Skip to content

@blockone-devops blockone-devops released this Jul 9, 2019

This release contains important consensus related security fixes that are relevant to all nodes on EOSIO networks (Producer and API nodes).

Security bug fixes

Consolidated Security Fixes for 1.8.1 (#7619)

  • Consensus protocol fixes

Note: These security fixes are relevant to all nodes on EOSIO blockchain networks. However, in particular, block production nodes on public networks that are currently running v1.8.0-rc1, v1.8.0-rc2, or v1.8.0 of EOSIO should consider upgrading their nodes to v1.8.1 as soon as possible.

Upgrading from previous versions of EOSIO

Upgrading from v1.8.0

Node operators should consider upgrading v1.8.0 nodes to v1.8.1 as soon as possible. They can follow normal upgrade procedures for the upgrade from v1.8.0 to v1.8.1. There should be no need to do a replay or import from a snapshot.

Upgrading from v1.7.x and earlier

Node operators that wish to update their v1.7.x nodes to v1.8.x should consider upgrading to v1.8.1 and avoid v1.8.0, v1.8.0-rc1, and v1.8.0-rc2. Upgrading from v1.7.x or earlier to v1.8.1 requires a replay from genesis (see the upgrade guide). Alternatively, a user can quickly get a node up to speed with a version 2 portable snapshot generated by some other trusted entity that has gone through the upgrade process. This alternative process is not applicable for nodes that want to track all of the blockchain history using the deprecated history plugin. However, nodes tracking history using the state history plugin could also grab the state history log files (which are portable across machines) along with the portable snapshot retrieved from the trusted entity.

Upgrading from v1.8.0-rc1 or v1.8.0-rc2

Node operators should consider upgrading v1.8.0-rc1 or v1.8.0-rc2 nodes to v1.8.1 as soon as possible. Upgrading from v1.8.0-rc1/v1.8.0-rc2 to v1.8.1 for a nodeos configured to run with plugins that handle history requires a replay from genesis similar to the upgrade from v1.7.x to v1.8.1 (see the upgrade guide).

If nodeos is not configured with any history-related plugins, it is possible to upgrade from v1.8.0-rc1 to v1.8.1 without doing a replay from genesis. The snapshots generated and accepted by both versions are identical. So the operator could:

  1. Launch nodeos v1.8.0-rc1/v1.8.0-rc2 in irreversible mode and with the producer_api_plugin enabled by passing the --read-mode=irreversible --plugin=eosio::producer_api_plugin command-line options. (Note that producers cannot be configured when launching nodeos in irreversible mode.)
  2. Create a snapshot of the last irreversible block by calling the create_snapshot RPC (for example by using the command curl -X POST http:/ -d '{}' | jq). Record the path to the generated snapshot file in snapshot_name field of the returned JSON object.
  3. Shut down nodeos and delete the blocks/reversible and state sub-directories within the data directory.
  4. Launch nodeos v1.8.1 from the generated snapshot using --snapshot command line option.

Other Changes

  • (#7573) [1.8.x] Don't create mongo folders unless ENABLE_MONGO is true
  • (#7574) [1.8.x] Better found/not found messages for clarity
  • (#7582) Update to fc with logger fix - 1.8.x
  • (#7559) [1.8.x] Ability to set *_DIR from CLI
  • (#7554) [1.8.x] CMAKE version check before dependencies are installed
  • (#7587) [1.8.x] Various BATS test fixes
  • (#7579) [1.8.x] -i support for relative paths
  • (#7589) [1.8.x] SUDO_COMMAND -> NEW_SUDO_COMMAND
  • (#7593) [1.8.x] Install location fix
  • (#7609) indicate in brew bottle mojave is required - 1.8

Deprecation notice reminder

Please refer to the Consolidated EOSIO Deprecations List for the currently active set of deprecation notices.

Important: All material is provided subject to this important notice and you must familiarize yourself with its terms. The notice contains important information, limitations and restrictions relating to our software, publications, trademarks, third-party resources and forward-looking statements. By accessing any of our material, you accept and agree to the terms of the notice.

Assets 6
You can’t perform that action at this time.