v0.44 is a security release which contains a consensus breaking change.
It doesn't bring any new feature and it's a logical continuation of v0.43.
Consequences:
v0.43 is discontinued;
all chains should upgrade to v0.44. Update from v0.43 doesn't require any migration. Chains can upgrade directly from v0.42, in that case v0.43 migrations must be executed when upgrading to v0.44;
all previously planned features for v0.44 are going to land in v0.45, with the same release schedule.
NOTE: v0.42 release will reach end of life on September 8, 2021.
For a comprehensive list of all breaking changes and improvements since the v0.42 "Stargate" release series, please see the CHANGELOG.
Client Breaking Changes
Removed broadcast & encode legacy REST endpoints. Both requests should use the new gRPC-Gateway REST endpoints. Please see the REST Endpoints Migration guide to migrate to the new REST endpoints.
Cosmos SDK v0.43.0 Release Notes
This release introduces several new important updates to the Cosmos SDK. The release notes below provide an overview of the larger high-level changes introduced in the v0.43 release series.
That being said, this release does contain many more minor and module-level changes besides those mentioned below. For a comprehsive list of all breaking changes and improvements since the v0.42 "Stargate" release series, please see the CHANGELOG.
Two new modules: x/authz and x/feegrant
The v0.43 release focused on simplifying keys and fee management for SDK users, by introducing the two following modules:
x/feegrant allows one account, the "granter" to grant another account, the "grantee" an allowance to spend the granter's account balance for fees within certain well-defined limits. It solves the problem of signing accounts needing to possess a sufficient balance in order to pay fees.
x/authz provides functionality for granting arbitrary privileges from one account (the "granter") to another account (the "grantee"). These privileges, called Authorizations in the code, can for example allow grantees to execute Msgs on behalf of the granter.
These two modules have a slightly different folder structure compared to previously existing modules. For example, all Protobuf-generated files are generated in the module root folder instead of the types/ folder, and the module itself is defined inside a module sub-package. Moving forward, we believe this folder structure is clearer and sets a better example for module developers. To learn more about building modules following this structure, please read our building modules documentation.
ADR-028 Addresses
In the SDK versions v0.42 and earlier, addresses were all 20-bytes long, generated by truncating the first 20 bytes of the SHA-256 hash of some given bytes (e.g. the public key for normal accounts, or the module name for module accounts). Unfortunately, this significantly decreases the security of Cosmos SDK due to address space collisions.
ADR-028 introduces a new specification for deriving addresses for all kinds of addressable accounts. Following is a quick summary:
secp256k1 public keys still have 20-byte addresses to keep backwards-compatibility,
new public key types (e.g. ed25519) and module accounts will have 32-byte address to increase collision resistance,
new algorithms have also been specified for composed accounts (like multisigs) or derived accounts (like module sub-accounts).
#8518 Help users of multisig wallets debug signature issues.
#9750 Emit events for tx signature and sequence, so clients can now query txs by signature (tx.signature='<base64_sig>') or by address and sequence combo (tx.acc_seq='<addr>/<seq>').
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/cosmos/cosmos-sdk from 0.39.3 to 0.44.0.
Release notes
Sourced from github.com/cosmos/cosmos-sdk's releases.
... (truncated)
Changelog
Sourced from github.com/cosmos/cosmos-sdk's changelog.
... (truncated)
Commits
ccc5245
chore: release v0.44 (#10048)ce52de7
fix!: Remove onlyAminoSigners in sequence check (backport #10029) (#10034)c1fc2a3
fix: remove legacy REST endpoints for broadcast & encode (v0.44.x) (#10041)0155244
refactor: Move some methods inside TX Factory (backport #9421) (#10039)370134c
fix(build): set a right version for the app (backport #9965) (#9967)d60c934
build(deps): bump TM to v0.34.12 (backport #9956) (#9960)8dfe627
fix: Fix CLI query tx docs for acc/seq (#9942) (#9950)58b40fd
chore: Update STABLE_RELEASES for 0.43 (#9931) (#9943)c1e02c6
chore: Deprecate QueryUpgradedConsensusState (#9906) (#9909)4b2b306
fix: file keyring fails to add/import/export keys when input is not stdin (fi...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)