Geth has a new subcommand, geth version-check, which displays known security issues (#21859)
The geth --ws.origins flag now supports more expressive origin rules (#21481)
Recording of trie key preimages can now be disabled using the --cache.preimages flag (#21402)
The accounts/abi/bind package now offers replay-protected transaction signing (#21356)
The GraphQL API now always returns status code 400 if there is an error processing the query (#21882)
The devp2p nodeset filter command can now find snap-enabled nodes (#21950)
The eth protocol test suite has been extended with tests for transaction announcements and malicious announce behavior (#21857, #21792)
Support for 'retesteth' has been removed from geth since it is no longer used for tests. Its replacement, the evm t8n tool, was released in Geth v1.9.16 (#21861)
We now offer signify/minisign signatures for Geth binary downloads as an alternative to PGP. This is experimental, and not yet advertised on the downloads page (#21798)
Bug fixes:
A crash in LES server handling of the GetProofsV2 message is resolved. See CVE-2020-26264 advisory for more information (#21896)
The LES server no longer locks up during geth shutdown (#21927)
Clef now correctly derives accounts for Ledger Live devices (#21757)
The faucet now ignores URL query parameters in Facebook post URLs (#21838)
Geth v1.9.24 is a security release. It is built with Go v1.15.5, fixing CVE-2020-28362, which has a critical impact for Ethereum. This release also contains a fix for a consensus issue related to mining, which would have triggered a chain split on January 1st 2021.
We recommend everyone to upgrade to this release or rebuild with Go 1.15.5.
Although we publish pre-built binaries for many platforms, certain systems may not have Go 1.15.5 available yet. Notably, our official Docker images will most probably not use Go 1.15.5 due to the base image not being updated yet. Please check the end of the release notes on how you can build your custom Docker image with Go 1.15.5.
If you are building geth from source, please ensure you are building with Go v1.15.5 or above. We do recommend using the latest Geth version, but if you are not mining and cannot upgrade to geth v1.9.24, please rebuild your current version with Go v1.15.5.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/decentraland/content-service/network/alerts).
Bumps github.com/ethereum/go-ethereum from 1.8.17 to 1.9.25.
Release notes
Sourced from github.com/ethereum/go-ethereum's releases.
... (truncated)
Commits
e787272
params: go-ethereum v1.9.25 stable1d1f5fe
build: upgrade to Go 1.15.6 (#21986)0045410
les: introduce forkID (#21974)b44f24e
core, trie: speed up some tests with quadratic processing flaw (#21987)9f6bb49
les, light: remove untrusted header retrieval in ODR (#21907)817a3fb
p2p/enode: avoid crashing for invalid IP (#21981)f935b1d
crypto/signify, build: fix archive signing with signify (#21977)915643a
cmd/geth: add test to verify regexps in version check (#21962)40b6ccf
core,les: headerchain import in batches (#21471)bd848aa
common: improve printing of Hash and Address (#21834)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/decentraland/content-service/network/alerts).