github.com/aakash4dev/cometbft@v0.38.2/CHANGELOG.md (about) 1 # CHANGELOG 2 3 ## v0.37.2 4 5 *June 14, 2023* 6 7 Provides several minor bug fixes, as well as fixes for several low-severity 8 security issues. 9 10 ### BUG FIXES 11 12 - `[state/kvindex]` Querying event attributes that are bigger than int64 is now 13 enabled. We are not supporting reading floats from the db into the indexer 14 nor parsing them into BigFloats to not introduce breaking changes in minor 15 releases. ([\#771](https://github.com/aakash4dev/cometbft/pull/771)) 16 - `[pubsub]` Pubsub queries are now able to parse big integers (larger than 17 int64). Very big floats are also properly parsed into very big integers 18 instead of being truncated to int64. 19 ([\#771](https://github.com/aakash4dev/cometbft/pull/771)) 20 21 ### IMPROVEMENTS 22 23 - `[rpc]` Remove response data from response failure logs in order 24 to prevent large quantities of log data from being produced 25 ([\#654](https://github.com/aakash4dev/cometbft/issues/654)) 26 27 ### SECURITY FIXES 28 29 - `[rpc/jsonrpc/client]` **Low severity** - Prevent RPC 30 client credentials from being inadvertently dumped to logs 31 ([\#787](https://github.com/aakash4dev/cometbft/pull/787)) 32 - `[cmd/cometbft/commands/debug/kill]` **Low severity** - Fix unsafe int cast in 33 `debug kill` command ([\#793](https://github.com/aakash4dev/cometbft/pull/793)) 34 - `[consensus]` **Low severity** - Avoid recursive call after rename to 35 `(*PeerState).MarshalJSON` 36 ([\#863](https://github.com/aakash4dev/cometbft/pull/863)) 37 - `[mempool/clist_mempool]` **Low severity** - Prevent a transaction from 38 appearing twice in the mempool 39 ([\#890](https://github.com/aakash4dev/cometbft/pull/890): @otrack) 40 41 ## v0.37.1 42 43 *April 26, 2023* 44 45 This release fixes several bugs, and has had to introduce one small Go 46 API-breaking change in the `crypto/merkle` package in order to address what 47 could be a security issue for some users who directly and explicitly make use of 48 that code. 49 50 ### BREAKING CHANGES 51 52 - `[crypto/merkle]` Do not allow verification of Merkle Proofs against empty trees (`nil` root). `Proof.ComputeRootHash` now panics when it encounters an error, but `Proof.Verify` does not panic 53 ([\#558](https://github.com/aakash4dev/cometbft/issues/558)) 54 55 ### BUG FIXES 56 57 - `[consensus]` Unexpected error conditions in `ApplyBlock` are non-recoverable, so ignoring the error and carrying on is a bug. We replaced a `return` that disregarded the error by a `panic`. 58 ([\#496](https://github.com/aakash4dev/cometbft/pull/496)) 59 - `[consensus]` Rename `(*PeerState).ToJSON` to `MarshalJSON` to fix a logging data race 60 ([\#524](https://github.com/aakash4dev/cometbft/pull/524)) 61 - `[light]` Fixed an edge case where a light client would panic when attempting 62 to query a node that (1) has started from a non-zero height and (2) does 63 not yet have any data. The light client will now, correctly, not panic 64 _and_ keep the node in its list of providers in the same way it would if 65 it queried a node starting from height zero that does not yet have data 66 ([\#575](https://github.com/aakash4dev/cometbft/issues/575)) 67 68 ### IMPROVEMENTS 69 70 - `[jsonrpc/client]` Improve the error message for client errors stemming from 71 bad HTTP responses. 72 ([cometbft/cometbft\#638](https://github.com/aakash4dev/cometbft/pull/638)) 73 74 ## v0.37.0 75 76 *March 6, 2023* 77 78 This is the first CometBFT release with ABCI 1.0, which introduces the 79 `PrepareProposal` and `ProcessProposal` methods, with the aim of expanding the 80 range of use cases that application developers can address. This is the first 81 change to ABCI towards ABCI++, and the full range of ABCI++ functionality will 82 only become available in the next major release with ABCI 2.0. See the 83 [specification](./spec/abci/) for more details. 84 85 In the v0.34.27 release, the CometBFT Go module is still 86 `github.com/tendermint/tendermint` to facilitate ease of upgrading for users, 87 but in this release we have changed this to `github.com/aakash4dev/cometbft`. 88 89 Please also see our [upgrading guidelines](./UPGRADING.md) for more details on 90 upgrading from the v0.34 release series. 91 92 Also see our [QA results](https://docs.cometbft.com/v0.37/qa/v037/cometbft) for 93 the v0.37 release. 