Skip to content

0.13.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@v0d1ch v0d1ch released this 04 Oct 07:17
· 1652 commits to master since this release
0.13.0
This tag was signed with the committer’s verified signature.
v0d1ch Sasha Bogicevic
GPG key ID: 8FE67EA9460B6F07
Learn about vigilant mode.
9f1027e
This commit was signed with the committer’s verified signature.
v0d1ch Sasha Bogicevic
GPG key ID: 8FE67EA9460B6F07
Learn about vigilant mode.

Release focusing on various security fixes, ensuring users can commit scripts using inline datums, simplifying event storing, an important update to our security policy, and lots of other fixes.

Warning
As this release fixes a number of security issues, users running Hydra heads on mainnet are strongly advised to close them and upgrade their nodes to this version

Warning
There are several known issues, which are explained in the documentation.

Built artifacts

  • 📦 Static x86_64-linux binaries: here (also attached)

  • 🐳 Docker image: here

Hydra Scripts

Transaction IDs to be used as --hydra-scripts-tx-id when running hydra-node on the following networks:

  • preview: 1e00c627ec4b2ad0b4aa68068d3818ca0e41338c87e5504cda118c4050a98763 checked in smoke test #132
  • preprod: f917dcd1fa2653e33d6d0ca5a067468595b546120c3085fab60848c34f92c265 checked in smoke test #133
  • mainnet: 989e3ab136a2cdd3132a99975e76e02f62bcb03ba64ddbb5d2dfddffca8d390d checked in smoke test #131

This release contains breaking changes of the persistence and on-chain scripts
and you'll need to apply the following procedure to upgrade all the nodes
running a head:

  1. Close the head
  2. Stop hydra-node
  3. Remove persistent files stored in --persistence-dir, in particular
    server-output and state
  4. Upgrade hydra-node version
  5. Upgrade cardano-node version to 8.1.2
  6. Start new hydra-node version with new --hydra-scriptx-tx-id
  7. Open a new head

New Security Advisories

  • CVE-2023-42448: Contestation deadline can be tempered with after a head is closed
  • CVE-2023-42449: Participation tokens can be extracted from initial script using forged policy id
  • CVE-2023-38701: Committed UTxO can be spent arbitrarily (this fix was actually released in version 0.12.0)

Thanks to @jmhrpr for reporting those issues.

  • BREAKING

    • Update to plutus 1.9. This changes the script hashes.
    • Changes to hydra-plutus scripts.

  • Query at the tip for local cardano-node queries. 1053

  • Add option to draft a commit tx using inline datums. 1052

  • Remove hydra-tools package.

    • Move functionality to generate hydra keys to the hydra-node executable.
      1031

  • Changes to hydra-node state persistency:

    • Remove the recursive definition of the chain state.
    • This makes the event store more lightweight and easier to read and work with. 1049

    Full Changelog: 0.12.0...0.13.0

New Contributors

Other contributors to this release: @abailly-iohk @ch1bo @v0d1ch @ffakenz @pgrange

Contributors

caike, pgrange, and 6 other contributors
Assets 3