Geth v1.10.8 is a pre-announced hotfix release to patch a vulnerability in the EVM (CVE-2021-39137).
The exact attack vector will be provided at a later date to give node operators and dependent downstream projects time to update their nodes and software. All Geth versions supporting the London hard fork are vulnerable (the bug is older than London), so all users should update.
Geth v1.10.7 is a maintenance release, mostly focusing on a few post-London polishes.
A few important notes to keep in mind:
The return type for oldestBlock in eth_feeHistory was changed from decimal to hex. This is to conform to the updated spec that was released after Geth's London hard-fork release was already made. The input blockCount parameter was also updated, but there Geth will accept both hex and decimal to keep backward compatibility.
The -miner.gastarget CLI flag was deprecated and is a noop. This flag is already a noop for networks running the London hard-fork, since it London miners only take into account the -miner.gaslimit flag. For non-London private networks and Geth forks, this might result in a gas bump depending on how the miners are configured.
Docker builds were changed from DockerHub Automated Builds to offsite builds and manual pushes to DockerHub. At the same time, we've added support for multi-arch images, the original tags being the metadata image, linking a -amd64 and a -arm64 tags together. No changes are needed for docker users, but keep us posted if something strange happens. On the upside, Geth now has official arm64 docker images too.
Changes made:
Change the oldestBlock return type in eth_feeHistory to hex, accept both decimal and hex as the block count (#23239, #23363).
Cap max usable gas in eth_estimateGas better for 1559 transactions (#23309).
When deploying multiple contracts via abigen, only parse the ABI once (#22583).
Return maxFeePerGas for the gasPrice of pending transactions (#23345).
Check cached blocks too when attempting to retrieve a header (#23299).
Reject transactions imitated from non EOA accounts (#23303).
Reduce allocations a bit while CPU mining ethash (#23199).
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/smartcontractkit/chainlink-polkadot/network/alerts).
Bumps github.com/ethereum/go-ethereum from 1.10.1 to 1.10.8.
Release notes
Sourced from github.com/ethereum/go-ethereum's releases.
... (truncated)
Commits
2667545
params: release Geth v1.10.81d99573
core/vm: faster code analysis (#23381)f38abc5
eth/gasprice: feeHistory improvements (#23422)dfeb2f7
go.mod: upgrade golang.org/x/sys for go1.17 support (#23406)bb1f7eb
signer/core/apitypes: remove dependency on internal/ethapi (#23362)d02c605
core: only check sendernoeoa in non fake mode (#23424)c368f72
Revert "eth: drop eth/65, the last non-reqid protocol version" (#23426)5566e5d
eth/downloader: fix typo in comment (#23413)57feabe
eth, internal/ethapi: make RPC block miner field show block sealer correctly ...16ecdd5
cmd/utils: add --nousb to the list of deprecated flags (#23388)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/smartcontractkit/chainlink-polkadot/network/alerts).