Oxen 11.6.0 - introducing Session Router

Oxen 11.6.0, now with Session Router

This OPTIONAL oxen-core Session Node update adds Session Router to the Session Node requirements. Session Router is the result of a long, deep rewrite of Lokinet that will form the basis of private, anonymous, secure network communications in future versions of Session.

Installing the 11.6 update (including Session Router) will help Session developers test the network at a larger scale as Session Router is further refined and developed as the app’s communication base layer. Session Router will become required for all Session Nodes in a future mandatory upgrade, but for now is only required for operators who upgrade to oxend 11.6.0.

Note that if you are using a firewall, the new Session Router code requires communication on a new port, UDP port 1190 by default.

See the Session Router release notes for more details.

Ubuntu 20.04 end of life

Note that this release (and any future releases) no longer support Ubuntu 20.04 (aka Ubuntu "focal"), as has been warned about for the past few months of releases. 20.04 is no longer supported by Ubuntu as of June of this year, and it is strongly recommended for anyone still running Session Nodes on Ubuntu 20.04 to upgrade to 22.04 (or better yet, 24.04) as soon as possible. The official deb packages now require Ubuntu 22.04+, or Debian 11+, and Ubuntu 24.04 or Debian 13 are recommended if starting up a new Session node server.

multi-sn

Session Node operators on more powerful servers using the "multi-sn" scripts MUST run oxen-multi-sn-upgrade after upgrading the packages to generate and set up the required multi-sn configurations and services for Session Router.

(If you have no idea what this means, you can ignore this section.)

Other changes

• Fixed a warning about a rewards database value mismatch. The values used for the warnings were incorrectly calculated: the database actually does not contain an incorrect value. This corrects the warnings calculation to stop the message from appearing.

• The debian and ubuntu packages now use jemalloc for memory allocation, which should reduce the amount of memory that long-running oxend processes use.

• Various library dependency updates and small compilation fixes needed on newer systems.

(This release will be updated with static binary builds in the near future once they are also available for Session Router itself).

Oxen 11.5.0

Oxen 11.5.0

This mandatory Service Node upgrade addresses fixes some problems related to reward calculation that was missing some earned rewards, thus making rewards impossible to claim. It also fixes some database-related bugs that had a small chance of causing oxend about once/week.

This release also coincides with minor (but required) upgrades for Oxen Storage Server and Lokinet.

This release is mandatory for service nodes: uptime proofs from older versions will stop being accepted by the network at block height 1,901,759 (expected at 00:00 UTC on 29 July 2025).

Full Changelog: v11.4.0...v11.5.0

Updating service nodes

For service node operators using Debian 11+ and Ubuntu 20.04+, the upgraded packages are available from our APT repository. Static binaries for other users are available below.

Ubuntu 20.04 warning

Note that Ubuntu 20.04 support will likely be dropped in the near future. We strongly encourage operators still running 20.04 to start migrating to 22.04 or 24.04 as soon as possible.

Signatures for static release binaries

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Signed SHA256 hashes of release files. These are signed using Jason's GPG
key available at:
 - the oxen-io/oxen-core repository, at /utils/gpg_keys/Jason.asc
 - OpenPGP key servers (Jason Rhinelander <jason@session.foundation>, A88D4262)
 - https://imaginary.ca/public.gpg
 - https://github.com/jagerman.gpg

853d375e22f3e7a24d1970190a810c3c40d743a6d8f31d0186608eec1d6cec3c  oxen-linux-x86_64-11.5.0.tar.xz
531e3ccf2c0db3398da7c3c3e270497869d3bf1c5f40faa2db0b34f84900242a  oxen-macos-arm64-11.5.0.tar.xz
fc0cfd2a961b11d6e86da1257e560302599f26270c1b00eb0e2327db2cd534b8  oxen-macos-x86_64-11.5.0.tar.xz
7f70cfcdff9fa3804b9ca775cc9337f6f7c53008e3afe61307f4e66069964d74  oxen-win-x64-11.5.0.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZjYdjjyW5Bxty3BRxJks56iNQmIFAmiG1KYACgkQxJks56iN
QmL8+Q//ci7abnjw1LrCcpJeEIdtJmX0zJSoPrrUzf71NF5OkxynFPMfmenBMfNO
YfWOUSPt4nrzE8yi28z8c30NecYKJ6LPpbMCV6BMEMkPnYalbeRM3ftVsd63f0uY
EopahH0YK3gyXAxng493ohY0RlaCLTbtsNbMoQMLeI9WpDK9XiaWOvPFhVL3jGoV
3Hek/6O841XQJxU4TIBM8wBGa8OYmu+5CoTbdCp562EMqfGIl7GxHH2F+BUgRemd
DYCJmHaWuzeLnUuiqozIRz4IsE1EExo6/mwmxcqHnEsUXD15JqMEFrSqU7xd5nNO
5XtmJyx8Sb2x0PBDwBPYhaVOiGT8FE26M+uYhIDy39QAxQANaGM6T9nXY/TxPr4q
q9/zrFV/tPX9O1r9BDvbIP6rOdgF16fif9fG/QKtCqQRTdcKSTB8EpPpRhD3JBxS
wENsToFv47vf9W9QslXZa8KZDrj+W6VpRfW7+8Noe1B8OkSxopc0zuJtOM90dOFy
Qcizma6W9flOairD0Da9W5ab0T29duK+QubpCkKS/0vgCzAhOoTpPyXSXgY/UPbC
Q316ChiCqPuMxtIRh4DneTsWufNjAtWsVZbWD2MZYodxLHGXYZVpIbOGU8eJuDwW
/89yE8dWmkozvdgb6sMevCY/91+rMiJOdo9y83MuslhqpE4Jz8I=
=RdT1
-----END PGP SIGNATURE-----

Oxen 11.4.0

This release is a mandatory upgrade (technically, a hard fork) that corrects some stuck service node stakes caused by witnessing failures in the Oxen 11.3.0 release. While the witnessing bugs were corrected with most of the Service Node network upgraded to Oxen 11.3.2, the funds that had already gotten stuck before that update are corrected by this release along with a few other bug fixes and improvements.

