Ethereum Wallet and Mist v0.8.10

@evertonfraga evertonfraga released this May 23, 2017 · 4 commits to master since this release

screen shot 2017-05-09 at 11 03 08

Deprecation notice

As Mist 0.9.0 release is approaching, we'd like to inform that in the near future, from 0.9.0 onwards it won't inject web3 object by default on Dapps. This is a measure to keep Dapps stable on the long run as ethereum ecosystem evolves. We'll provide a developer preview version, so Dapp developers will have time to update their Dapps accordingly.

The web3.currentProvider object will still remain for a period of time for backwards compatibility and a new provider object will be introduced.


  • This version features a whole new and sidebar, giving people more room to browse, while presenting the Dapps in a beautifully, more prominent way.

  • Fixes a bug that made tabs disappear for some users.

  • Reinforced the need of backing up keystores.

  • Improved password strength validation when creating accounts. From now on, the passwords should have at least 8 characters.

  • Fixed wallet importing issue.

⚠️ As Mist is still under a security audit, please don't visit untrusted DApps with your Mist browser in order to reduce risks.

See the full changelog:

PR Description
#1753 i18n: partial update to German translation
#1783 i18n: add missing meteor package 'numeral:languages'
#1784 readme: update dependencies paragraph
#2067 Importer: Improve console messages
#2126 yarn: update node-modules
#2129 spectron: increase timeout for "file" protocol should be disallowed on browser bar
#1642 gulp: Refactor and Ethereum-Wallet NSIS installer
#2137 gulp: makensis: remove debug loglevel
#1751 ESLint: fix simple rule violations in 'interface'
#1752 ESLint: exclude auto-generated 'signatures.js'
#2094 Remove .mention-bot
#534 Solidity compiler version missing
#714 Error/infinite import of wallet-file
#1050 Show hint on node related menu labels if external node is used
#1489 Wallet tab losing attributes
#1640 Sidebar revamp
#1641 Persisting main window bounds
#1647 Sync was being skipped
#1665 Updates confirmation window size issue
#1680 Last days of dechunker
#1682 Language setting not persistent
#1736 Switch to camelCase for var 'lang_code'
#1737 Perm-tests: add 'bzz' to 'should only contain allowed attributes' test
#1738 Add ES6 support to the meteor interface
#1749 Enable translations on splash screen
#1750 Fix sync stops at 2% on Windows 32-bit
#1775 Show backup hint when createing accounts, demanding min 8 characters
#2140 Removing old code. Fixes small bug
#2146 Update geth 1.6.0
#2124 Fix bug preventing to pass multiple flags to the node

Checksums SHA-256











Ethereum Wallet and Mist 0.8.9 - "The Wizard"

@evertonfraga evertonfraga released this Feb 4, 2017 · 96 commits to master since this release

Mist Wizard Installer

- **Full fledged Windows Installers**: This version includes the new installer for Windows created by @tgerring, which lets you choose the directory to install Mist in, as well as the `data-dir` of the ethereum node. It's one installer for both 32 and 64-bit computers.

Note that the data-dir is set as a parameter in Mist shortcut properties, at the installation stage; not in Mist's preferences.

  • App Signing: Mist for Mac OS X is now signed by the Ethereum Foundation.
  • Solidity Compiler: Now featuring version 0.4.8.

Remix IDE

- **Remix IDE option on menu** 0.8.9 also has a new menu entry to open Remix IDE, so now you have plenty of room to write your contracts without leaving Mist. Head to `Develop > Open Remix IDE`.


- **A test suite is born:** It was about time for Mist to have a solid set of integration tests. Now we're starting to kill this debt with a [Spectron]( test suite, that uses the amazing to interact with the `webview` instances. - **Fixes offline startup edge case** #1571.

See the full changelog at Milestone 0.8.9.

Checksums (SHA256)









Ethereum Wallet and Mist 0.8.8 - "smashing vulnerabilities"

@frozeman frozeman released this Dec 16, 2016 · 97 commits to master since this release

For this release Mist undergone an Audit by Cure53, which was a very needed endeavour and we are thankful for the great expertise of the Cure53 team.


