From conner at lightning.engineering Fri Oct 9 00:19:09 2020 From: conner at lightning.engineering (Conner Fromknecht) Date: Thu, 8 Oct 2020 17:19:09 -0700 Subject: [Lightning-dev] Partial LND Vulnerability Disclosure, Upgrade to 0.11.x Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi all, We are writing to let the Lightning community know about the existence of vulnerabilities that affect lnd versions 0.10.x and below. The full details of these vulnerabilities will be disclosed on October 20, 2020. The circumstances surrounding the discovery resulted in a compressed disclosure timeline compared to our usual timeframes. We will be publishing more details about this in the coming weeks along with a comprehensive bug bounty program. While we have no reason to believe these vulnerabilities have been exploited in the wild, we strongly urge the community to upgrade to lnd 0.11.0 or above ASAP. Please ping us on the #lnd IRC channel, the LND Slack, or at support at lightning.engineering if you need any assistance in doing so. Upgrade instructions can be found in our installation docs: https://github.com/lightningnetwork/lnd/blob/master/docs/INSTALL.md#installing-lnd. Regards, Conner Fromknecht -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEnI1hhop8SSADsnRO59c3tn+lkscFAl9/ozwACgkQ59c3tn+l kscVvBAAk21z6tlHPkOSwfj1lBE0pqc65A6Qa927WEjN5hdUpjjof4Xo2j+GzbnN Uoj4HGZu+koakzoVpJ4mzN+vg086zAnv+K668hhl7bbPHsQu6FqA1ALiAyy0nH6H 1yukXxpRflq53RTIVPjrEnFVdt6FCLhkCm9LuOk0a/SUf8D4b/N6OaB1Bxupeceu QFSCIkb9kvW/Eplwkv7PEnx/IZNGIQP9F11DaKLTAjWY5RnIxmCw/oamvlP8Mxt8 /AqlzWVtPVqvwgJLhbMziraXNVV05naHrIXvbXrOI2Q7FZjdaxF+S4EKT4feuq1w iW7NYSS/u5N2FP3yK8YIdoX0I/nwYQQcpsfbAv2dS4Ql2Td/dyREId4NcchmaKSV N3w1jByMPWrgUtinl5WEDDOJdUKS2PHkQ95t3s/1uYDFsPz1kXJR2x37a/1AVz/K 6zQ45wFvHEopFR49hu/CV6MUvsvn4XKzPa46Ii7puaBaNqygx0RwuwlxbxCNxPNQ v45CaCUEq2Tj3stu7YoYGntFvrXVkxXJocn51eK6D+g0bIEXxaGlPJeTuvifKMTO 3T3ZEEbCe9UhDUT8Ja2boP2IIi8wAyExGS59k0tndQGzMSjkzWZ0fzgYyyf+y4nt r3nTCGi5WWe4y1i2KpiYZTRrQkbrNkRf+fnVdlnTS4lcgEWFFiY= =8t9Q -----END PGP SIGNATURE-----