This update schedules a hardfork (HF22) to apply the fixups at block 1871519, scheduled for Tue, 17 Jun 2025 00:00 UTC. Service nodes must upgrade by that time or will be decommissioned.

Stuck contribution fixes

A total of 10 specific service nodes have stuck funds that are corrected by this release:

• 2 HF20 nodes transitioned into HF21 with changed BLS keys, and as a result got kicked off the network (without crediting the stakes) as imposters a couple hours into HF21. This unusual edge case only affected nodes transitioning from HF20, and so cannot reoccur.
• 7 registrations ended up failing with stuck funds. A malfunctioning RPC provider in use by a major network operator, combined with a bug in validating L2 event votes in pulse quorums, led to 7 SN registrations getting denied by the oxen network, with those stakes in the Arbitrum contract, but because the service not network denied the events, the funds were not credited to the contributors. The bug itself was corrected with 11.3.2.
• 1 contract exit was similarly denied on the oxen chain by the same bug, resulting in the exited node being stuck in the "recently removed" node, but with the denied exit event, oxend will not release the funds. Like the above, this was fixed by 11.3.2.

While 11.3.2 prevented the bugs from occurring again, this 11.4.0 update credits the claimable amount of the contributors to the 10 service nodes at the 11.4.0 hard fork height. As this credit needs to be coordinated across all service nodes at once, this required a network hard fork to implement.

To be clear: these adjustments are not crediting new SESH to anyone, but rather are just updating the oxend credit associated with accounts to match the amount that these contributors have already made to the Arbitrum SNRewards contract but cannot currently be claimed.

Other changes and improvements

• We have reworked how rewards are calculated internally, starting at the HF22 added in this release. Back when batching was introduced with Oxen 10, everything was stored in milli-atomic OXEN, so that when one single block's reward got split across the many thousands of contributors in thousands of nodes, the numeric imprecision was not too large. This value never got too huge, though, because pending rewards got paid out twice per week for each address.

  In HF21, however, the claimable amount becomes cumulative: the oxen side keeps track of the total of all rewards and unstakes ever made, and the smart contract tracks the total claimed amounts ever paid. Claiming rewards involved getting a network-signed new cumulative level, submitting that to the contract, and then using the contract to pay the different between the new total and the contract's already-paid amount.

  The problem with this, however, is that this value grows forever, and slightly after 9 million SESH in lifetime rewards + unlocks for a single contributor it would overflow the maximum value storable in a 64-bit integer. While we aren't in imminent danger of hitting this problem, there are accounts with 2+ million SESH staked that could hit it in the not-so-distance future. Beginning at HF22, we change the reward calculation so that we still calculate each individual block rewards split in milli-atomics, but then round that off to the nearly atomic value when crediting an accounts rewards. This puts the the maximum at over 9 billion SESH, which is well out of harm's way. Because this does slightly change the reward (by, at most, 0.000000001 SESH per block per account) this change also required a hard fork to implement.

• We have reintroduced the BLS signature requirement to uptime proofs. Originally this was only included for HF20 (so that we could collect an initial set of BLS keys to seed the smart contract with), however we have observed at least 9 nodes on the network that are consistently producing invalid signatures for claims and exit signatures, which we believe to be caused by those operators not properly copying the key_bls file when migrating nodes.

  Upon investigation, we realized that there is no way at all to tell whether nodes have the proper BLS key, but it needs to have the same key it registered with to properly participate on the network.

• Improved rescan speed: "loading subsystems" is now nearly 50% faster than before, thanks to several optimizations. (This also improves blockchain syncing speed, as many of the same calculations are needed there):

  • The rewards database now stores contributor addresses in binary, avoiding the need to convert to/from string representations when working with the database.
  • Calculating a block's random seed is now more efficient, allowing faster determination of network quorums.
  • Some redundant calculations are avoided.
  • The "milli-atomic" issue discussed above avoids needing to divide several values by 1000, which makes a small improvement.
  • Some rewards database queries were optimized or could be eliminated.

• oxend is now less aggressive, and more verbose, about storing the SN state during a rescan, which can be intensive. Previously it would store a dump of the service node state (which is a fairly substantial amount of data) every minute while rescanning; it now saves once every 5 minutes, and randomly spreads out when it first saves to avoid having multiple oxend's restarted at once all hitting a very I/O intensive part of syncing at exactly the same time.

• Rebranded some messages that said "Loki network" to say "Session network" in the log message about being fully synced. By waiting sufficiently long to make this important change, we made an important optimization that saved an entire commit from the oxen-core commit history.

• Fixed an issue where the ONS database would need to be rescanned from the beginning of the chain after popping blocks. (This mainly affects dev usage as manual block popping is not a common production oxend operation).

• Fixed an issue where only the last purge in a block containing multiple purges was being processed.

• Cleaned up various old tables/triggers in the batching database that are no longer used, but hadn't been dropped on upgrades from Oxen 10.

• Various other small improvements and fixes (see commit log).

Updating service nodes

For service node operators using Debian 11+ and Ubuntu 20.04+, the upgraded packages are available from our APT repository. Static binaries for other users are available below.

Ubuntu 20.04 warning

Note that Ubuntu 20.04 support will likely be dropped for the next mandatory service node upgrade as 20.04 is no longer receiving OS security updates. While we do not have a planned date for the next release this yet, we strongly encourage operators still running 20.04 to start upgrading to 22.04 or 24.04 as soon as possible.

Signatures for static release binaries

``` -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Signed SHA256 hashes of release files. These are signed using Jason's GPG
key available at:

• the oxen-io/oxen-core repository, at /utils/gpg_keys/Jason.asc
• OpenPGP key servers (Jason Rhinelander jason@session.foundation, A88D4262)
• https://imaginary.ca/public.gpg
• https://github.com/jagerman.gpg

aeace7602648ce473d460ed43a86a685d48a781d0f74c8da17c71d46b0fd1470 oxen-linux-x86_64-11.4.0.tar.xz
6e30d7b6211c254c4c754fec6c89d6cd6d490ef72e73ef6ee54e0bd62e99401f oxen-macos-arm64-11.4.0.tar.xz
68fc4ce52d9e4077f6f2c9ae93a7b9cb89f422e480931fe9aed91898c6e95a90 oxen-macos-x86_64-11.4.0.tar.xz
ab90c48a68d4549aa4d26cf8bf0303433417244f0a8c039e3222a3f00ae86a38 oxen-win-x64-11.4.0.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZjYdjjyW5Bxty3BRxJks56iNQmIFAmhKAdwACgkQxJks56iN
QmKKFxAAkhPlBVoazRDgC427QDY2zgrcc9MLOTyAEez04q4IoeYrkiCsf6fcmO21
hN626U5F94+Gw5yhIV3Q4DQplahtqOk90eNUKmsKIm+Uzvz0XdUCTqQmB4nbQxnw
8G4dQOmY3v4KNCVSDxx73pv0K+b2BjSdJbcMVKjz6/Tglle9cksK9fo4Y44xNhSW
ThBUezARc5IOZT84CtPKV9xe6C13dP+Fod5ZBnLKhViufg7zjcAnzHLUxjV2ujKb
D5yWynjbfwsCFru4Zx2k00KiaPOHuPmh43lUMV+kJiaGZ4Jf2kr9XKTiJWx8dteB
w5avQNcS5NT4Ou+/whEh7rrhRFD9ofOxk2RzFplhPNJAaZSHCCcF1kDkiOrPmuzi
Q+GlQbGNMXmNSgUwyrTZxJQe8QO12eNlY7Sf2coLGFBumeUI+A0xN0JA068a+m5+
gr8095ELceWRSKQ7YcKbcVxqTRq7Th/z/9z/dLi984BBYFf8Q4DyPlw5giMEV4Io
Z0CERvAbPrItCbwuJHRFmAWnMQCvGiqGBbBIhUOCmZF9+osnpJBd6L0Yob9XOv7M
8Sayr5Xy7lLZRhKAkkhghFx7raij4CtO9G0iCzj3Ps/QeKLbTqpFAmsFDxXzu6p7
Av677KSTxjL39sJm43JIHl5aqRtfe+9rQQaiBeKjldB/32Kmdyo=
=1vt4
-----END PGP SIGNATURE-----

Oxen 11.3.2

11.3.2 Service Node update

This release fixes recent issues observed on the chain since the hard fork:

• fixes a deadlock that could cause oxend to hang (and need to be forcibly restarted), most frequently encountered when using an l2 proxy.
• fixed a bug that did not properly clean up "zombie" records, and would prevent proper signature generation for claims and unlocks as a result.
• improves the reliability of pulse quorums properly validating incoming events from Arbitrum.
• Tweaks the default L2 provider settings to improve compatibility with provider free tiers:
  • The default l2-max-logs option is decreased from 1000 to 500, for compatibility with some free tier offerings (such as Alchemy). Under normal operations this will not increase credit usage, but will use more credits upon oxend restart. (If you provider supports more, feel free to increase the value in your oxen.conf).
  • The default for the l2-update-cooldown option is now increased to 1.25s, to help avoid request per second rate limits imposed by some providers' free tiers (notably Infura), most commonly during oxend startup when it is fetching recent L2 events. Previously the option was disabled by default and oxend would try to request logs as fast as the responses arrive from the provider, but this could hit rate limits.
• Make oxend more robust against L2 failures. Previously failed L2 requests could end up leaving oxend in a state where it wanted to deny L2 transactions (because it failed to fetch them -- possibly because of rate limiting). Oxend now delays pulse participations and proofs until the L2 logs catch up rather than sending bad data to the network.
• Fix an issue with how RPC responses are being returned that causes problems in current Session clients.

While this is not a mandatory update, it is strongly recommended for all Service Nodes operators to update as soon as possible to avoid deadlocks and to improve network reliability.

Updating service nodes

For service node operators using Debian 11+ and Ubuntu 20.04+, the upgraded packages are available from our APT repository. Static binaries for other users are available below. Note that Ubuntu 20.04 support will be dropped in the near future, and operators on 20.04 should start planning to upgrade to 22.04 or 24.04.

Signatures for static release binaries

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Signed SHA256 hashes of release files. These are signed using Jason's GPG
key available at:
 - the oxen-io/oxen-core repository, at /utils/gpg_keys/Jason.asc
 - OpenPGP key servers (Jason Rhinelander <jason@session.foundation>, A88D4262)
 - https://imaginary.ca/public.gpg
 - https://github.com/jagerman.gpg

a5259693db75185dc16d0299a5c7903d2dd41872907cc95c9a14dbd02fdb9817  oxen-linux-x86_64-11.3.2.tar.xz
b12c5ca79f22fd37967a6b218a3af72d95c67c499a09c6d637774abc0db56e81  oxen-macos-arm64-11.3.2.tar.xz
775651decf75c06408a04922c4591d8e1c695fbf47e3ef681910dc53b23f60d6  oxen-macos-x86_64-11.3.2.tar.xz
1abac52d05c2096995217acaa8d694f5b84942d2dc7abd3dfdf3b78bf03b7c67  oxen-win-x64-11.3.2.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZjYdjjyW5Bxty3BRxJks56iNQmIFAmhAiSMACgkQxJks56iN
QmLbLxAAiXUCRRSV9TFt1BTVAtzcJI7lTc4JsixlaacMjaVVxuzekwkwdutmvH0O
0+jRJtxt5T+vyHx6/6Sr1tgVUB/liLPSZ7Dl3gswjTFS33/ymZc6d79C0wHVhvCA
r+kflncT5ZxRnPFPratf7IWmJu2e0C4ajf11OsdTF0cnX7nvM153jSQHnD1Fdksb
vtE3jnhy6o2RS0seGe7wx2eMWhQNGG7MbiPC58AMc9s54Y0VBEX4p6gTLivGF0Yg
oQmqoxE5Q7G+Pzqux3PZvn0LVQxWsADjOkAOpZz01spMh3WsZSSPWpI4Gp+IOB68
M+rhdulNFRHbhrDV4LtrxbPQRoUdpCANiDNYKW4IaN6My71IyYA6t963zz75hIoQ
imcvX7MF5bodiC7dHKRxYDYHQbYatelMr/jHiMZANX67crSzb+Wgk5b7qxV7ieUk
fbzWdvCWRrlqanPktChuO2CjlQKj724ie5vNv3aYEzEH9mVBbWpFG4JFKHkxgEy9
JNmKwr5f0RVO1W5pSeaSVmJvD0XhNca254UtdGRHt3RKPthUao3Tjh7AbUMrmOvF
Kn65dRXKDdwME4LHEBeE2hqkyEs87Tw2ZbuKtROcDm7zopvW1DTToSsr2MblYvf9
162jqEOeA5sHix9sz23XJvAInxNJ23jGaC5uvZvWWxDxmK/r5gg=
=Hoxj
-----END PGP SIGNATURE-----

Oxen 11.3.1: "Landing"

This is the final mandatory upgrade required to transition to the SESH token and TGE (updated with some minor fixes).

11.3.1 minor update

The 11.3.1 release includes some minor bug fixes, log improvement for L2 provider failures, and some new L2 provider tuning parameters. It is recommended, but not a required updated if already running 11.3.0.

The following release notes are for the 11.3.x updates in general, and are copied from the 11.3.0 release:

Oxen 11.3 Landing

This mandatory update, compared to the earlier 11.2.x releases, includes some improvements, a few bug fixes, but most importantly adds the upgrade to the final "Landing" hardfork, internally called hardfork 21, along with the conversion info (pubkeys, registered OXEN addresses, and earned SN bonus amounts) needed to complete the transition.

Hardfork 21 begins at block 1852079, which is expected to arrive at Wed, 21 May 2025 00:00, UTC.

Important notes for upgrading

• The 11.x upgrade (beginning with the previous release) added a new key file, key_bls, in your oxen data directory. Restoring or moving a node requires this key, and so you should ensure that you back it up along with your existing key_ed25519 if you haven't already done so.

• Nodes that currently have different primary and auxiliary pubkeys (i.e. that have separate key and key_ed25519 key files -- this will apply to nodes that were set up prior to Oxen 8) will change their SN pubkey at the HF21 to unify these to only use the key_ed25519 going forward. This means that any tools you have tracking a node by pubkey may need to be updated at the hardfork to recognize the new pubkey. (If your node does not show a separate Auxiliary Pubkey when you look it up on https://oxen.observer then this does not apply to you).

• For operators running nodes on Ubuntu 20.04, please note that this Ubuntu version is nearing the end of its support lifetime at the end of May, and while we still support 20.04 packages for this release, this will be the last major releases where we continue to support Ubuntu 20.04. Upgrading to 22.04, or better yet, 24.04, is recommended.

L2 oxen proxy upgrading

If you are running multiple service nodes and using an L2 proxy, note that you will need to ensure that you update the proxy and any proxy-using nodes at the same time: 11.2.x nodes will produce errors when talking to 11.3.x proxies, and vice versa, because of the contract address added in the release. One solution, if you have set up multiple redundant oxend proxies, is to update one proxy at the beginning of your upgrade plan, and the other at the end, so that all your nodes have at least one same-version oxend proxy through the upgrade process. (This is not expected to be needed for future service node upgrades, but rather is a unique situation for the 11.2->11.3 upgrade).

Updating service nodes

For service node operators using Debian 11+ and Ubuntu 20.04+, the upgraded packages are available from our APT repository. Static binaries for other users are available below. Note that Ubuntu 20.04 support will be dropped in the near future, and operators on 20.04 should start planning to upgrade to 22.04 or 24.04.

Signatures for static release binaries

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Signed SHA256 hashes of release files. These are signed using Jason's GPG
key available at:
 - the oxen-io/oxen-core repository, at /utils/gpg_keys/Jason.asc
 - OpenPGP key servers (Jason Rhinelander <jason@session.foundation>, A88D4262)
 - https://imaginary.ca/public.gpg
 - https://github.com/jagerman.gpg

ddfc0b9b645ea7386234ed4adab23198514863d7f54b4eedda274d09d67bcd52  oxen-linux-x86_64-11.3.1.tar.xz
6909684eb48037fe71d8807922a26573fbdadf08d01de7faceed2844343075ab  oxen-macos-arm64-11.3.1.tar.xz
