@hokiecsgrad hokiecsgrad released this Jun 8, 2018 · 1850 commits to master since this release

Assets 2

EOSIO v1.0.2 Release Notes

Today’s release is primarily to address two concerns, usability and security. We’ve been busy updating documentation, clarifying error messages, and adding help text where we can, based mostly on your GitHub reports. We’ve also included a few security patches based on reports that we’ve received through the bug bounty program. Keep reading for details.

Usability Updates

The past week has been focused on making usability and quality of life updates. We've been updating build scripts, correcting error messages, and making errors more descriptive. A selection of updates includes:
Add API to chain_plugin to get block header state of any reversible block
get meaningful error messages from websocketpp
Fix 15% percent message (changed error message in system contract)
Better Error Message when Authority is Insufficient

Security Updates

As you know, we recently announced our bug bounty program, and have now formally set the program up with HackerOne. We've had several researchers and groups submit various reports, which you've almost certainly already read about in the industry news sites. Of particular note are Guido Vranken and Yuki Chen of the Qihoo 360 Vulcan Team. Others have submitted reports and we continue to address them as fast as possible. As we get these into the product and released, we'll be doing a full, public disclosure through the HackerOne site.

We'd like to sincerely thank those of you that have taken the time to submit these reports. We're working to address them all in a timely manner.

Other Notable Updates

Updates to Whitelist/Blacklist
First up, we'd like to thank the EOS Canada team for brining this issue to our attention. Personally, I'd like thank @arhag for this detailed writeup of the solution so I don't have to. Thanks everyone!

Also, related to the Whitelist/Blacklist functionality, we've added a new option called "action-blacklist," which allows actions within a contract to be blacklisted.

Support for name bidding via cleos
Following from previous updates, the name auction bidding is now available through cleos.

Consensus Changes from v1.0.1

Three changes were made that could potentially prevent v1.0.2 nodes from accepting a v1.0.1 blockchain:

  1. Restrict valid WASM contract code (PR #3949).
  2. Billing deferred transaction sender for soft fails (PR #3961).
  3. More precise resource billing calculations (PR #3951).