94 95 We'd love your feedback on this release! Please reach out to us via one of our 96 communication channels, such as [GitHub 97 Discussions](https://github.com/aakash4dev/cometbft/discussions), with any of your 98 questions, comments and/or concerns. 99 100 See below for more details. 101 102 ### BREAKING CHANGES 103 104 - The `TMHOME` environment variable was renamed to `CMTHOME`, and all environment variables starting with `TM_` are instead prefixed with `CMT_` 105 ([\#211](https://github.com/aakash4dev/cometbft/issues/211)) 106 - `[p2p]` Reactor `Send`, `TrySend` and `Receive` renamed to `SendEnvelope`, 107 `TrySendEnvelope` and `ReceiveEnvelope` to allow metrics to be appended to 108 messages and measure bytes sent/received. 109 ([\#230](https://github.com/aakash4dev/cometbft/pull/230)) 110 - Bump minimum Go version to 1.20 111 ([\#385](https://github.com/aakash4dev/cometbft/issues/385)) 112 - `[abci]` Make length delimiter encoding consistent 113 (`uint64`) between ABCI and P2P wire-level protocols 114 ([\#5783](https://github.com/tendermint/tendermint/pull/5783)) 115 - `[abci]` Change the `key` and `value` fields from 116 `[]byte` to `string` in the `EventAttribute` type. 117 ([\#6403](https://github.com/tendermint/tendermint/pull/6403)) 118 - `[abci/counter]` Delete counter example app 119 ([\#6684](https://github.com/tendermint/tendermint/pull/6684)) 120 - `[abci]` Renamed `EvidenceType` to `MisbehaviorType` and `Evidence` 121 to `Misbehavior` as a more accurate label of their contents. 122 ([\#8216](https://github.com/tendermint/tendermint/pull/8216)) 123 - `[abci]` Added cli commands for `PrepareProposal` and `ProcessProposal`. 124 ([\#8656](https://github.com/tendermint/tendermint/pull/8656)) 125 - `[abci]` Added cli commands for `PrepareProposal` and `ProcessProposal`. 126 ([\#8901](https://github.com/tendermint/tendermint/pull/8901)) 127 - `[abci]` Renamed `LastCommitInfo` to `CommitInfo` in preparation for vote 128 extensions. ([\#9122](https://github.com/tendermint/tendermint/pull/9122)) 129 - Change spelling from British English to American. Rename 130 `Subscription.Cancelled()` to `Subscription.Canceled()` in `libs/pubsub` 131 ([\#9144](https://github.com/tendermint/tendermint/pull/9144)) 132 - `[abci]` Removes unused Response/Request `SetOption` from ABCI 133 ([\#9145](https://github.com/tendermint/tendermint/pull/9145)) 134 - `[config]` Rename the fastsync section and the 135 fast\_sync key blocksync and block\_sync respectively 136 ([\#9259](https://github.com/tendermint/tendermint/pull/9259)) 137 - `[types]` Reduce the use of protobuf types in core logic. `ConsensusParams`, 138 `BlockParams`, `ValidatorParams`, `EvidenceParams`, `VersionParams` have 139 become native types. They still utilize protobuf when being sent over 140 the wire or written to disk. Moved `ValidateConsensusParams` inside 141 (now native type) `ConsensusParams`, and renamed it to `ValidateBasic`. 142 ([\#9287](https://github.com/tendermint/tendermint/pull/9287)) 143 - `[abci/params]` Deduplicate `ConsensusParams` and `BlockParams` so 144 only `types` proto definitions are use. Remove `TimeIotaMs` and use 145 a hard-coded 1 millisecond value to ensure monotonically increasing 146 block times. Rename `AppVersion` to `App` so as to not stutter. 147 ([\#9287](https://github.com/tendermint/tendermint/pull/9287)) 148 - `[abci]` New ABCI methods `PrepareProposal` and `ProcessProposal` which give 149 the app control over transactions proposed and allows for verification of 150 proposed blocks. ([\#9301](https://github.com/tendermint/tendermint/pull/9301)) 151 152 ### BUG FIXES 153 154 - `[consensus]` Fixed a busy loop that happened when sending of a block part failed by sleeping in case of error. 155 ([\#4](https://github.com/informalsystems/tendermint/pull/4)) 156 - `[state/kvindexer]` Fixed the default behaviour of the kvindexer to index and 157 query attributes by events in which they occur. In 0.34.25 this was mitigated 158 by a separated RPC flag. @jmalicevic 159 ([\#77](https://github.com/aakash4dev/cometbft/pull/77)) 160 - `[state/kvindexer]` Resolved crashes when event values contained slashes, 161 introduced after adding event sequences in 162 [\#77](https://github.com/aakash4dev/cometbft/pull/77). @jmalicevic 163 ([\#382](https://github.com/aakash4dev/cometbft/pull/382)) 164 - `[consensus]` ([\#386](https://github.com/aakash4dev/cometbft/pull/386)) Short-term fix for the case when `needProofBlock` cannot find previous block meta by defaulting to the creation of a new proof block. (@adizere) 165 - Special thanks to the [Vega.xyz](https://vega.xyz/) team, and in particular to Zohar (@ze97286), for reporting the problem and working with us to get to a fix. 166 - `[docker]` enable cross platform build using docker buildx 167 ([\#9073](https://github.com/tendermint/tendermint/pull/9073)) 168 - `[consensus]` fix round number of `enterPropose` 169 when handling `RoundStepNewRound` timeout. 170 ([\#9229](https://github.com/tendermint/tendermint/pull/9229)) 171 - `[docker]` ensure Docker image uses consistent version of Go 172 ([\#9462](https://github.com/tendermint/tendermint/pull/9462)) 173 - `[p2p]` prevent peers who have errored from being added to `peer_set` 174 ([\#9500](https://github.com/tendermint/tendermint/pull/9500)) 175 - `[blocksync]` handle the case when the sending 176 queue is full: retry block request after a timeout 177 ([\#9518](https://github.com/tendermint/tendermint/pull/9518)) 178 179 ### FEATURES 180 181 - `[abci]` New ABCI methods `PrepareProposal` and `ProcessProposal` which give 182 the app control over transactions proposed and allows for verification of 183 proposed blocks. ([\#9301](https://github.com/tendermint/tendermint/pull/9301)) 184 185 ### IMPROVEMENTS 186 187 - `[e2e]` Add functionality for uncoordinated (minor) upgrades 188 ([\#56](https://github.com/tendermint/tendermint/pull/56)) 189 - `[tools/tm-signer-harness]` Remove the folder as it is unused 190 ([\#136](https://github.com/aakash4dev/cometbft/issues/136)) 191 - `[p2p]` Reactor `Send`, `TrySend` and `Receive` renamed to `SendEnvelope`, 192 `TrySendEnvelope` and `ReceiveEnvelope` to allow metrics to be appended to 193 messages and measure bytes sent/received. 194 ([\#230](https://github.com/aakash4dev/cometbft/pull/230)) 195 - `[abci]` Added `AbciVersion` to `RequestInfo` allowing 196 applications to check ABCI version when connecting to CometBFT. 197 ([\#5706](https://github.com/tendermint/tendermint/pull/5706)) 198 - `[cli]` add `--hard` flag to rollback command (and a boolean to the `RollbackState` method). This will rollback 199 state and remove the last block. This command can be triggered multiple times. The application must also rollback 200 state to the same height. 201 ([\#9171](https://github.com/tendermint/tendermint/pull/9171)) 202 - `[crypto]` Update to use btcec v2 and the latest btcutil. 203 ([\#9250](https://github.com/tendermint/tendermint/pull/9250)) 204 - `[rpc]` Added `header` and `header_by_hash` queries to the RPC client 205 ([\#9276](https://github.com/tendermint/tendermint/pull/9276)) 206 - `[proto]` Migrate from `gogo/protobuf` to `cosmos/gogoproto` 207 ([\#9356](https://github.com/tendermint/tendermint/pull/9356)) 208 - `[rpc]` Enable caching of RPC responses 209 ([\#9650](https://github.com/tendermint/tendermint/pull/9650)) 210 - `[consensus]` Save peer LastCommit correctly to achieve 50% reduction in gossiped precommits. 211 ([\#9760](https://github.com/tendermint/tendermint/pull/9760)) 212 213 ## v0.34.29 214 215 *June 14, 2023* 216 217 Provides several minor bug fixes, as well as fixes for several low-severity 218 security issues. 219 220 ### BUG FIXES 221 222 - `[state/kvindex]` Querying event attributes that are bigger than int64 is now 223 enabled. ([\#771](https://github.com/aakash4dev/cometbft/pull/771)) 224 - `[pubsub]` Pubsub queries are now able to parse big integers (larger than 225 int64). Very big floats are also properly parsed into very big integers 226 instead of being truncated to int64. 227 ([\#771](https://github.com/aakash4dev/cometbft/pull/771)) 228 229 ### IMPROVEMENTS 230 231 - `[rpc]` Remove response data from response failure logs in order 232 to prevent large quantities of log data from being produced 233 ([\#654](https://github.com/aakash4dev/cometbft/issues/654)) 234 235 ### SECURITY FIXES 236 237 - `[rpc/jsonrpc/client]` **Low severity** - Prevent RPC 238 client credentials from being inadvertently dumped to logs 239 ([\#788](https://github.com/aakash4dev/cometbft/pull/788)) 240 - `[cmd/cometbft/commands/debug/kill]` **Low severity** - Fix unsafe int cast in 241 `debug kill` command ([\#794](https://github.com/aakash4dev/cometbft/pull/794)) 242 - `[consensus]` **Low severity** - Avoid recursive