60cce81b499827529e6509ded778a822f04915f230d4324f91dac4d63904e4ee  oxen-macos-x86_64-11.3.1.tar.xz
68aadc20cabaaf78e700735d136887091bc038caf3952cd7bfab31a7d5cd8d3c  oxen-win-x64-11.3.1.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZjYdjjyW5Bxty3BRxJks56iNQmIFAmgmG4UACgkQxJks56iN
QmLI7Q//TYUV2MjaiG/VEi2IY5A3w2LY2wiTywcj1RWhs+E5dy3VOI3a0JRTtxT5
HQMpDjiAmKosUZHHg1iDlQbG+1IQ2YTPKvkg4/r4Gx9T8vP8X4DQevKjZt9kC3CZ
KDZsAfJC+0Bh5UqCZmUBK51Jk1vH9jB1O+Dz7TEUzcP5Ym3H55vU7iz6JFOf2H8U
X15ZvUnnfWCeeTKLhuqHijk1QwT3oenhBYNvJQpyjY32/rQAcgwsiBxhDJkVqto7
XT28v1lyNIWwUgArOAvBFz3x3lzC1kYHXQnszBv3PWfQsiIpfPcgOngTGn75DCUS
uOqN/+dzRRJp7L8VGpVESosMG4EJBl/VABnWWyLrarH5rbq+dVtzTwsgdSpPf+gb
Ix9s3cLB76xt2B2Qry3Q+YNx1BoD42bRvfadQR5wj4QzjVkbBGCcDJdCfuEoN41M
tUyd3zTbACwkoo0JLhbyJMRiHXhAnYBRW3BUl/oQBtV1EgGcWdmsxVVb9RhYNzvQ
2hSJVyNMU0jq+/KHTerwWe8omEuZe31D2diNniaxrBs6AHUGVNcCUnzUJQFR8aLB
XsRZTtsNikv8CiB1h46p1UcK8CtmsY77zkI3wg97T/mzdbpe1rPLQxmFqE8mXsGc
F5P55ICJzZVUky/FPj04lM4z2H1OFTPT9dbIRsBsproUdDdHSs0=
=Cvtj
-----END PGP SIGNATURE-----

Oxen 11.3.0: "Landing"

This is the final mandatory upgrades required to transition to the SESH token and TGE.

This mandatory update, compared to the earlier 11.2.x releases, includes some improvements to a few bug fixes, but most importantly adds the upgrade to the final "Landing" hardfork, internally called hardfork 21, along with the conversion info (pubkeys, registered OXEN addresses, and earned SN bonus amounts) needed to complete the transition.

Hardfork 21 begins at block 1852079, which is expected to arrive at Wed, 21 May 2025 00:00, UTC.

Important notes for upgrading

• The 11.x upgrade (beginning with the previous release) added a new key file, key_bls, in your oxen data directory. Restoring or moving a node requires this key, and so you should ensure that you back it up along with your existing key_ed25519 if you haven't already done so.

• Nodes that currently have different primary and auxiliary pubkeys (i.e. that have separate key and key_ed25519 key files -- this will apply to nodes that were set up prior to Oxen 8) will change their SN pubkey at the HF21 to unify these to only use the key_ed25519 going forward. This means that any tools you have tracking a node by pubkey may need to be updated at the hardfork to recognize the new pubkey. (If your node does not show a separate Auxiliary Pubkey when you look it up on https://oxen.observer then this does not apply to you).

• For operators running nodes on Ubuntu 20.04, please note that this Ubuntu version is nearing the end of its support lifetime at the end of May, and while we still support 20.04 packages for this release, this will be the last major releases where we continue to support Ubuntu 20.04. Upgrading to 22.04, or better yet, 24.04, is recommended.

L2 oxen proxy upgrading

If you are running multiple service nodes and using an L2 proxy, note that you will need to ensure that you update the proxy and any proxy-using nodes at the same time: 11.2.x nodes will produce errors when talking to 11.3.x proxies, and vice versa, because of the contract address added in the release. One solution, if you have set up multiple redundant oxend proxies, is to update one proxy at the beginning of your upgrade plan, and the other at the end, so that all your nodes have at least one same-version oxend proxy through the upgrade process. (This is not expected to be needed for future service node upgrades, but rather is a unique situation for the 11.2->11.3 upgrade).

Updating service nodes

For service node operators using Debian 11+ and Ubuntu 20.04+, the upgraded packages are available from our APT repository. Static binaries for other users are available below. Note that Ubuntu 20.04 support will be dropped in the near future, and operators on 20.04 should start planning to upgrade to 22.04 or 24.04.

Signatures for static release binaries

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Signed SHA256 hashes of release files. These are signed using Jason's GPG
key available at:
 - the oxen-io/oxen-core repository, at /utils/gpg_keys/Jason.asc
 - OpenPGP key servers (Jason Rhinelander <jason@session.foundation>, A88D4262)
 - https://imaginary.ca/public.gpg
 - https://github.com/jagerman.gpg

05f416e4a478144c5b65775ff5f23b659b3ccbf2f1a3939151bb512e231cefb0  oxen-linux-x86_64-11.3.0.tar.xz
41854372f8b231211954e1ac98b422291e15ae9b8967384e43c84675bfe5b72e  oxen-macos-arm64-11.3.0.tar.xz
e37408cb71c3211e4b990569f68237b774b5282cd9446581fc57db3f47e66806  oxen-macos-x86_64-11.3.0.tar.xz
17c97c13ea8c569d3a0da5b795cae7634a6d07a2b430ab47663819c4009e3452  oxen-win-x64-11.3.0.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZjYdjjyW5Bxty3BRxJks56iNQmIFAmgj1+UACgkQxJks56iN
