Release v0.1.3 - Apr 30, 2025 - "Routing Unicode in 2025" · lightningdevkit/rust-lightning

v0.1.3
b4d5fe2
Compare

Choose a tag to compare

Loading

View all tags

v0.1.3 - Apr 30, 2025 - "Routing Unicode in 2025"

v0.1.3
b4d5fe2
Compare

Choose a tag to compare

Loading

View all tags

TheBlueMatt tagged this 30 Apr 17:06

Bug Fixes
=========

 * `Event::InvoiceReceived` is now only generated once for each `Bolt12Invoice`
   received matching a pending outbound payment. Previously it would be provided
   each time we received an invoice, which may happen many times if the sender
   sends redundant messages to improve success rates (#3658).
 * LDK's router now more fully saturates paths which are subject to HTLC
   maximum restrictions after the first hop. In some rare cases this can result
   in finding paths when it would previously spuriously decide it cannot find
   enough diverse paths (#3707, #3755).

Security
========

0.1.3 fixes a denial-of-service vulnerability which cause a crash of an
LDK-based node if an attacker has access to a valid `Bolt12Offer` which the
LDK-based node created.
 * A malicious payer which requests a BOLT 12 Invoice from an LDK-based node
   (via the `Bolt12InvoiceRequest` message) can cause the panic of the
   LDK-based node due to the way `String::truncate` handles UTF-8 codepoints.
   The codepath can only be reached once the received `Botlt12InvoiceRequest`
   has been authenticated to be based on a valid `Bolt12Offer` which the same
   LDK-based node issued (#3747, #3750).

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly