This release includes a security fix for the light client and is recommended
for all users.
BUG FIXES
[light] Cross-check proposer priorities in retrieved validator sets
(#ASA-2024-009)
[privval] Ignore duplicate privval listen when already connected (#3828
DEPENDENCIES
[crypto/secp256k1] Adjust to breaking interface changes in
btcec/v2 latest release, while avoiding breaking changes to
local CometBFT functions
(#3728)
IMPROVEMENTS
[types] Check that proposer is one of the validators in ValidateBasic
(#ASA-2024-009)
[e2e] Add log_level option to manifest file
(#3819).
[e2e] Add log_format option to manifest file
(#3836).
v0.38.11
August 12, 2024
This release fixes a panic in consensus where CometBFT would previously panic
if there's no extension signature in non-nil Precommit EVEN IF vote extensions
themselves are disabled.
It also includes a few other bug fixes and performance improvements.
BUG FIXES
[types] Only check IFF vote is a non-nil Precommit if extensionsEnabled
types (#3565)
IMPROVEMENTS
[indexer] Fixed ineffective select break statements; they now
point to their enclosing for loop label to exit
(#3544)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/cometbft/cometbft from 0.37.9 to 0.38.12.
Release notes
Sourced from github.com/cometbft/cometbft's releases.
... (truncated)
Changelog
Sourced from github.com/cometbft/cometbft's changelog.
... (truncated)
Commits
9722b6d
v0.38.12 (#3982)52c00a5
Merge commit from forkf2ae0f4
build(deps): Bump github.com/cosmos/gogoproto from 1.4.11 to 1.7.0 (#3912)cbedf6d
build(deps): Bump github.com/BurntSushi/toml from 1.2.1 to 1.4.0 (#3908)1013c80
test(mempool): Add twoUpdate
benchmarks (backport #3873) (#3892)2fb0cdd
build(deps): Bump github.com/rs/cors from 1.8.3 to 1.11.1 (#3907)dcbf359
build(deps): Bump github.com/Masterminds/semver/v3 from 3.2.0 to 3.3.0 (#3906)8de81d5
build(deps): Bump golang.org/x/net from 0.26.0 to 0.28.0 (#3905)221c744
fix(privval): CV ignore duplicate privval listen when connected (backport #38...969c8d1
mempool: Fix the benchmarks (backport #934) (#3893)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show