QmKZOg/9EHf/PXz+HhmfJ7XvEkQ+66ngOgc/xw2QyEoMpG2aYG1hmuA+0VQQSRic
ZywWOpQ/4RnjlkWfhJeI5+Bt+aTf6uf6hfdGI1rktgZA+AO+4PKwk8SjJqF15n8H
YpeyY4F7c94SUXahrfENCc1vXxVEYJDUjZgntyE63EvhV8uTZSpF4chCiaWl5AMe
3fBIODwOWt6qCCV8p85YpLB9//E7BWpQcqlfherD9g8tX4kIAy1D2w2hdobFSf9J
v1HTJ98Rstw8Lz1r7yZT9m7EZmY0Ynn87CeJgBwUEHeUpFDkgs7IC2YHioaNqv4u
I0hqBrmo2G7G/vnF0/phUQnleAzvv45Q8aEu/JSuXI/sKUbyZYSVWqxrDpBUCZLD
Ykr8JY7FtOC/z7Lxm0MZUVZV9M4p7ZrGEjw7Z8H0dAOO4V0euxU/VuP60JJ3GcDc
kQsnfwNfu0+9Zt6r+3s12HzFddhzVPF+xmE6amGW1aj+x9BwLqbNw36cN0hyqXy6
WD4tuvQnFCaPq6Sotu6ajso2jdGZJM0coOacwGyF3ODET0q3r6Ptq88MGZ2l2b3y
V7bWTctT1MwL4msmRo+nj+SfY1U5yC/IySkIJo70YFngw4W4+y5zKoz+B4myXhA7
6+zUg7AAol9t9hYl8qEKwIPgOqW31VwGZs6KT87LEofP0dJeq+k=
=RsoP
-----END PGP SIGNATURE-----

Oxen 11.2.0: "Anchor"

This is the first (of two) mandatory upgrades required to transition to the SESH token, and kicks off the move to SESH TGE.

This mandatory update, compared to the earlier 11.1.x releases, includes a few bug fixes, but most importantly adds the upgrade to the intermediate "Anchor" hardfork, internally called hardfork 20.

Hardfork 20 begins at block 1836239, which is expected to arrive at Tue, 29 Apr 2025 00:00, UTC.

This release sets to stage for moving to TGE, but having nodes create and start broadcasting their new BLS public keys which are needed to seed the initial SESH service node contract with the network's public keys.

Compared to the last mandatory version, 10.6, this Oxen 11 release brings myriad changes to reliability and performance, a new logging system, new more maintainable RPC layer, along with all the code (not yet activated on mainnet) to turn the oxen chain into the "work chain" following the upcoming SESH Arbitrum launch. This is the same code (fix fixes) that has been active on our public "stagenet" for a few months, but we are now confident enough to recommend this version instead of the current 10.6.x release for existing and new installations.

Important notes for upgrading

• This upgrade adds a new key file, key_bls, in your oxen data directory. Restoring or moving a node requires this key, and so you should ensure that you back it up along with your existing key_ed25519 (and possibly key, for very old nodes).

• This hardfork disables new service node registrations until the transition is complete. (This was necessary because we will need to take a snapshot of all service nodes in order to build them into the next release as well as to prepare the contracts for the next release).

• A new version of storage server, 2.10.0, is required for service nodes.

• You can expect another mandatory upgrade to follow, which will complete the transition to SESH.

• For operators running nodes on Ubuntu 20.04, please note that this Ubuntu version is nearing the end of its support lifetime at the end of May, and while we still support 20.04 packages for this and the upcoming final transition release, these release are expected to be the last major releases where we continue to support Ubuntu 20.04. Upgrading to 22.04, or better yet, 24.04 is recommended.

Specifying an L2 provider

oxend requires being set up with an Arbitrum One RPC provider to be able to follow the upcoming smart contracts. This requires adding a line such as:

l2-provider=https://arbitrum-one-provider-url

to the oxen.conf configuration file. (You can add multiple such lines if you want to have a primary + backup L2 providers).

If you run multiple service nodes, it is also possible to have some of your oxend nodes provide L2 information to other nodes to reduce the number of L2 RPC requests (and thus RPC provider fees). More information on L2 proxying can be found in the docs.

Updating service nodes

For service node operators using Debian 11+ and Ubuntu 20.04+, the upgraded packages are available from our APT repository. Static binaries for other users are available below. Note that Ubuntu 20.04 support will be dropped in the near future, and operators on 20.04 should start planning to upgrade to 22.04 or 24.04.

Signatures for static release binaries

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Signed SHA256 hashes of release files. These are signed using Jason's GPG
key available at:
 - the oxen-io/oxen-core repository, at /utils/gpg_keys/Jason.asc
 - OpenPGP key servers (Jason Rhinelander <jason@session.foundation>, A88D4262)
 - https://imaginary.ca/public.gpg
 - https://github.com/jagerman.gpg

9d35b641ca107a59ba3bb082744c18561294c5ea910a323124c36a06e1c96f35  oxen-linux-x86_64-11.2.0.tar.xz
f028f8274b4b31ae66a06b82b1e80dd8a99fa513db668a091f190ff045a8e075  oxen-macos-arm64-11.2.0.tar.xz
9abc78ef85374bf766dffea150eb0c31c62c1aae528e4ebc26afd08fb1e797ef  oxen-macos-x86_64-11.2.0.tar.xz
62534858930fc4ecc3a1f6f6e446288d7cc4f37f7fda6481f1e7ccd691e47b66  oxen-win-x64-11.2.0.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZjYdjjyW5Bxty3BRxJks56iNQmIFAmgKWiQACgkQxJks56iN
QmIEdBAAhGTrfYa+LUj1NvkoYiAkKFsYbyYH+3Gi6h6sER9nvkNTWJfw8IbCD42F
oYdd9pgrlWH0jYGJi8SvqvdDB0THj3x1c5ZK7y9mL97W+mMN7xdFOmClwjcewMkw
hw4kJd0TTQLEUJzTDNXH4AqVi7TH3zucjO29FJvrox0cY4BpYgXDTo8QpQU7UiAB
d0eH1Fn/E1vagOKCBpY8CvAJPmfhhsJylwCYvF/WwRrSOmNGInBzqZjjWMQzO1t0
b+ulGeugcqxNuDpLe4kYMEOusPtcgGQHXXQvFTR17tDTohYbzHX9oy9JnJZDeF+M
uyqZ7m2qAPdDU6ZfmxoeKYfo0lhhHOCApRcZmwTSCO3rlo+ftzbA7wf9uugNFNjU
SgMqLefg5AM/CPObom+kKoRRtLKDl3CC4B3CVdBM61oY4Dtf1taGdimnVaAyemNz
VQjBQCIqniugvFa8SRCN9VZhWhsaSrVISFfuttHaQZjlvITkIIA9vNW0ThdbKr3z
uDZxRKpF41a3jjYeOdoKlo4nKCQ6W7PsNzXrZyjZiAE/VgnM+COZYbgeJy9rlvJB
68EpMDXQTMwNsuWs/uhHPl7mPdKwhHmEDrZOEv38Ey7MEOwu+kxNgL6FJJweVM+Y
FsumrKtGSB/aRHVp9vN9ZXtnR/Mg5lsDjGukKKleJ/ig1rGfcnY=
=+091
-----END PGP SIGNATURE-----

Oxen 11.1.1

This non-mandatory update includes all planned features and code from the upcoming Anchor Hardfork (11.2.0). While not mandatory, we encourage operators to experiment early with this release and its new features, such as connecting to an Arbitrum One RPC node, before they become strict requirements following the Anchor Hardfork.

Under the hood this release has myriad changes to reliability and performance, a new logging system, new more maintainable RPC layer, along with all the code (not yet activated on mainnet) to turn the oxen chain into the "work chain" following the upcoming SESH Arbitrum launch. This is the same code (fix fixes) that has been active on our public "stagenet" for a few months, but we are now confident enough to recommend this version instead of the current 10.6.x release for existing and new installations.

Specifying an L2 provider

This release does not yet require an L2 provider (that will become required in the mandatory upgrade 11.2.0), but an L2 provider can be configured ahead of that schedule to test that it works by add a line:

l2-provider=https://arbitrum-one-provider-url

to the oxen.conf configuration file. (You can add multiple such lines if you want to have a primary + backup L2 providers).

Updating service nodes

For service node operators using Debian 11+ and Ubuntu 20.04+, the upgraded packages are available from our APT repository. Static binaries for other users are available below.

Note that this release requires an updated oxen-storage-server (2.9.0) with some minor bug fixes and small new features, and lokinet (0.9.13) with some minor fixes.

Signatures for static release binaries

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Signed SHA256 hashes of release files. These are signed using Jason's GPG
key available at:
 - the oxen-io/oxen-core repository, at /utils/gpg_keys/Jason.asc
 - OpenPGP key servers (Jason Rhinelander <jason@session.foundation>, A88D4262)
 - https://imaginary.ca/public.gpg
 - https://github.com/jagerman.gpg

c772657d5f7568fb30d45828140e1b54546bc25a4895c1ede2263936f00682f8  oxen-linux-x86_64-11.1.1.tar.xz
b4b50f03963b96755192d894af8c4faf070303f615fed38928a821ff3d58f6f4  oxen-macos-arm64-11.1.1.tar.xz
2533d5778f804217f84720ee4dc5fa21836e32af6451eb3d727308b9733b630f  oxen-macos-x86_64-11.1.1.tar.xz
9b25d535c7d6933ebac27c68d0801084e2e3dff5bb94632f35d4fc67a57cbb8c  oxen-win-x64-11.1.1.zip

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZjYdjjyW5Bxty3BRxJks56iNQmIFAmfBMxUACgkQxJks56iN
QmJ5pQ/+I9F/UgwucSCVFHy7DCKngdNURStkwwv8+7riqr4R8QkxzSjB0k/PRcrD
Zzv39e+1w4zhM2OtFfZRB8qWCHUoV15b5h1oSPTxqc9NIrcqN7ieK3e43ggAKeEP
+HtOlOE0q9VqMqPD7uqVZ3dxFDFzfkG4nuz4HAI3xvh1tWd1axwIq3y8HkD7Fqsh
zPUY63Gw+IsMj6wA5z3/vz2alhx21O1CHf+4jXmlDbtcaO3VCmWkVixavRtAALfk
vGBhLE+TC6g7WnfpG6z7h5Tls6VAfrRaaPMnxFRcL00yCdCKrxjAjrZQNF8P0DJv
OPe6S8pE1uVwpPW/9JJgmLJ7Uk56aSjYkPKuf27928MOzgA/omHEwAPe3Jq4sqVe
cEXMyeeVMfYog0QE19QYzNeIXahRz6FaP0YLhYGlfGH+8iNVButoXICRDxfD8o5C
xYVacJLeWbr+RbLuS5riheP3AxPgczhC8IvIMLJkM9PdIuMHtj5khNtgqgq3ifSf
bd1h7cT7bFs8ORbxUiwytXiaTsWeoK2m3AKAdc1AvyD1YQD/y41/86auswDhDy6J
seRxVdsZTtUSyNBuruip8DIDAEESaHVIIx5fKsdbzqf+F7hRiOJTT9DILBbJcJSy
FucpsHMQmQ6EQzzdGwz60bUJsPWjaWifeCAHsSKq+s2db2ibPo4=
=45sg
-----END PGP SIGNATURE-----

Oxen 10.6.0

This mandatory service node upgrade significantly increases the capacity of the Oxen Storage Server to handle requests to the Session file server and Communities. Although similar in nature to the previous v10.5.0 release, this release addresses further issues found after the 10.5.0 was applied on most of the network.

(This release is not required for non-service nodes or wallets).

Upgrade date

