From: Gavin Andresen <gavinandresen@gmail.com>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: [Bitcoin-development] 0.9.1 released
Date: Tue, 8 Apr 2014 17:11:50 -0400 [thread overview]
Message-ID: <CABsx9T3dQa9SpHqJd-AEWeiGUH4zGPWcO7rsgQq53dBV0JqZfw@mail.gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1942 bytes --]
Bitcoin Core version 0.9.1 is now available from:
https://bitcoin.org/bin/0.9.1/
This is a security update. It is recommended to upgrade to this release
as soon as possible.
It is especially important to upgrade if you currently have version
0.9.0 installed and are using the graphical interface OR you are using
bitcoind from any pre-0.9.1 version, and have enabled SSL for RPC and
have configured allowip to allow rpc connections from potentially
hostile hosts.
Please report bugs using the issue tracker at github:
https://github.com/bitcoin/bitcoin/issues
How to Upgrade
--------------
If you are running an older version, shut it down. Wait until it has
completely
shut down (which might take a few minutes for older versions), then run the
installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac)
or
bitcoind/bitcoin-qt (on Linux).
If you are upgrading from version 0.7.2 or earlier, the first time you run
0.9.1 your blockchain files will be re-indexed, which will take anywhere
from
30 minutes to several hours, depending on the speed of your machine.
0.9.1 Release notes
=======================
No code changes were made between 0.9.0 and 0.9.1. Only the dependencies
were changed.
- Upgrade OpenSSL to 1.0.1g. This release fixes the following
vulnerabilities which can
affect the Bitcoin Core software:
- CVE-2014-0160 ("heartbleed")
A missing bounds check in the handling of the TLS heartbeat extension
can
be used to reveal up to 64k of memory to a connected client or server.
- CVE-2014-0076
The Montgomery ladder implementation in OpenSSL does not ensure that
certain swap operations have a constant-time behavior, which makes it
easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache
side-channel attack.
- Add statically built executables to Linux build
Credits
--------
Credits go to the OpenSSL team for fixing the vulnerabilities quickly.
[-- Attachment #2: Type: text/html, Size: 2708 bytes --]
reply other threads:[~2014-04-08 21:11 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CABsx9T3dQa9SpHqJd-AEWeiGUH4zGPWcO7rsgQq53dBV0JqZfw@mail.gmail.com \
--to=gavinandresen@gmail.com \
--cc=bitcoin-development@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox