
+
+## Security
+0.0.123 fixes a denial-of-service vulnerability which we believe to be reachable
+from untrusted input when parsing invalid BOLT11 invoices containing non-ASCII
+characters.
+ * BOLT11 invoices with non-ASCII characters in the human-readable-part may
+ cause an out-of-bounds read attempt leading to a panic (#3054). Note that all
+ BOLT11 invoices containing non-ASCII characters are invalid.
+
+In total, this release features 150 files changed, 19307 insertions, 6306
+deletions in 360 commits since 0.0.121 from 17 authors, in alphabetical order:
+
+ * Arik Sosman
+ * Duncan Dean
+ * Elias Rohrer
+ * Evan Feenstra
+ * Jeffrey Czyz
+ * Keyue Bao
+ * Matt Corallo
+ * Orbital
+ * Sergi Delgado Segura
+ * Valentine Wallace
+ * Willem Van Lint
+ * Wilmer Paulino
+ * benthecarman
+ * jbesraa
+ * olegkubrakov
+ * optout
+ * shaavan
+
+
+# 0.0.122 - Apr 09, 2024 - "That Which Is Untested Is Broken"
+
+## Bug Fixes
+ * `Route` objects did not successfully round-trip through de/serialization
+ since LDK 0.0.117, which has now been fixed (#2897).
+ * Correct deserialization of unknown future enum variants. This ensures
+ downgrades from future versions of LDK do not result in read failures or
+ corrupt reads in cases where enums are written (#2969).
+ * When hitting lnd bug 6039, our workaround previously resulted in
+ `ChannelManager` persistences on every round-trip with our peer. These
+ useless persistences are now skipped (#2937).
+
+In total, this release features 4 files changed, 99 insertions, 55
+deletions in 6 commits from 1 author, in alphabetical order:
+ * Matt Corallo
+
+
+# 0.0.121 - Jan 22, 2024 - "Unwraps are Bad"
+
+## Bug Fixes
+ * Fix a deadlock when calling `batch_funding_transaction_generated` with
+ invalid input (#2841).
+
+## Security
+0.0.121 fixes a denial-of-service vulnerability which is reachable from
+untrusted input from peers in rare cases if we have a public channel or in
+common cases if `P2PGossipSync` is used.
+ * A peer that failed to complete its handshake would cause a reachable
+ `unwrap` in LDK since 0.0.119 when LDK attempts to broadcast gossip to all
+ peers (#2842).
+
+In total, this release features 4 files changed, 52 insertions, 10
+deletions in 4 commits from 2 authors, in alphabetical order:
+ * Jeffrey Czyz
+ * Matt Corallo
+
+
+# 0.0.120 - Jan 17, 2024 - "Unblinded Fuzzers"
+
+## API Updates
+ * The `PeerManager` bound on `UtxoLookup` was removed entirely. This enables
+ use of `UtxoLookup` in cases broken in 0.0.119 by #2773 (#2822).
+ * LDK now exposes and fully implements the route blinding feature (#2812).
+ * The `lightning-transaction-sync` crate no longer relies on system time
+ without the `time` feature (#2799, #2817).
+ * `lightning::onion_message`'s module layout has changed (#2821).
+ * `Event::ChannelClosed` now includes the `channel_funding_txo` (#2800).
+ * `CandidateRouteHop` variants were destructured into individual structs,
+ hiding some fields which were not generally consumable (#2802).
+
+## Bug Fixes
+ * Fixed a rare issue where `lightning-net-tokio` may not fully flush its send
+ buffer, leading to connection hangs (#2832).
+ * Fixed a panic which may occur when connecting to a peer if we opened a second
+ channel with that peer while they were disconnected (#2808).
+ * Retries for a payment which previously failed in a blinded path will now
+ always use an alternative blinded path (#2818).
+ * `Feature`'s `Eq` and `Hash` implementation now ignore dummy bytes (#2808).
+ * Some missing `DiscardFunding` or `ChannelClosed` events are now generated in
+ rare funding-related failures (#2809).
+ * Fixed a privacy issue in blinded path generation where the real
+ `cltv_expiry_delta` would be exposed to senders (#2831).
+
+## Security
+0.0.120 fixes a denial-of-service vulnerability which is reachable from
+untrusted input from peers if the `UserConfig::manually_accept_inbound_channels`
+option is enabled.
+ * A peer that sent an `open_channel` message with the `channel_type` field
+ unfilled would trigger a reachable `unwrap` since LDK 0.0.117 (#2808).
+ * In protocols where a funding output is shared with our counterparty before
+ it is given to LDK, a malicious peer could have caused a reachable panic
+ by reusing the same funding info in (#2809).
+
+In total, this release features 67 files changed, 3016 insertions, 2473
+deletions in 79 commits from 9 authors, in alphabetical order:
+ * Elias Rohrer
+ * Jeffrey Czyz
+ * José A.P
+ * Matt Corallo
+ * Tibo-lg
+ * Valentine Wallace
+ * benthecarman
+ * optout
+ * shuoer86
+
+
+# 0.0.119 - Dec 15, 2023 - "Spring Cleaning for Christmas"
+
+## API Updates
+ * The LDK crate ecosystem MSRV has been increased to 1.63 (#2681).
+ * The `bitcoin` dependency has been updated to version 0.30 (#2740).
+ * `lightning-invoice::payment::*` have been replaced with parameter generation
+ via `payment_parameters_from[_zero_amount]_invoice` (#2727).
+ * `{CoinSelection,Wallet}Source::sign_tx` are now `sign_psbt`, providing more
+ information, incl spent outputs, about the transaction being signed (#2775).
+ * Logger `Record`s now include `channel_id` and `peer_id` fields. These are
+ opportunistically filled in when a log record is specific to a given channel
+ and/or peer, and may occasionally be spuriously empty (#2314).
+ * When handling send or reply onion messages (e.g. for BOLT12 payments), a new
+ `Event::ConnectionNeeded` may be raised, indicating a direct connection
+ should be made to a payee or an introduction point. This event is expected to
+ be removed once onion message forwarding is widespread in the network (#2723)
+ * Scoring data decay now happens via `ScoreUpDate::time_passed`, called from
+ `lightning-background-processor`. `process_events_async` now takes a new
+ time-fetch function, and `ScoreUpDate` methods now take the current time as a
+ `Duration` argument. This avoids fetching time during pathfinding (#2656).
+ * Receiving payments to multi-hop blinded paths is now supported (#2688).
+ * `MessageRouter` and `Router` now feature methods to generate blinded paths to
+ the local node for incoming messages and payments. `Router` now extends
+ `MessageRouter`, and both are used in `ChannelManager` when processing or
+ creating BOLT12 structures to generate multi-hop blinded paths (#1781).
+ * `lightning-transaction-sync` now supports Electrum-based sync (#2685).
+ * `Confirm::get_relevant_txids` now returns the height at which a transaction
+ was confirmed. This can be used to assist in reorg detection (#2685).
+ * `ConfirmationTarget::MaxAllowedNonAnchorChannelRemoteFee` has been removed.
+ Non-anchor channel feerates are bounded indirectly through
+ `ChannelConfig::max_dust_htlc_exposure` (#2696).
+ * `lightning-invoice` `Description`s now rely on `UntrustedString` for
+ sanitization (#2730).
+ * `ScoreLookUp::channel_penalty_msat` now uses `CandidateRouteHop` (#2551).
+ * The `EcdsaChannelSigner` trait was moved to `lightning::sign::ecdsa` (#2512).
+ * `SignerProvider::get_destination_script` now takes `channel_keys_id` (#2744)
+ * `SpendableOutputDescriptor::StaticOutput` now has `channel_keys_id` (#2749).
+ * `EcdsaChannelSigner::sign_counterparty_commitment` now takes HTLC preimages
+ for both inbound and outbound HTLCs (#2753).
+ * `ClaimedHTLC` now includes a `counterparty_skimmed_fee_msat` field (#2715).
+ * `peel_payment_onion` was added to decode an encrypted onion for a payment
+ without receiving an HTLC. This allows for stateless verification of if a
+ theoretical payment would be accepted prior to receipt (#2700).
+ * `create_payment_onion` was added to construct an encrypted onion for a
+ payment path without sending an HTLC immediately (#2677).
+ * Various keys used in channels are now wrapped to provide type-safety for
+ specific usages of the keys (#2675).
+ * `TaggedHash` now includes the raw `tag` and `merkle_root` (#2687).
+ * `Offer::is_expired_no_std` was added (#2689).
+ * `PaymentPurpose::preimage()` was added (#2768).
+ * `temporary_channel_id` can now be specified in `create_channel` (#2699).
+ * Wire definitions for splicing messages were added (#2544).
+ * Various `lightning-invoice` structs now impl `Display`, now have pub fields,
+ or impl `From` (#2730).
+ * The `Hash` trait is now implemented for more structs, incl P2P msgs (#2716).
+
+## Performance Improvements
+ * Memory allocations (though not memory usage) have been substantially reduced,
+ meaning less overhead and hopefully less memory fragmentation (#2708, #2779).
+
+## Bug Fixes
+ * Since 0.0.117, calling `close_channel*` on a channel which has not yet been
+ funded would previously result in an infinite loop and hang (#2760).
+ * Since 0.0.116, sending payments requiring data in the onion for the recipient
+ which was too large for the onion may have caused corruption which resulted
+ in payment failure (#2752).
+ * Cooperative channel closure on channels with remaining output HTLCs may have
+ spuriously force-closed (#2529).
+ * In LDK versions 0.0.116 through 0.0.118, in rare cases where skimmed fees are
+ present on shutdown the `ChannelManager` may fail to deserialize (#2735).
+ * `ChannelConfig::max_dust_exposure` values which, converted to absolute fees,
+ exceeded 2^63 - 1 would result in an overflow and could lead to spurious
+ payment failures or channel closures (#2722).
+ * In cases where LDK is operating with provably-stale state, it panics to
+ avoid funds loss. This may not have happened in cases where LDK was behind
+ only exactly one state, leading instead to a revoked broadcast and funds
+ loss (#2721).
+ * Fixed a bug where decoding `Txid`s from Bitcoin Core JSON-RPC responses using
+ `lightning-block-sync` would not properly byte-swap the hash. Note that LDK
+ does not use this API internally (#2796).
+
+## Backwards Compatibility
+ * `ChannelManager`s written with LDK 0.0.119 are no longer readable by versions
+ of LDK prior to 0.0.113. Users wishing to downgrade to LDK 0.0.112 or before
+ can read an 0.0.119-serialized `ChannelManager` with a version of LDK from
+ 0.0.113 to 0.0.118, re-serialize it, and then downgrade (#2708).
+ * Nodes that upgrade to 0.0.119 and subsequently downgrade after receiving a
+ payment to a blinded path may leak recipient information if one or more of
+ those HTLCs later fails (#2688).
+ * Similarly, forwarding a blinded HTLC and subsequently downgrading to an LDK
+ version prior to 0.0.119 may result in leaking the path information to the
+ payment sender (#2540).
+
+In total, this release features 148 files changed, 13780 insertions, 6279
+deletions in 280 commits from 22 authors, in alphabetical order:
+ * Arik Sosman
+ * Chris Waterson
+ * Elias Rohrer
+ * Evan Feenstra
+ * Gursharan Singh
+ * Jeffrey Czyz
+ * John Cantrell
+ * Lalitmohansharma1
+ * Matt Corallo
+ * Matthew Rheaume
+ * Orbital
+ * Rachel Malonson
+ * Valentine Wallace
+ * Willem Van Lint
+ * Wilmer Paulino
+ * alexanderwiederin
+ * benthecarman
+ * henghonglee
+ * jbesraa
+ * olegkubrakov
+ * optout
+ * shaavan
+
+
+# 0.0.118 - Oct 23, 2023 - "Just the Twelve Sinks"
+
+## API Updates
+ * BOLT12 sending and receiving is now supported as an alpha feature. You may
+ run into unexpected issues and will need to have a direct connection with
+ the offer's blinded path introduction points as messages are not yet routed.
+ We are seeking feedback from early testers (#2578, #2039).
+ * `ConfirmationTarget` has been rewritten to provide information about the
+ specific use LDK needs the feerate estimate for, rather than the generic
+ low-, medium-, and high-priority estimates. This allows LDK users to more
+ accurately target their feerate estimates (#2660). For those wishing to
+ retain their existing behavior, see the table below for conversion.
+ * `ChainHash` is now used in place of `BlockHash` where it represents the
+ genesis block (#2662).
+ * `lightning-invoice` payment utilities now take a `Deref` to
+ `AChannelManager` (#2652).
+ * `peel_onion` is provided to statelessly decode an `OnionMessage` (#2599).
+ * `ToSocketAddrs` + `Display` are now impl'd for `SocketAddress` (#2636, #2670)
+ * `Display` is now implemented for `OutPoint` (#2649).
+ * `Features::from_be_bytes` is now provided (#2640).
+
+For those moving to the new `ConfirmationTarget`, the new variants in terms of
+the old mempool/low/medium/high priorities are as follows:
+ * `OnChainSweep` = `HighPriority`
+ * `MaxAllowedNonAnchorChannelRemoteFee` = `max(25 * 250, HighPriority * 10)`
+ * `MinAllowedAnchorChannelRemoteFee` = `MempoolMinimum`
+ * `MinAllowedNonAnchorChannelRemoteFee` = `Background - 250`
+ * `AnchorChannelFee` = `Background`
+ * `NonAnchorChannelFee` = `Normal`
+ * `ChannelCloseMinimum` = `Background`
+
+## Bug Fixes
+ * Calling `ChannelManager::close_channel[_with_feerate_and_script]` on a
+ channel which did not exist would immediately hang holding several key
+ `ChannelManager`-internal locks (#2657).
+ * Channel information updates received from a failing HTLC are no longer
+ applied to our `NetworkGraph`. This prevents a node which we attempted to
+ route a payment through from being able to learn the sender of the payment.
+ In some rare cases, this may result in marginally reduced payment success
+ rates (#2666).
+ * Anchor outputs are now properly considered when calculating the amount
+ available to send in HTLCs. This can prevent force-closes in anchor channels
+ when sending payments which overflow the available balance (#2674).
+ * A peer that sends an `update_fulfill_htlc` message for a forwarded HTLC,
+ then reconnects prior to sending a `commitment_signed` (thus retransmitting
+ their `update_fulfill_htlc`) may result in the channel stalling and being
+ unable to make progress (#2661).
+ * In exceedingly rare circumstances, messages intended to be sent to a peer
+ prior to reconnection can be sent after reconnection. This could result in
+ undefined channel state and force-closes (#2663).
+
+## Backwards Compatibility
+
+ * Creating a blinded path to receive a payment then downgrading to LDK prior to
+ 0.0.117 may result in failure to receive the payment (#2413).
+ * Calling `ChannelManager::pay_for_offer` or
+ `ChannelManager::create_refund_builder` may prevent downgrading to LDK prior
+ to 0.0.118 until the payment times out and has been removed (#2039).
+
+## Node Compatibility
+ * LDK now sends a bogus `channel_reestablish` message to peers when they ask to
+ resume an unknown channel. This should cause LND nodes to force-close and
+ broadcast the latest channel state to the chain. In order to trigger this
+ when we wish to force-close a channel, LDK now disconnects immediately after
+ sending a channel-closing `error` message. This should result in cooperative
+ peers also working to confirm the latest commitment transaction when we wish
+ to force-close (#2658).
+
+## Security
+0.0.118 expands mitigations against transaction cycling attacks to non-anchor
+channels, though note that no mitigations which exist today are considered robust
+to prevent the class of attacks.
+ * In order to mitigate against transaction cycling attacks, non-anchor HTLC
+ transactions are now properly re-signed before broadcasting (#2667).
+
+In total, this release features 61 files changed, 3470 insertions, 1503
+deletions in 85 commits from 12 authors, in alphabetical order:
+ * Antonio Yang
+ * Elias Rohrer
+ * Evan Feenstra
+ * Fedeparma74
+ * Gursharan Singh
+ * Jeffrey Czyz
+ * Matt Corallo
+ * Sergi Delgado Segura
+ * Vladimir Fomene
+ * Wilmer Paulino
+ * benthecarman
+ * slanesuke
+
+
+# 0.0.117 - Oct 3, 2023 - "Everything but the Twelve Sinks"
+
+## API Updates
+ * `ProbabilisticScorer`'s internal models have been substantially improved,
+ including better decaying (#1789), a more granular historical channel
+ liquidity tracker (#2176) and a now-default option to make our estimate for a
+ channel's current liquidity nonlinear in the channel's capacity (#2547). In
+ total, these changes should result in improved payment success rates at the
+ cost of slightly worse routefinding performance.
+ * Support for custom TLVs for recipients of HTLCs has been added (#2308).
+ * Support for generating transactions for third-party watchtowers has been
+ added to `ChannelMonitor/Update`s (#2337).
+ * `KVStorePersister` has been replaced with a more generic and featureful
+ `KVStore` interface (#2472).
+ * A new `MonitorUpdatingPersister` is provided which wraps a `KVStore` and
+ implements `Persist` by writing differential updates rather than full
+ `ChannelMonitor`s (#2359).
+ * Batch funding of outbound channels is now supported using the new
+ `ChannelManager::batch_funding_transaction_generated` method (#2486).
+ * `ChannelManager::send_preflight_probes` has been added to probe a payment's
+ potential paths while a user is providing approval for a payment (#2534).
+ * Fully asynchronous `ChannelMonitor` updating is available as an alpha
+ preview. There remain a few known but incredibly rare race conditions which
+ may lead to loss of funds (#2112, #2169, #2562).
+ * `ChannelMonitorUpdateStatus::PermanentFailure` has been removed in favor of a
+ new `ChannelMonitorUpdateStatus::UnrecoverableError`. The new variant panics
+ on use, rather than force-closing a channel in an unsafe manner, which the
+ previous variant did (#2562). Rather than panicking with the new variant,
+ users may wish to use the new asynchronous `ChannelMonitor` updating using
+ `ChannelMonitorUpdateStatus::InProgress`.
+ * `RouteParameters::max_total_routing_fee_msat` was added to limit the fees
+ paid when routing, defaulting to 1% + 50sats when using the new
+ `from_payment_params_and_value` constructor (#2417, #2603, #2604).
+ * Implementations of `UtxoSource` are now provided in `lightning-block-sync`.
+ Those running with a full node should use this to validate gossip (#2248).
+ * `LockableScore` now supports read locking for parallel routefinding (#2197).
+ * `ChannelMonitor::get_spendable_outputs` was added to allow for re-generation
+ of `SpendableOutputDescriptor`s for a channel after they were provided via
+ `Event::SpendableOutputs` (#2609, #2624).
+ * `[u8; 32]` has been replaced with a `ChannelId` newtype for chan ids (#2485).
+ * `NetAddress` was renamed `SocketAddress` (#2549) and `FromStr` impl'd (#2134)
+ * For `no-std` users, `parse_onion_address` was added which creates a
+ `NetAddress` from a "...onion" string and port (#2134, #2633).
+ * HTLC information is now provided in `Event::PaymentClaimed::htlcs` (#2478).
+ * The success probability used in historical penalties when scoring is now
+ available via `historical_estimated_payment_success_probability` (#2466).
+ * `RecentPaymentDetails::*::payment_id` has been added (#2567).
+ * `Route` now contains a `RouteParameters` rather than a `PaymentParameters`,
+ tracking the original arguments passed to routefinding (#2555).
+ * `Balance::*::claimable_amount_satoshis` was renamed `amount_satoshis` (#2460)
+ * `*Features::set_*_feature_bit` have been added for non-custom flags (#2522).
+ * `channel_id` was added to `SpendableOutputs` events (#2511).
+ * `counterparty_node_id` and `channel_capacity_sats` were added to
+ `ChannelClosed` events (#2387).
+ * `ChannelMonitor` now implements `Clone` for `Clone`able signers (#2448).
+ * `create_onion_message` was added to build an onion message (#2583, #2595).
+ * `HTLCDescriptor` now implements `Writeable`/`Readable` (#2571).
+ * `SpendableOutputDescriptor` now implements `Hash` (#2602).
+ * `MonitorUpdateId` now implements `Debug` (#2594).
+ * `Payment{Hash,Id,Preimage}` now implement `Display` (#2492).
+ * `NodeSigner::sign_bolt12_invoice{,request}` were added for future use (#2432)
+
+## Backwards Compatibility
+ * Users migrating to the new `KVStore` can use a concatentation of
+ `[{primary_namespace}/[{secondary_namespace}/]]{key}` to build a key
+ compatible with the previous `KVStorePersister` interface (#2472).
+ * Downgrading after receipt of a payment with custom HTLC TLVs may result in
+ unintentionally accepting payments with TLVs you do not understand (#2308).
+ * `Route` objects (including pending payments) written by LDK versions prior
+ to 0.0.117 won't be retryable after being deserialized by LDK 0.0.117 or
+ above (#2555).
+ * Users of the `MonitorUpdatingPersister` can upgrade seamlessly from the
+ default `KVStore` `Persist` implementation, however the stored
+ `ChannelMonitor`s are deliberately unreadable by the default `Persist`. This
+ ensures the correct downgrade procedure is followed, which is: (#2359)
+ * First, make a backup copy of all channel state,
+ * then ensure all `ChannelMonitorUpdate`s stored are fully applied to the
+ relevant `ChannelMonitor`,
+ * finally, write each full `ChannelMonitor` using your new `Persist` impl.
+
+## Bug Fixes
+ * Anchor channels which were closed by a counterparty broadcasting its
+ commitment transaction (i.e. force-closing) would previously not generate a
+ `SpendableOutputs` event for our `to_remote` (i.e. non-HTLC-encumbered)
+ balance. Those with such balances available should fetch the missing
+ `SpendableOutputDescriptor`s using the new
+ `ChannelMonitor::get_spendable_outputs` method (#2605).
+ * Anchor channels may result in spurious or missing `Balance` entries for HTLC
+ balances (#2610).
+ * `ChannelManager::send_spontaneous_payment_with_retry` spuriously did not
+ provide the recipient with enough information to claim the payment, leading
+ to all spontaneous payments failing (#2475).
+ `send_spontaneous_payment_with_route` was unaffected.
+ * The `keysend` feature on node announcements was spuriously un-set in 0.0.112
+ and has been re-enabled (#2465).
+ * Fixed several races which could lead to deadlock when force-closing a channel
+ (#2597). These races have not been seen in production.
+ * The `ChannelManager` is persisted substantially less when it has not changed,
+ leading to substantially less I/O traffic for it (#2521, #2617).
+ * Passing new block data to `ChainMonitor` no longer results in all other
+ monitor operations being blocked until it completes (#2528).
+ * When retrying payments, any excess amount sent to the recipient in order to
+ meet an `htlc_minimum` constraint on the path is now no longer included in
+ the amount we send in the retry (#2575).
+ * Several edge cases in route-finding around HTLC minimums were fixed which
+ could have caused invalid routes or panics when built with debug assertions
+ (#2570, #2575).
+ * Several edge cases in route-finding around HTLC minimums and route hints
+ were fixed which would spuriously result in no route found (#2575, #2604).
+ * The `user_channel_id` passed to `SignerProvider::generate_channel_keys_id`
+ for inbound channels is now correctly using the one passed to
+ `ChannelManager::accept_inbound_channel` rather than a default value (#2428).
+ * Users of `impl_writeable_tlv_based!` no longer have use requirements (#2506).
+ * No longer force-close channels when counterparties send a `channel_update`
+ with a bogus `htlc_minimum_msat`, which LND users can manually build (#2611).
+
+## Node Compatibility
+ * LDK now ignores `error` messages generated by LND in response to a
+ `shutdown` message, avoiding force-closes due to LND bug 6039. This may
+ lead to non-trivial bandwidth usage with LND peers exhibiting this bug
+ during the cooperative shutdown process (#2507).
+
+## Security
+0.0.117 fixes several loss-of-funds vulnerabilities in anchor output channels,
+support for which was added in 0.0.116, in reorg handling, and when accepting
+channel(s) from counterparties which are miners.
+ * When a counterparty broadcasts their latest commitment transaction for a
+ channel with anchor outputs, we'd previously fail to build claiming
+ transactions against any HTLC outputs in that transaction. This could lead
+ to loss of funds if the counterparty is able to eventually claim the HTLC
+ after a timeout (#2606).
+ * Anchor channels HTLC claims on-chain previously spent the entire value of any
+ HTLCs as fee, which has now been fixed (#2587).
+ * If a channel is closed via an on-chain commitment transaction confirmation
+ with a pending outbound HTLC in the commitment transaction, followed by a
+ reorg which replaces the confirmed commitment transaction with a different
+ (but non-revoked) commitment transaction, all before we learn the payment
+ preimage for this HTLC, we may previously have not generated a proper
+ claiming transaction for the HTLC's value (#2623).
+ * 0.0.117 now correctly handles channels for which our counterparty funded the
+ channel with a coinbase transaction. As such transactions are not spendable
+ until they've reached 100 confirmations, this could have resulted in
+ accepting HTLC(s) which are not enforcible on-chain (#1924).