As with the v10.5.0 release, we strongly encourage service node operators to upgrade as soon as possible: Session clients will see greater benefits of the upgrade the more service nodes that upgrade.

This update is required for service nodes before block 1,641,104 @ 31 July 2024, scheduled for:

• Wed Jul 31 23:30:00 2024 UTC
• Thu Aug 1 09:30:00 2024 Australia/Melbourne
• Wed Jul 31 19:30:00 2024 US/Eastern

Updating service nodes

For service node operators using Debian 11+ and Ubuntu 20.04+, the upgraded packages are available from our APT repository. Static binaries for other users are available below.

Signatures for static release binaries

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Signed SHA256 hashes of release files. These are signed using Jason's GPG
key available at:
 - the oxen-io/oxen-core repository, at /utils/gpg_keys/Jason.asc
 - OpenPGP key servers (Jason Rhinelander <jason@imaginary.ca>, A88D4262)
 - https://imaginary.ca/public.gpg
 - https://github.com/jagerman.gpg

e89e0ad67d59f1aa797bc43f1fa18f08344eee7778067ec2f3b67ca87480a62d  oxen-linux-x86_64-10.6.0.tar.xz
493681e7ecf22465f9a60e60df9dea047e82984028950307fc916fbd07482800  oxen-win-x64-10.6.0.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZjYdjjyW5Bxty3BRxJks56iNQmIFAmae4QEACgkQxJks56iN
QmLKAA//Qd7gI3FTXtSKRo1j2JpBz6Ysmj3kQiZBa+pSkdLl/T4jlDUPu1vC0mJN
qGkO2x+fDkdP5WSEBaVQeBnoGSr37sKLtwm3sn94/giXKBaj+TDtawh1VM5NgvYo
EV77DrstmT3G0UnkgbsbkZnwCIMGLfkI5+Ir1suBunAqaZjILUz/wDmF9dn/gBar
Ep6dK+yGp/e5DqFAYU1iVfDclbzp9n//zRjxWTUOkPafIQXwE6CD5ZPFqKUI6Hci
vUBKZ1E9V2CRt8dP3Mi49v3jE5oxJboXQwYJnV5aHrbYTd4mNjnqKFF0pnAgOS1w
IdFhmAVUMgH+cUJVvafp8c++EDLdHnUvFf+GTYZ2RFVDLOD3WQ6sgDMTbYj7sb9C
vNjmiQgF98YdmESt8BFM6oklMCRlPwARJB2LjWw3tOYIVvXWUMUiBp4Z0uQ93tgj
/SF0Fz0b4oYJydZpzdpIpuTaEpPizo+MepSH8vTdn5w+iHO40cyeizU5nzTPdYnv
DiKQwlez0wmxA73K/jmcXIRTC8IGxXN+UTPzsN8BR9Wr1DCfItYqsASXDr6LPFkN
vQenCbB7565NclGoROadL4mBqxZy8DegCobkUVQSJk3VjNBuArFYuS3VkdTjh8SN
GcD71DuCZ6fxGkTrd8dKOyOzViSo0OMIsNj5JHlbsZndCU02a64=
=vOJv
-----END PGP SIGNATURE-----

Oxen 10.5.0

This mandatory service node upgrade fixes a crash in the Oxen Storage Server that has caused recent network instability for the Session network. The Oxen 10.5.0 release has no changes other than requiring the new storage server version.

(This release is not required for non-service nodes or wallets).

Upgrade date

Although there are several days before the network starts enforcing the upgrade, we strongly encourage service node operators to upgrade as soon as possible: the more service nodes that upgrade, the more the Session network stability will improve.

This update is required for service nodes before block 1634624, scheduled for:

• Mon Jul 22 23:30:00 2024 UTC
• Tue Jul 23 09:30:00 2024 Australia/Melbourne
• Mon Jul 22 19:30:00 2024 US/Eastern

Ubuntu 18.04 and Debian 10 are no longer supported

As we announced around the time of the 10.4.0 release, older versions of Ubuntu (18.04) and Debian (10) are no longer supported for this or future releases; if your service node is still on such a version we strongly encourage upgrading as soon as possible so that you can upgrade to the 10.5.0 release. We fully support Ubuntu 20.04, 22.04, 24.04, as well as Debian 11 and 12 releases.

Signatures for static release binaries

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Signed SHA256 hashes of release files. These are signed using Jason's GPG
key available at:
 - the oxen-io/oxen-core repository, at /utils/gpg_keys/Jason.asc
 - OpenPGP key servers (Jason Rhinelander <jason@imaginary.ca>, A88D4262)
 - https://imaginary.ca/public.gpg
 - https://github.com/jagerman.gpg

59e17756ad57e0581f37c689c9160a37f8f11005743ebdb2f615bc08cc0668a0  oxen-linux-x86_64-10.5.0.tar.xz
cf4ac2a3f13dd20653287ab1a8a2de31dd1c465567fa2dc0d0241ccb99268f86  oxen-win-x64-10.5.0.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZjYdjjyW5Bxty3BRxJks56iNQmIFAmaQJ18ACgkQxJks56iN
QmIGfA//Ws8r/1YrYeHdzHgjQTW2nm1C6QDavXVSI73E56stNy3hTKSkMc9mNBlf
0blEEiwxsL9wje41zriCXusVlc2Z4cWMOjMMV31N5Yvg5fLDeQkDH5SF6Rj8U+d4
KKDLP4V014KxYN+7WYDecoBb0W4B4uc0KGwlCphSpL9ec8Y2ZSkMJKQXI2ztYUK+
SbEy9mQbyZ4pxvV/biDDD3Uw2aY2NFbcZWgIzxyclU9rCi8sn2vvHuqC8QZ5z9D2
ylvgU4EyiZ6+T/Rs2rMAqKUWGRmbQZIfjrD02clDkGioBYLpUOscbxAd27zuqpXq
dMts8y/xOKfiKjv0WhVHJPAIXJLuuKxSY4DpTJPRKpfemYNOqHXCeWUAEZ9i0HQs
R/XzZOZk5Jl4D/S3fSXq5TxPMOn8fXGEKqUqJpwCX+4XRsO5s2FiclXQN1UjkL9B
cO5cE6ioYC3Nro5+JADsHpJ3Bc3FvJXAVYZLsQGW7oqobLrvjsowkxBoK7UrVaxe
2jpuJVZkVd5Lon81yOjZJJ5dm2Tibyk6yK5ROoBUwJ+HUL7tjKzOe55RpPhLRvR1
PY8W9oAGNDeva3WyfpZuIPQM5ShAmQJ4ZvUjfVCz0yodVBCIWfr67gmL6YKDaWm2
usI5to/5j9C5aAA8suqnjypQd42BP6/I1SMfO/fUl2VI5WOJ2jA=
=8zWq
-----END PGP SIGNATURE-----