parent
206662003d
commit
e832f5e39b
@ -0,0 +1,53 @@
|
|||||||
|
Bitcoin Core version 0.9.1 is now available from:
|
||||||
|
|
||||||
|
https://bitcoin.org/bin/0.9.1/
|
||||||
|
|
||||||
|
This is a security update. It is recommended to upgrade to this release
|
||||||
|
as soon as possible.
|
||||||
|
|
||||||
|
It is especially important to upgrade if you currently have version
|
||||||
|
0.9.0 installed and are using the graphical interface OR you are using
|
||||||
|
bitcoind from any pre-0.9.1 version, and have enabled SSL for RPC and
|
||||||
|
have configured allowip to allow rpc connections from potentially
|
||||||
|
hostile hosts.
|
||||||
|
|
||||||
|
Please report bugs using the issue tracker at github:
|
||||||
|
|
||||||
|
https://github.com/bitcoin/bitcoin/issues
|
||||||
|
|
||||||
|
How to Upgrade
|
||||||
|
--------------
|
||||||
|
|
||||||
|
If you are running an older version, shut it down. Wait until it has completely
|
||||||
|
shut down (which might take a few minutes for older versions), then run the
|
||||||
|
installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or
|
||||||
|
bitcoind/bitcoin-qt (on Linux).
|
||||||
|
|
||||||
|
If you are upgrading from version 0.7.2 or earlier, the first time you run
|
||||||
|
0.9.1 your blockchain files will be re-indexed, which will take anywhere from
|
||||||
|
30 minutes to several hours, depending on the speed of your machine.
|
||||||
|
|
||||||
|
0.9.1 Release notes
|
||||||
|
=======================
|
||||||
|
|
||||||
|
No code changes were made between 0.9.0 and 0.9.1. Only the dependencies were changed.
|
||||||
|
|
||||||
|
- Upgrade OpenSSL to 1.0.1g. This release fixes the following vulnerabilities which can
|
||||||
|
affect the Bitcoin Core software:
|
||||||
|
|
||||||
|
- CVE-2014-0160 ("heartbleed")
|
||||||
|
A missing bounds check in the handling of the TLS heartbeat extension can
|
||||||
|
be used to reveal up to 64k of memory to a connected client or server.
|
||||||
|
|
||||||
|
- CVE-2014-0076
|
||||||
|
The Montgomery ladder implementation in OpenSSL does not ensure that
|
||||||
|
certain swap operations have a constant-time behavior, which makes it
|
||||||
|
easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache
|
||||||
|
side-channel attack.
|
||||||
|
|
||||||
|
- Add statically built executables to Linux build
|
||||||
|
|
||||||
|
Credits
|
||||||
|
--------
|
||||||
|
|
||||||
|
Credits go to the OpenSSL team for fixing the vulnerabilities quickly.
|
Loading…
Reference in new issue