Skip to content

v1.7.17 - P2P Security & Hardening Update

Choose a tag to compare

View all tags
@github-actions github-actions released this 13 May 15:20
· 30 commits to develop since this release
v1.7.17
This tag was signed with the committer’s verified signature. The key has expired.
fbsobreira Fernando Sobreira
GPG key ID: 968D90BBCE4D0AFF
Expired
Verified
Learn about vigilant mode.
333f6ec
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release Notes - v1.7.17

Overview

This release closes GHSA-74m6-4hjp-7226 with a coordinated set of P2P and KVM hardening fixes, bumps the libp2p stack to clear Dependabot security alerts, and adopts reproducible, stripped release builds for supply-chain integrity. It also delivers node-monitoring metrics, WebSocket improvements, and a validator benchmark tool. One fix introduces a consensus-affecting fork flag (FixAuditChangesV2) — all validators must upgrade before the activation epoch. There are no other breaking changes.

⚠️ Operators: Upgrade all validators to v1.7.17 before the FixAuditChangesV2 activation epoch. The activation epoch is coordinated and published separately. Until activation, behavior is bit-identical to v1.7.16.

🔒 Security & Hardening

GHSA-74m6-4hjp-7226 Remediation

  • [KLC-2347] Enforce read-only invariant on KVM delete/upgrade dispatch, preventing read-only nested execution from committing contract delete/upgrade side effects. Guards added at execute() dispatch and as defense-in-depth in doExecContractDelete, executeUpgrade, and executeDelete. Gated behind new fork flag FixAuditChangesV2 for coordinated activation.
  • [KLC-2348] Fix P2P throttler slot leak in MultiDataInterceptor (CWE-400 / CWE-693). Compressed-batch decompression-error branch no longer leaks throttler slots — previously, ~100 malformed compressed batches permanently exhausted the global P2P throttler, silently DoS'ing transaction, trie-node, and header interceptors until restart. Same hardening applied to SingleDataInterceptor.
  • [KLC-2352] Cap gzip decompression in Batch to prevent P2P-bomb DoS (CWE-409). Inflated payload now bounded to 10 MiB via io.LimitReader; rejects mismatch between self-reported DataSize and inflated payload as defense-in-depth. Public Decompress(marshalizer) signature unchanged.
  • [KLC-2353] Cap items-per-batch in MultiDataInterceptor (MaxItemsPerBatch = 8192), enforced after Unmarshal and again after Decompress. Prevents pre-allocation DoS where attacker-controlled length flowed straight into make([]InterceptedData, len(b.Data)).

Dependencies

  • [KLC-2377] Bumped libp2p stack to clear Dependabot security alerts, strengthening peer-to-peer communication security.

🛡️ Supply-Chain Hardening

  • [KLC-2349] Release builds now use -trimpath -s -w -buildid= -buildvcs=false, producing reproducible, stripped binaries. Removes build-host paths and embedded VCS metadata from shipped artifacts; two builds of the same tag from the same source produce identical artifacts (modulo signing).

✨ Features & Improvements

API & WebSocket

  • [KLC-1517] Added WebSocket event support on non-indexer nodes, broadening real-time event access across the network.
  • [KLC-2088] Improved WebSocket infrastructure and added query features, enhancing real-time data retrieval capabilities.
  • [KLC-2339] Added title and description fields to error receipts, giving developers richer structured feedback on transaction failures.

Monitoring & Observability

  • [KLC-1952] Enhanced node monitoring API with new metrics, expanding operator visibility into node health and performance.

Tooling

  • [KLC-2161] Added validator benchmark tool, enabling performance profiling and diagnostics for validator operators.

🚀 Performance Improvements

  • [KLC-2126] Refactored transaction processing for performance and correctness, reducing overhead in core transaction handling.
  • [KLC-2126] Applied panic guards, resolved race conditions, and improved naming across cryptographic components, increasing runtime reliability.
  • [KLC-2245] Recalibrated GoRoutines benchmark tests, ensuring more accurate performance baselines for concurrency profiling.

🐛 Bug Fixes

  • [KLC-2297] Fixed old seednode peer-ID generation, restoring correct identification for legacy seednodes.

🧰 Infrastructure & DevOps

  • [KLC-2061] Added ARM64 support in Debian Dockerfiles for library handling, expanding deployment compatibility for ARM-based infrastructure.
  • [KLC-1911] Updated third-party GitHub Actions to latest versions, keeping the build pipeline current and secure.
  • [KLC-2184] Enhanced CodeRabbit configuration for assertive blockchain-aware reviews, improving automated review quality and consistency.
  • Refactored golangci-lint installation and execution steps in CI workflow for faster, more reliable linting.

📦 What's Changed

  • GHSA-74m6-4hjp-7226: [KLC-2347] Enforce read-only invariant on KVM delete/upgrade dispatch + [KLC-2348] Fix P2P throttler slot leak in MultiDataInterceptor by @fbsobreira (68b94a40)
  • GHSA-74m6-4hjp-7226: [KLC-2352] Cap gzip decompression in Batch to prevent P2P bomb DoS + [KLC-2353] Cap items-per-batch in MultiDataInterceptor by @fbsobreira (333f6ec9)
  • [KLC-1517] Add support for websocket events on non indexer nodes by @nickgs1337 in #24
  • [KLC-2126] refactor(transaction): performance and correctness improvements by @fbsobreira in #25
  • [KLC-2126] refactor(crypto): review fixes — panic guards, race conditions, naming and tests by @fbsobreira in #26
  • [KLC-2088] Web Socket Improvements & query features by @nickgs1337 in #30
  • [KLC-2061] Add ARM64 support in debian Dockerfiles for library handling by @RomuloSiebra in #31
  • [KLC-2161] feat: add validator benchmark tool by @Beroni in #32
  • [KLC-2184] chore: enhance CodeRabbit config for assertive blockchain-aware reviews by @fbsobreira in #33
  • [KLC-2245] Recalibrate GoRoutines benchmark tests by @Beroni in #34
  • [KLC-2297] Fix old seednodes peer ID generation by @RomuloSiebra in #35
  • [KLC-1952] Enhance node monitoring API with new metrics by @phcarneirobc in #36
  • [KLC-1911] Update third-party GitHub Actions to latest versions by @phcarneirobc in #37
  • [KLC-2339] Add title and description fields to error receipts by @Beroni in #39
  • [KLC-2349] Adopt -trimpath -s -w -buildid= -buildvcs=false for release builds by @fbsobreira in #41
  • [KLC-2377] bump libp2p stack to clear Dependabot security alerts by @fbsobreira in #42

🔄 Upgrade Notes

This release contains a consensus-affecting fork-gated change. Upgrade all validators to v1.7.17 before the configured FixAuditChangesV2 activation epoch. We strongly recommend upgrading to take advantage of:

  • Critical P2P hardening fixes addressing GHSA-74m6-4hjp-7226 (decompression bombs, pre-allocation DoS, throttler slot leak)
  • KVM read-only invariant enforcement on delete/upgrade dispatch (fork-gated)
  • libp2p security updates
  • Reproducible, stripped release builds for supply-chain integrity

Migration Path

Update to v1.7.17 — no configuration changes or data migrations required. Coordinate the validator rollout so all nodes are running v1.7.17 before the FixAuditChangesV2 activation epoch.

👥 Contributors

Full Changelog: v1.7.16...v1.7.17

Contributors

fbsobreira, nickgs1337, and 3 other contributors
Assets 5
Loading