Skip to content

@ripcurlx ripcurlx released this May 3, 2019 · 40 commits to master since this release

A newer version is already available! Please don’t use this version anymore.
Binaries have been removed as this release is superseded by v1.1.1

Release notes

This release adds an impotant security meassurement to protect against the bank chargeback scammer. With this in place we can remove the banning of certain SEPA regions and Interac scheduled for the 5th of May.

The new restrictions are as follows:
If a fiat payment account was created after March 15th 2019 it is considered risky and limited to 0.01 BTC trades if the account holder is the BTC buyer. For the seller there is no restriction. The restriction is applied to all payment methods based on bank transfers which carry some chargeback risk (Sepa, Sepa Instant, Interact, Zelle, Revolut, National bank transfers, Chase Quick Pay, Popmoney, Moneybeam, Uphold).

On May 5th we will block old accounts from trading to enable us to unblock the banned SEPA regions and Interac. So please update as soon as possible!

This solution is an intermediary step on the way to a more sophisticated protection solution (see proposals) but those will require more time to get implemented.

Beside that there are some other important fixes:

  • Fix account age display in peer avatar
  • Decrease the security deposit amount for altcoins
  • Improve BSQ block propagation
  • Add search field to trade history

DAO

UI

Trading

Wallet

Development

Assets

Added two new asset: List Trust Eth reOrigin (TEO) and ParsiCoin (PARS)

Verification

Url of the signing key (Christoph Atteneder): https://bisq.network/pubkey/29CDFD3B.asc
Full fingerprint: CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B

Import the key:
curl https://bisq.network/pubkey/29CDFD3B.asc | gpg --import
GPG prints a confusion warning: "This key is not certified with a trusted signature!" - See https://serverfault.com/questions/569911/how-to-verify-an-imported-gpg-key for background information what it means.

How to verify signatures?
gpg --digest-algo SHA256 --verify BINARY{.asc*,}
Replace BINARY with the file you downloaded (e.g. Bisq-1.1.0.dmg)

Verify jar file inside binary:
You can verify on OSX the jar file with:
shasum -a256 [PATH TO BISQ APP]/Bisq.app/Contents/Java/Bisq-1.1.0.jar
The output need to match the value from the Bisq-1.1.0.jar.txt file.

Known issues with installation

Windows:

There is a known issue with Anti Virus software. We got several reports from users running into different problems. Either the AV software blocks Bisq or Tor, delete files in the data directory [2] or app directory [1]) or cause such a long delay at startup that Tor gets terminated and a file remains locked which can cause that Bisq cannot be started afterwards. To resolve that you need to restart Windows then the lock get released. We are working on solutions to fix those issues.

If you use Crypto currencies on your Windows system be aware that Windows is much more vulnerable to malware than Linux or OSX. Consider to use a dedicated non-Windows system when dealing with cryptocurrencies.

[1] Application directory (contains application installation files):
C:\Users<username>\AppData\Local\Bisq

[2] Data directory (contains all Bisq data including wallet):
C:\Users<username>\AppData\Roaming\Bisq\btc_mainnet\tor (you can delete everything except the hiddenservice directory)

Linux:

Hint for Debian users:
If you have problems starting Bisq on Debian use: /opt/Bisq/Bisq

If your Linux distro does not support .deb files please follow this instruction:

cd ~/Downloads  
mkdir tmp  
cd tmp   
ar x ../Bisq-64bit-1.1.0.deb  
sudo tar Jxvf data.tar.xz  
sudo cp -rp opt/Bisq /opt/

That instruction is not tested on many different distros. If you encounter problems please report it in a Github issue so we can improve it.

Assets 2
You can’t perform that action at this time.