Skip to content

v0.7.0

Latest
Latest

Choose a tag to compare

View all tags
@marcelosalloum marcelosalloum released this 15 Jun 16:48
· 1 commit to main since this release
v0.7.0
f49dcf5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Migration guide

Security

  • Harden charge and channel payment verification (#47)
    • Add a payer-bound signedHash push credential (tx hash + sourceSignature over "{challenge.id}:{hash}"), verified against the key controlling the on-chain transfer's from.
    • Advertise accepted credential types via methodDetails.credentialTypes so clients detect unsupported settlement modes before paying; sponsored (feePayer) servers advertise pull mode only.
    • Accept only payer-authenticated push (signedHash) and pull (transaction) credentials by default; legacy unsigned hash push is no longer accepted unless an operator opts in with allowUnsignedPush: true, which logs each acceptance for migration tracking.
    • Require an atomic store (one providing update() compare-and-set) for both charge and channel servers, validated at construction with a clear error.
    • Channel: require explicit commitment pinning on the client, verify the simulated commitment matches the pinned channel, intended amount, network, and domain before signing, reject credentials during the on-chain close settling window, add an opt-in per-funder fee budget, and warn at startup when a fee-bump signer is configured without one.
    • Channel: document that the server store's update() must be a linearizable compare-and-set (a get-then-put or eventually-consistent backend is not sufficient for multi-process deployments), with single- and multi-process reference implementations.
    • Charge: document the same linearizable compare-and-set store requirement (store JSDoc and README), and strengthen the cross-process replay test to assert exactly one acceptance and one rejection.
    • Charge: deduplicate pull-mode settlements by transaction hash (shared with push mode), and warn when a fee-bump signer is configured.

Changed

  • Tighten the dependency supply chain (#47)
    • Add a 7-day minimumReleaseAge pnpm setting as a supply-chain guard.
    • Upgrade all dependencies to the newest versions satisfying it.
    • Tighten the @stellar/stellar-sdk and mppx peer ranges to the tested versions.

Removed

  • BREAKING: Remove the non-functional channel open MPP action (#47)
    • Drop the open credential action, the server-side open settlement path, and the examples/channel-open.ts example.
    • The one-way-channel contract is created by its constructor at deploy time and has no on-chain open entrypoint, so the MPP open path was dead code. Deploy the channel out-of-band (e.g. with the stellar CLI); off-chain vouchers and on-chain close are unchanged.
Assets 2
Loading