This audit led to a lot of useful findings that strengthen the security of the Mist browser when interacting with external DApps.

Though we also found certain vulnerabilities in electron, which is what Mist (and others like: Brave, Slack and Gitter) uses that we can't fix fully at the current point in time, without changes on the electron side, which we communicated to them. Luckily their team is very responsive and right on track to fix those as i write.

_For now don't visit untrusted DApps with your Mist browser to reduce risk!!_

We will hopefully in the next release be able to secure the electron vulnerabilities and provide a safe browser experience.

Some of the security issues allowed:

  • Execution of simple code in the Mist interface context
  • Popping up spoofed alert windows
  • Changing the interface by dragging files into it
  • Directing to file paths (which is disabled for now, on some occasions)
  • File path attacks using HTTP redirects
  • UI breaks

We also fixed all issues on the Mist side that allowed to break the interface. We added a new 400 error page for disallowed URLs. We also improved the security of scripts running inside the DApps context and improved overall webview security. We might publish the full list of vulnerabilities at a later point in time.

Big thanks goes to @cure53 and their great team for disassembling Mist and especially its integration of third party content. We will very likely have follow up audits of more aspects of the Mist browser.

Bug fixes

This release has major stability improvements on the node connection between tabs and the stability of the sockets, which were freezing Mist at times.

The wallet was also updated and should now have the problem with the confirmation windows solved.

Additionally we fixed the following issues:

  • prompts users when there are geth updates and allows them to opt-in to update it
  • fixed flickering of icons
  • fixed directing of URLs into the browser tab
  • fixed removal of wallet tab title

Full change log:

Checksums (SHA-256)





Ethereum Wallet






Ethereum Wallet and Mist Beta 0.8.7

@evertonfraga evertonfraga released this Oct 27, 2016 · 191 commits to master since this release

This is a security fix.

Mist users are highly recommended to update in order to keep account integrity when browsing through untrusted Dapps. Ethereum Wallet is not affected. See below.

Some Mist API methods were exposed, making it possible that malicious webpages get access to a privileged interface that could delete files on the local filesystem or launch registered protocol handlers and obtain sensitive information, such as the user directory or the user's coinbase.

Previously vulnerable exposed Mist APIs:

  • mist.dirname
  • mist.syncMinimongo
  • web3.eth.coinbase is now null, if the account is not allowed for the dapp

Upgrade to this version of the Mist Browser. Do not use any previous Mist version to navigate to any untrusted webpage, or local webpages from unknown origins. Ethereum Wallet is not affected as it doesn't allow navigation to external pages.

This is a good reminder that currently Mist is considered only for Ethereum App Development and should not be used for end users to navigate on the open web until it is reached at least version 1.0. An external audit of Mist is scheduled.

We'd like to thank the vulnerability discoverer Tintinweb for his responsible disclosure and remind everyone that we have a bounty program at

Checksums (SHA-256)


f464b15ea1179efff96d81c568b5991cf09c6b846244933bf25886d95e9ce2d8  Mist-linux32-0-8-7.deb
075dae83299157b309af208c1a233f851e8c633b798c29c5551dc26977d49304  Mist-linux64-0-8-7.deb
d8f5a442292b7a5faf4423a765fd34d4f08913ed59950c12c0c0f4447f64c278  Mist-macosx-0-8-7.dmg
ee4ef1de9c5fc136b76164a8c78c44ba435246c0e795ada412fb75cc4bf87337  Mist-win32-0-8-7.exe
a27e4f83d609b5d5a5935b005de2a25b4ed6f4b2e8a33aa1622d5413660e50c5  Mist-win64-0-8-7.exe


