Skip to content

v0.1.3 - Apr 30, 2025 - "Routing Unicode in 2025"
Compare
Choose a tag to compare
@TheBlueMatt TheBlueMatt released this 25 May 15:55
· 1130 commits to main since this release
v0.1.3
b4d5fe2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Bug Fixes

  • Event::InvoiceReceived is now only generated once for each Bolt12Invoice
    received matching a pending outbound payment. Previously it would be provided
    each time we received an invoice, which may happen many times if the sender
    sends redundant messages to improve success rates (#3658).
  • LDK's router now more fully saturates paths which are subject to HTLC
    maximum restrictions after the first hop. In some rare cases this can result
    in finding paths when it would previously spuriously decide it cannot find
    enough diverse paths (#3707, #3755).

Security

0.1.3 fixes a denial-of-service vulnerability which cause a crash of an
LDK-based node if an attacker has access to a valid Bolt12Offer which the
LDK-based node created.

  • A malicious payer which requests a BOLT 12 Invoice from an LDK-based node
    (via the Bolt12InvoiceRequest message) can cause the panic of the
    LDK-based node due to the way String::truncate handles UTF-8 codepoints.
    The codepath can only be reached once the received Botlt12InvoiceRequest
    has been authenticated to be based on a valid Bolt12Offer which the same
    LDK-based node issued (#3747, #3750).
Assets 2
Loading