+
+In total, this release features 121 files changed, 20477 insertions, 8184
+deletions in 381 commits from 27 authors, in alphabetical order:
+ * Alec Chen
+ * Allan Douglas R. de Oliveira
+ * Antonio Yang
+ * Arik Sosman
+ * Chris Waterson
+ * David Caseria
+ * DhananjayPurohit
+ * Dom Zippilli
+ * Duncan Dean
+ * Elias Rohrer
+ * Erik De Smedt
+ * Evan Feenstra
+ * Gabor Szabo
+ * Gursharan Singh
+ * Jeffrey Czyz
+ * Joseph Goulden
+ * Lalitmohansharma1
+ * Matt Corallo
+ * Rachel Malonson
+ * Sergi Delgado Segura
+ * Valentine Wallace
+ * Vladimir Fomene
+ * Willem Van Lint
+ * Wilmer Paulino
+ * benthecarman
+ * jbesraa
+ * optout
+
+
+# 0.0.116 - Jul 21, 2023 - "Anchoring the Roadmap"
+
+## API Updates
+
+ * Support for zero-HTLC-fee anchor output channels has been added and is now
+ considered beta (#2367). Users who set
+ `ChannelHandshakeConfig::negotiate_anchors_zero_fee_htlc_tx` should be
+ prepared to handle the new `Event::BumpTransaction`, e.g. via the
+ `BumpTransactionEventHandler` (#2089). Note that in order to do so you must
+ ensure you always have a reserve of available unspent on-chain funds to use
+ for CPFP. LDK currently makes no attempt to ensure this for you.
+ * Users who set `ChannelHandshakeConfig::negotiate_anchors_zero_fee_htlc_tx`
+ and wish to accept inbound anchor-based channels must do so manually by
+ setting `UserConfig::manually_accept_inbound_channels` (#2368).
+ * Support forwarding and accepting HTLCs with a reduced amount has been added,
+ to support LSPs skimming a fee on the penultimate hop (#2319).
+ * BOLT11 and BOLT12 Invoice and related types have been renamed to include a
+ BOLTNN prefix, ensuring uniqueness in `lightning{,-invoice}` crates (#2416).
+ * `Score`rs now have an associated type which represents a parameter passed
+ when calculating penalties. This allows for the same `Score`r to be used with
+ different penalty calculation parameters (#2237).
+ * `DefaultRouter` is no longer restrained to a `Mutex`-wrapped `Score`,
+ allowing it to be used in `no-std` builds (#2383).
+ * `CustomMessageHandler::provided_{node,init}_features` and various custom
+ feature bit methods on `*Features` were added (#2204).
+ * Keysend/push payments using MPP are now supported when receiving if
+ `UserConfig::accept_mpp_keysend` is set and when sending if specified in the
+ `PaymentParameters`. Note that not all recipients support this (#2156).
+ * A new `ConfirmationTarget::MempoolMinimum` has been added (#2415).
+ * `SpendableOutputDescriptor::to_psbt_input` was added (#2286).
+ * `ChannelManager::update_partial_channel_config` was added (#2330).
+ * `ChannelDetails::channel_shutdown_state` was added (#2347).
+ * The shutdown script can now be provided at shutdown time via
+ `ChannelManager::close_channel_with_feerate_and_script` (#2219).
+ * `BroadcasterInterface` now takes multiple transactions at once. While not
+ available today, in the future single calls should be passed to a full node
+ via a single batch/package transaction acceptance API (#2272).
+ * `Balance::claimable_amount_satoshis` was added (#2333).
+ * `payment_{hash,preimage}` have been added to some `Balance` variants (#2217).
+ * The `lightning::chain::keysinterface` is now `lightning::sign` (#2246).
+ * Routing to a blinded path has been implemented, though sending to such a
+ route is not yet supported in `ChannelManager` (#2120).
+ * `OffersMessageHandler` was added for offers-related onion messages (#2294).
+ * The `CustomMessageHandler` parameter to `PeerManager` has moved to
+ `MessageHandler` from `PeerManager::new` explicitly (#2249).
+ * Various P2P messages for dual funding channel establishment have been added,
+ though handling for them is not yet in `ChannelManager` (#1794)
+ * Script-fetching methods in `sign` interfaces can now return errors, see docs
+ for the implications of failing (#2213).
+ * The `data_loss_protect` option is now required when reading
+ `channel_reestablish` messages, as many others have done (#2253).
+ * `InFlightHtlcs::add_inflight_htlc` has been added (#2042).
+ * The `init` message `networks` field is now written and checked (#2329).
+ * `PeerManager` generics have been simplified with the introduction of the
+ `APeerManager` trait (#2249).
+ * `ParitalOrd` and `Ord` are now implemented for `Invoice` (#2279).
+ * `ParitalEq` and `Debug` are now implemented for `InMemorySigner` (#2328).
+ * `ParitalEq` and `Eq` are now implemented for `PaymentError` (#2316).
+ * `NetworkGraph::update_channel_from_announcement_no_lookup` was added (#2222).
+ * `lightning::routing::gossip::verify_{channel,node}_announcement` was added
+ (#2307).
+
+## Backwards Compatibility
+ * `PaymentParameters` written with blinded path info using LDK 0.0.115 will not
+ be readable in LDK 0.0.116, and vice versa.
+ * Forwarding less than `Event::HTLCIntercepted::expected_outbound_amount_msat`
+ in `ChannelManager::forward_intercepted_htlc` may prevent the
+ `ChannelManager` from being read by LDK prior to 0.0.116 (#2319)
+ * Setting `ChannelConfig::accept_underpaying_htlcs` may prevent the
+ `ChannelManager` from being read by LDK prior to 0.0.116 and un-setting the
+ parameter between restarts may lead to payment failures (#2319).
+ * `ChannelManager::create_inbound_payment{,_for_hash}_legacy` has been removed,
+ removing the ability to create inbound payments which are claimable after
+ downgrade to LDK 0.0.103 and prior. In the future handling such payments will
+ also be removed (#2351).
+ * Some fields required by LDK 0.0.103 and earlier are no longer written, thus
+ deserializing objects written by 0.0.116 with 0.0.103 may now fail (#2351).
+
+## Bug Fixes
+ * `ChannelDetails::next_outbound_htlc_limit_msat` was made substantially more
+ accurate and a corresponding `next_outbound_htlc_minimum_msat` was added.
+ This resolves issues where unpayable routes were generated due to
+ overestimation of the amount which is payable over one of our channels as
+ the first hop (#2312).
+ * A rare case where delays in processing `Event`s generated by
+ `ChannelMonitor`s could lead to loss of those events in case of an untimely
+ crash. This could lead to the loss of an `Event::SpendableOutputs` (#2369).
+ * Fixed a regression in 0.0.115 which caused `PendingHTLCsForwardable` events
+ to be missed when processing phantom node receives. This caused such
+ payments to be delayed until a further, unrelated HTLC came in (#2395).
+ * Peers which are unresponsive to channel messages for several timer ticks are
+ now disconnected to allow for on-reconnection state machine reset. This
+ works around some issues in LND prior to 16.3 which can cause channels to
+ hang and eventually force-close (#2293).
+ * `ChannelManager::new` now requires the current time (either from a recent
+ block header or the system clock), ensuring invoices created immediately
+ after startup aren't already expired (#2372).
+ * Resolved an issue where reading a `ProbabilisticScorer` on some platforms
+ (e.g. iOS) can lead to a panic (#2322).
+ * `ChannelConfig::max_dust_htlc_exposure` is now allowed to scale based on
+ current fees, and the default has been updated to do so. This substantially
+ reduces the chance of force-closure due to dust exposure. Note that existing
+ channels will retain their current value and you may wish to update the
+ value on your existing channels on upgrade (#2354).
+ * `PeerManager::process_events` no longer blocks in any case. This fixes a bug
+ where reentrancy from `PeerManager` into user code which eventually calls
+ `process_events` could lead to a deadlock (#2280).
+ * The persist timing of network graph and scoring in
+ `lightning-background-processor` has been tweaked to provide more reliable
+ persistence after updates to either (#2226).
+ * The number of route hints added to BOLT 11 invoices by the
+ `lightning-invoice::utils` builders has been reduced to three to ensure
+ invoices can be represented in scan-able QR codes (#2044).
+ * Fixed sending large onion messages, which would previously have resulted in
+ an HMAC error on the second hop (#2277).
+ * Fixed a memory leak that may occur when a `ChannelManager` or
+ `ChannelMonitor` is `drop`ed (#2233).
+ * A potential deadlock in calling `NetworkGraph::eq` was resolved (#2284).
+ * Fixed an overflow which prevented disconnecting peers in some minor cases
+ with more than 31 peers (#2245).
+ * Gossip messages with an unknown chain hash are now ignored (#2230).
+ * Rapid Gossip Sync processing now fails on an unknown chain hash (#2324).
+ * `RouteHintHop::htlc_maximum_msat` is now enforced. Note that BOLT11 route
+ hints do not have such a field so this code is generally unused (#2305).
+
+## Security
+0.0.116 fixes a denial-of-service vulnerability which is reachable from
+untrusted input from channel counterparties if a 0-conf channel exists with
+that counterparty.
+ * A premature `announcement_signatures` message from a peer prior to a 0-conf
+ channel's funding transaction receiving any confirmations would panic in any
+ version since 0-conf channels were introduced (#2439).
+
+In total, this release features 142 files changed, 21033 insertions, 11066
+deletions in 327 commits from 21 authors, in alphabetical order:
+ * Alec Chen
+ * Andrei
+ * Antoine Riard
+ * Arik Sosman
+ * Chad Upjohn
+ * Daniel Granhão
+ * Duncan Dean
+ * Elias Rohrer
+ * Fred Walker
+ * Gleb Naumenko
+ * Jeffrey Czyz
+ * Martin Habovstiak
+ * Matt Corallo
+ * Tony Giorgio
+ * Valentine Wallace
+ * Vladimir Fomene
+ * Willem Van Lint
+ * Wilmer Paulino
+ * benthecarman
+ * ff
+ * henghonglee
+
+
+# 0.0.115 - Apr 24, 2023 - "Rebroadcast the Bugfixes"
+
+## API Updates
+ * The MSRV of the main LDK crates has been increased to 1.48 (#2107).
+ * Attempting to claim an un-expired payment on a channel which has closed no
+ longer fails. The expiry time of payments is exposed via
+ `PaymentClaimable::claim_deadline` (#2148).
+ * `payment_metadata` is now supported in `Invoice` deserialization, sending,
+ and receiving (via a new `RecipientOnionFields` struct) (#2139, #2127).
+ * `Event::PaymentFailed` now exposes a failure reason (#2142).
+ * BOLT12 messages now support stateless generation and validation (#1989).
+ * The `NetworkGraph` is now pruned of stale data after RGS processing (#2161).
+ * Max inbound HTLCs in-flight can be changed in the handshake config (#2138).
+ * `lightning-transaction-sync` feature `esplora-async-https` was added (#2085).
+ * A `ChannelPending` event is now emitted after the initial handshake (#2098).
+ * `PaymentForwarded::outbound_amount_forwarded_msat` was added (#2136).
+ * `ChannelManager::list_channels_by_counterparty` was added (#2079).
+ * `ChannelDetails::feerate_sat_per_1000_weight` was added (#2094).
+ * `Invoice::fallback_addresses` was added to fetch `bitcoin` types (#2023).
+ * The offer/refund description is now exposed in `Invoice{,Request}` (#2206).
+
+## Backwards Compatibility
+ * Payments sent with the legacy `*_with_route` methods on LDK 0.0.115+ will no
+ longer be retryable via the LDK 0.0.114- `retry_payment` method (#2139).
+ * `Event::PaymentPathFailed::retry` was removed and will always be `None` for
+ payments initiated on 0.0.115 which fail on an earlier version (#2063).
+ * `Route`s and `PaymentParameters` with blinded path information will not be
+ readable on prior versions of LDK. Such objects are not currently constructed
+ by LDK, but may be when processing BOLT12 data in a coming release (#2146).
+ * Providing `ChannelMonitorUpdate`s generated by LDK 0.0.115 to a
+ `ChannelMonitor` on 0.0.114 or before may panic (#2059). Note that this is
+ in general unsupported, and included here only for completeness.
+
+## Bug Fixes
+ * Fixed a case where `process_events_async` may `poll` a `Future` which has
+ already completed (#2081).
+ * Fixed deserialization of `u16` arrays. This bug may have previously corrupted
+ the historical buckets in a `ProbabilisticScorer`. Users relying on the
+ historical buckets may wish to wipe their scorer on upgrade to remove corrupt
+ data rather than waiting on it to decay (#2191).
+ * The `process_events_async` task is now `Send` and can thus be polled on a
+ multi-threaded runtime (#2199).
+ * Fixed a missing macro export causing
+ `impl_writeable_tlv_based_enum{,_upgradable}` calls to not compile (#2091).
+ * Fixed compilation of `lightning-invoice` with both `no-std` and serde (#2187)
+ * Fix an issue where the `background-processor` would not wake when a
+ `ChannelMonitorUpdate` completed asynchronously, causing delays (#2090).
+ * Fix an issue where `process_events_async` would exit immediately (#2145).
+ * `Router` calls from the `ChannelManager` now call `find_route_with_id` rather
+ than `find_route`, as was intended and described in the API (#2092).
+ * Ensure `process_events_async` always exits if any sleep future returns true,
+ not just if all sleep futures repeatedly return true (#2145).
+ * `channel_update` messages no longer set the disable bit unless the peer has
+ been disconnected for some time. This should resolve cases where channels are
+ disabled for extended periods of time (#2198).
+ * We no longer remove CLN nodes from the network graph for violating the BOLT
+ spec in some cases after failing to pay through them (#2220).
+ * Fixed a debug assertion which may panic under heavy load (#2172).
+ * `CounterpartyForceClosed::peer_msg` is now wrapped in UntrustedString (#2114)
+ * Fixed a potential deadlock in `funding_transaction_generated` (#2158).
+
+## Security
+ * Transaction re-broadcasting is now substantially more aggressive, including a
+ new regular rebroadcast feature called on a timer from the
+ `background-processor` or from `ChainMonitor::rebroadcast_pending_claims`.
+ This should substantially increase transaction confirmation reliability
+ without relying on downstream `TransactionBroadcaster` implementations for
+ rebroadcasting (#2203, #2205, #2208).
+ * Implemented the changes from BOLT PRs #1031, #1032, and #1040 which resolve a
+ privacy vulnerability which allows an intermediate node on the path to
+ discover the final destination for a payment (#2062).
+
+In total, this release features 110 files changed, 11928 insertions, 6368
+deletions in 215 commits from 21 authors, in alphabetical order:
+ * Advait
+ * Alan Cohen
+ * Alec Chen
+ * Allan Douglas R. de Oliveira
+ * Arik Sosman
+ * Elias Rohrer
+ * Evan Feenstra
+ * Jeffrey Czyz
+ * John Cantrell
+ * Lucas Soriano del Pino
+ * Marc Tyndel
+ * Matt Corallo
+ * Paul Miller
+ * Steven
+ * Steven Williamson
+ * Steven Zhao
+ * Tony Giorgio
+ * Valentine Wallace
+ * Wilmer Paulino
+ * benthecarman
+ * munjesi
+
+
# 0.0.114 - Mar 3, 2023 - "Faster Async BOLT12 Retries"
## API Updates
missing support for blinded path payments (#1927, #1908, #1926).
* A `lightning-custom-message` crate has been added to make combining multiple
custom messages into one enum/handler easier (#1832).
- * `Event::PaymentPathFailure` is now generated for failure to send an HTLC
+ * `Event::PaymentPathFailed` is now generated for failure to send an HTLC
over the first hop on our local channel (#2014, #2043).
* `lightning-net-tokio` no longer requires an `Arc` on `PeerManager` (#1968).
* `ChannelManager::list_recent_payments` was added (#1873).
projects / rust-lightning / blobdiff