4b61a4a1f4488a72848322d444e374d69ea190519c6e96ee002699d578a3bb5b  Ethereum-Wallet-linux32-0-8-7.deb
1800f51e570353c082f0004cdb349109ff9d1b69d64232bf7d384b244c163837  Ethereum-Wallet-linux64-0-8-7.deb
f9c89ba595ba6db9b976e1747c5355f01608dc09a44409fc1cd2c76b0660852c  Ethereum-Wallet-macosx-0-8-7.dmg
0ded87f21a7cedf39dd205c079c0a545e8dc1961d6303aa17eca44b01dedfc52  Ethereum-Wallet-win32-0-8-7.exe
5cd5ff833743aa031212bc95fd87db1fb54ea703e30adbdb24f11d3218ff4462  Ethereum-Wallet-win64-0-8-7.exe



Ethereum Wallet and Mist Beta 0.8.6

@evertonfraga evertonfraga released this Oct 16, 2016 · 192 commits to master since this release

This Wallet/Mist version contains the Geth 1.4.18 "Note 7", which includes the EIP150 1b/1c Hardfork.

Read this post by @holiman for more info about the hard-fork:


Also, 0.8.6 adds a possibility to update the underlying ethereum client automatically, without need of a new Mist version. It checks the current client version against clientBinaries.json.

Happy forking.

Checksums (SHA256)


ebe7792e8b05e426d5a48f2eedcbfab8526ced786e826d37529162c9980f59cf  Mist-linux32-0-8-6.deb
3060bb63f7c30c2aa9fc3ce082886112176c267c6f5eafc50f8df5937a5eaf59  Mist-linux64-0-8-6.deb
3a66606aad465d8295e29e9711f5e76630c36bfd6064966ed6b7b4c194320acd  Mist-macosx-0-8-6.dmg
39ea243f52346a3fbb988e676e94457a34666e3164666becb0f8e0b424ddbe31  Mist-win32-0-8-6.exe
39c0183c713aa5c150e4643de19749747c36f3dda2de24c99200aeb954f4ab62  Mist-win64-0-8-6.exe


a8f4688b4205b395aad46c4e0a8cfe302d6f18b8271aed1a65599df524ff4288  Ethereum-Wallet-linux32-0-8-6.deb
fe5305ec6f81c44d0a402b355062e6761567f735591c215b5334bab421032b2b  Ethereum-Wallet-linux64-0-8-6.deb
1b72cbeeb439517e7e20fabf9c39bb3263cca78c0074b11a76ea0a0586a51d30  Ethereum-Wallet-macosx-0-8-6.dmg
4665f7d7380b7dd10442d87a000a1c78ea98e3b3737f9cfe2b451dd0518b0b88  Ethereum-Wallet-win32-0-8-6.exe
be1537c91aae7f2afa85ae35f4175b9cde8eaf488c7f69e4dae3563efda9970f  Ethereum-Wallet-win64-0-8-6.exe


Ethereum Wallet and Mist Beta 0.8.5 + Geth 1.4.17

@evertonfraga evertonfraga released this Oct 11, 2016 · 243 commits to develop since this release

Hi, here's Ethereum Wallet + Mist Beta update. It bundles the Geth version 1.4.17 "PoolAid". Our colleagues at the Go-ethereum worked hard to give us this version.

This update is highly recommended and fixes most of "stuck syncing…", or "high memory usage".

From Geth repository:

Geth 1.4.17 is a hotfix release to address two DoS attack vectors abused on the mainnet:
This release limits the number of transactions per-user and globally so as to limit maximum memory consumption and egress network traffic.


Also here are some changes to keep your Mist shining.

  • Update geth to 1.4.17 #1274
  • Update Solidity Compiler (Solc) to release 0.4.2 #1239
  • Disable resizability for all popup windows #1206
  • Update github's issue-template's node.log upload instructions #1232
  • Added Russian translation #1247 - thanks @A888R!
  • New way to reach logs from application #1227
  • Menus more OS-friendly #1192

Checksums (SHA256)


bd10d455600a4098a9ee9d907180680f131e4b17fc5156588e34adfa0c6d8cad  Mist-linux32-0-8-5.deb
95b8f82d9af5c3fe889c96e140d2a2f9f0f318ea291452a312420b715c6beb35  Mist-linux64-0-8-5.deb
502cdeffa928ce8afd34207ed9f71da4b1d715a771d8c309e778172913220063  Mist-macosx-0-8-5.dmg
3141f1c539d9013c9c35632fdaa293d07ee600f71e432d343b9deb0ff41ec440  Mist-win32-0-8-5.exe
f1f819ba15156198d9ddc0f2acedd11c3b9d48a540b560c1c545e94b1ca85e1c  Mist-win64-0-8-5.exe


2a2279385ea5fa35b0b8b1633ef8a6c99568871dbb08d559f6a67fb830cc162d  Ethereum-Wallet-linux32-0-8-5.deb
3f6a9b4d402df46bf239d39ca620b4d021f6bd96c5230864eb15b2351b0e1e4c  Ethereum-Wallet-linux64-0-8-5.deb
c9c4b45a3c3d5daf35601bdd4eec2b58d852e117ea73634895abf7c5d1206bc2  Ethereum-Wallet-macosx-0-8-5.dmg
663bff3648ac51d1f8fb9039653018405c4e56c326c01f12ae525191d2d17832  Ethereum-Wallet-win32-0-8-5.exe
8da831cc458b0aece121518472c6065edab870e338ecb8452a4e5d89a91f8690  Ethereum-Wallet-win64-0-8-5.exe



Ethereum Wallet and Mist Beta 0.8.4 + Geth 1.4.14

@evertonfraga evertonfraga released this Sep 29, 2016 · 271 commits to develop since this release

This is a bugfix-release to mitigate the sync-related issues on the main-net caused by the recent transaction spam attack. Furthermore this release will fix the faulty installer introduced with pre-release 0.8.3.

Finally the new installer split the config-folder into separate ones for Ethereum Wallet and Mist. As a result Ethereum Wallet won't display any previous watched custom contracts and token as well as contract wallets and wallet names. Although they are still available in Mist and Ethereum Wallet < 0.8.3 you will need to re-added them manually to Ethereum Wallet >= 0.8.3.


  • updated bundled geth to 1.4.14 "What else should we rewrite?" pre-release.


  • adds desktop-shortcut, startmenu-entry and uninstaller (windows) (#1211)
  • allow simultaneous installation of Mist and Ethereum Wallet (windows, linux) (#1213)
  • fix and update npm dependency graph (#1194)

Checksums (SHA-256)


33af49dc9d71a899f7e29c2ec54a2d10225dd55c536a798060e9f1f3c45633fc  Mist-linux32-0-8-4.deb
21f38a592eff26e2ea4c6b64633c1eef616db3850f8c1531658edae43f42cc60  Mist-linux64-0-8-4.deb
50efcacfce0278269e8edd89aa91178c0ba00d9584fc019e25863939d0acf6ac  Mist-macosx-0-8-4.dmg
c5caf3d0be7a89b2889ab55bad94880c18ecaf86a55b19a2f1d7ccacd70425e0  Mist-win32-0-8-4.exe
495de1f5d44bd1df819649fa19f7e35fc175697e406e39ba4216392e17770ffc  Mist-win64-0-8-4.exe


aa54547e039dc682a333e539907dd009260e1b8934e250a0d83d5437619fb276  Ethereum-Wallet-linux32-0-8-4.deb
634bc2a47dbead0beb1b329d4b0b7b476a9d75d5c5503bc54e69920d58cdc0eb  Ethereum-Wallet-linux64-0-8-4.deb
617b2caacae92f8c0a409e48f7eaee5b21acd57f4c21d0d856bafad881ae306f  Ethereum-Wallet-macosx-0-8-4.dmg
811fb3d01a61232b5d02e3c13a874c719019d2ffe28e830913d3b24996a6ad22  Ethereum-Wallet-win32-0-8-4.exe
935a7fa0c32a7c5d3af183c7587978ff0bfc6127486942f0fd6f4b54a43a2e71  Ethereum-Wallet-win64-0-8-4.exe


Ethereum Wallet and Mist Beta 0.8.3 + Geth 1.4.12

@evertonfraga evertonfraga released this Sep 20, 2016 · 273 commits to develop since this release

Mist 0.8.3

This is a special release live from Devcon. It contains a few updates that will be presented live onstage, and the new security release for Geth.

New Features

New confirmation pane (#1141)

All ethereum transactions only contain very few pieces of information, mostly who it comes from, who it goes to, the amount of ether and the byte code data. This last one is where all the contract magic does, yet all you could see until now was a bunch of hexadecimal numbers. In this version, we try to decode the byte code into human friendly parameters, so you can understand more what the contract is trying to do. Mist comes with almost 3000 contract signatures (thanks to @pipermerriam for creating a service that collects them ) and if you still don't have it you can still query the internet to try to decode it. With some upcoming Swarm and Solidity features we intend to make this request via Swarm, not HTTP, but right now if you click decode, you are sending a request to the site which doesn't keep any logs.

Don't forget that this is just what the transaction list it does. Ultimately what the contract does is up to the code, so clicking the recipient address will take you to a page containing the contract source code that you can verify yourself.

Security fix

This Mist & Wallet 0.8.3 release contains the updated 1.4.12 Geth version. If you were experiencing issues with Mist crashing after block 2283416, then that's the likely culprit.

PGP-verified releases (#546)

This is long-awaited, and probably more useful than checksums itself. Look for the Verified badge in releases and commits.

Other fixes

  • New windows installers and Mac DMGs
  • Changed Fullscreen shortcut (#1151)
  • Updated to the latest version of Solidity (#1138)
  • Fixed a security issue that could reveal your public key without authorisation (#1114)
  • Integrating electron-builder for better distributables building (#1159)

Known issues

  • Mist Menu still lists geth as 1.4.10 but it has been updated
  • Windows installers are not adding the icons on the menu. To find your mist install, open windows explorer and go to %localappdata%\Mist\app-0.8.3\
  • Installation of Ethereum Wallet will wipe out Mist and vice versa on Windows and Linux (#1178; only 0.8.3 versions affected)

Checksums (SHA-256)


4cc5774cc6900fbcaa155705291e2f85f5568b19b8163a603e953bececac42d3  Mist Setup
de511a2db31f1b4b9a0924522934790f9d138b0dd22ff6168e01c426ff6cdaf2  Mist Setup
c1d9bf21bf01b6a000126a537a4d7b35131e1ba48d301edf33240cd82473bca0  Mist-0.8.3-ia32.deb
88faf16f85135f7a6fb1da57019db1cc5bf147411ea0fcd523472b88e5fcda4f  Mist-0.8.3.deb
bf1784d7c52cb0980b5e2976c90b251fe49934cb12df60a30df6e22bb34b36b1  Mist-0.8.3.dmg


20d528ac86bfc4033129945aca33c043a0669f8d12615ca897ba52789cd74f15  Ethereum Wallet Setup
f965f5050408e78fca28da060366619a13e94f3f7270c2f1cd49c30dad08840d  Ethereum Wallet Setup
33a34c0ee5a29dfccf7e9d5f9c7a655aa04f31ba7580771f684506131375520e  Ethereum Wallet-0.8.3-ia32.deb
708288b6d9eacd3851890f77479835eeb2120b5aab9b0892e964bef042926960  Ethereum Wallet-0.8.3.deb
e915e66a774cd9af320b746bfd907cc9f678d0d39e75643f35488925e177fefa  Ethereum Wallet-0.8.3.dmg



Ethereum Wallet and Mist Beta 0.8.2

@alexvandesande alexvandesande released this Aug 24, 2016 · 333 commits to develop since this release


Coinbase integration

Another long time coming release, but this one is packed with goodies. First of all, we are very happy with to announce a Coinbase integration: if you are in the United States, now you can buy up to $5 with a credit or debit card and transfer it to any ethereum account instantly. You'll be prompted to create a Coinbase account if you don't have one already, and then log in.

As Coinbase adds more markets, they will be added to the wallet, and we are looking into how we can use their bank transfers integration to allow unlimited daily amounts. We are not getting any fees or compensation for this (unlike our ShapeShift affiliate program which sends about 0.25-0.4% to the Ethereum Tip Jar) but we are very excited to see another adoption barrier being taken down. We thank the Coinbase team for their help making this a reality.


New Mist accounts panel

We are changing the way accounts are made visible to a Dapp in Mist. By default, an app isn't shown any more information on the user than what it would get from browsing a normal web (which, admittedly, already leaks tons of information) so we wanted to simplify the process of revealing your accounts to the app. The new process is similar to the authentication in the Chrome browser or connecting via Facebook oauth.

To reveal your account to an app, click on the anonymous person icon, and then choose one or more accounts that will be made visible. An app can and should change it's UI to reflect the changes (but never reveal any private information as, until the user properly signs a message, they haven't proven ownership of these accounts yet).

screen shot 2016-08-16 at 8 46 09 am

Replay prevention

We added an advanced feature to prevent your transactions on being replayed on other chains, like ethereum classic. This allows you either to prevent that transfer on happening on classic at all, or use that transaction to send the same amount to a different contract, like a newly created account or an exchange. If you want to fully separate all your transactions we recommend you create two new accounts, one for Ethereum proper and the other for Classic, and then move all your funds into them (remember that you need ether to move tokens), making sure that each account has 0 ether on the other chain - doing this once would prevent any future transaction from being replayed. To use this, use the "more options" button on the send page.

This feature also supports splitting tokens, but it's very experimental and will not work on all tokens. Since all of this is done using a contract then first you need to allow that contract to move tokens in your behalf by clicking "Approve token transfer".

As always, these features are experimental and should be tested with small amounts first. Although most transactions are replayed on both chains, some may not for multiple reasons. Also, some exchanges have issues receiving ether from a contract address - if that's your case, contact the exchange.

We've also removed all Fork code from the Mist app, so if you want to use it Ether Classic you'll have to either download Classic Mist directly from their repository or use your own node as the backend for your wallet (both Ethereum Wallet and Mist can connect to any node) as you would do for a private network.

Other changes

  • Fixes blank screen at startup #1110 - This nasty bug was one of the culprits of the long delay, as it was an erratic behaviour that would only affect installs on a clean system
  • Adds a links to the contract source code on the confirmation window
  • Added contrast on dark themes #1001
  • Enabled HTTP RPC sockets (#871)
  • Fixed Tabs permissions update (#1061)
  • Fixed node download logic (#1048)
  • New wallet favicon and 404 page (ethereum/meteor-dapp-wallet/263)


SHA256 3094577c0c5c3c29772904847a0440728bc7734a2663abae791e9088dffaf2f9
SHA256 e4893796e4cee64d8dd21e36eb938ed9f90baf8690e17584ac579f99af871fd7
SHA256 12e43b5f321a1b94357db74d3b31abb1aea5ae3e542b19f0eaad3f966160ca13
SHA256 5bbf24e65cd1eac40c508f2bb2074a070d43be3e2fcc46b630c96a2328963880
SHA256 e2c14df2506572fda2a3aec600b2f2da89e726cb3b5471476d19f94795cd9055

SHA256 e281b2b4e9f261d8983642ea03929063d28349265294150a1940feb0792f5f14
SHA256 3a222dd76a3b9b8f5f768cae7e57258fc07cff138e95c9c566687b8547275fea
SHA256 70a558edcbc1ee66df3c5762eb08ac14f9743e9f1782aa335386247ed0f8a50d
SHA256 5f9f58588b0df52dc770fdf13c569cbd2af312806fe772a8a64beadd4ea5f62b
SHA256 048b979b6294ec283e10811aa94c87e4810489856c038bc02c338db8eeff0526

Edit: Mist checksums corrected
at 2016-08-25 03:23:43 UTC
thanks to @Crypt0_Bear