call after rename to 243 `(*PeerState).MarshalJSON` 244 ([\#863](https://github.com/aakash4dev/cometbft/pull/863)) 245 - `[mempool/clist_mempool]` **Low severity** - Prevent a transaction from 246 appearing twice in the mempool 247 ([\#890](https://github.com/aakash4dev/cometbft/pull/890): @otrack) 248 249 ## v0.34.28 250 251 *April 26, 2023* 252 253 This release fixes several bugs, and has had to introduce one small Go 254 API-breaking change in the `crypto/merkle` package in order to address what 255 could be a security issue for some users who directly and explicitly make use of 256 that code. 257 258 ### BREAKING CHANGES 259 260 - `[crypto/merkle]` Do not allow verification of Merkle Proofs against empty trees (`nil` root). `Proof.ComputeRootHash` now panics when it encounters an error, but `Proof.Verify` does not panic 261 ([\#558](https://github.com/aakash4dev/cometbft/issues/558)) 262 263 ### BUG FIXES 264 265 - `[consensus]` Unexpected error conditions in `ApplyBlock` are non-recoverable, so ignoring the error and carrying on is a bug. We replaced a `return` that disregarded the error by a `panic`. 266 ([\#496](https://github.com/aakash4dev/cometbft/pull/496)) 267 - `[consensus]` Rename `(*PeerState).ToJSON` to `MarshalJSON` to fix a logging data race 268 ([\#524](https://github.com/aakash4dev/cometbft/pull/524)) 269 - `[light]` Fixed an edge case where a light client would panic when attempting 270 to query a node that (1) has started from a non-zero height and (2) does 271 not yet have any data. The light client will now, correctly, not panic 272 _and_ keep the node in its list of providers in the same way it would if 273 it queried a node starting from height zero that does not yet have data 274 ([\#575](https://github.com/aakash4dev/cometbft/issues/575)) 275 276 ### IMPROVEMENTS 277 278 - `[crypto/sr25519]` Upgrade to go-schnorrkel@v1.0.0 ([\#475](https://github.com/aakash4dev/cometbft/issues/475)) 279 - `[jsonrpc/client]` Improve the error message for client errors stemming from 280 bad HTTP responses. 281 ([cometbft/cometbft\#638](https://github.com/aakash4dev/cometbft/pull/638)) 282 283 ## v0.34.27 284 285 *Feb 27, 2023* 286 287 This is the first official release of CometBFT - a fork of [Tendermint 288 Core](https://github.com/tendermint/tendermint). This particular release is 289 intended to be compatible with the Tendermint Core v0.34 release series. 290 291 For details as to how to upgrade to CometBFT from Tendermint Core, please see 292 our [upgrading guidelines](./UPGRADING.md). 293 294 If you have any questions, comments, concerns or feedback on this release, we 295 would love to hear from you! Please contact us via [GitHub 296 Discussions](https://github.com/aakash4dev/cometbft/discussions), 297 [Discord](https://discord.gg/cosmosnetwork) (in the `#cometbft` channel) or 298 [Telegram](https://t.me/CometBFT). 299 300 Special thanks to @wcsiu, @ze97286, @faddat and @JayT106 for their contributions 301 to this release! 302 303 ### BREAKING CHANGES 304 305 - Rename binary to `cometbft` and Docker image to `cometbft/cometbft` 306 ([\#152](https://github.com/aakash4dev/cometbft/pull/152)) 307 - The `TMHOME` environment variable was renamed to `CMTHOME`, and all 308 environment variables starting with `TM_` are instead prefixed with `CMT_` 309 ([\#211](https://github.com/aakash4dev/cometbft/issues/211)) 310 - Use Go 1.19 to build CometBFT, since Go 1.18 has reached end-of-life. 311 ([\#360](https://github.com/aakash4dev/cometbft/issues/360)) 312 313 ### BUG FIXES 314 315 - `[consensus]` Fixed a busy loop that happened when sending of a block part 316 failed by sleeping in case of error. 317 ([\#4](https://github.com/informalsystems/tendermint/pull/4)) 318 - `[state/kvindexer]` Resolved crashes when event values contained slashes, 319 introduced after adding event sequences. 320 (\#[383](https://github.com/aakash4dev/cometbft/pull/383): @jmalicevic) 321 - `[consensus]` Short-term fix for the case when `needProofBlock` cannot find 322 previous block meta by defaulting to the creation of a new proof block. 323 ([\#386](https://github.com/aakash4dev/cometbft/pull/386): @adizere) 324 - Special thanks to the [Vega.xyz](https://vega.xyz/) team, and in particular 325 to Zohar (@ze97286), for reporting the problem and working with us to get to 326 a fix. 327 - `[p2p]` Correctly use non-blocking `TrySendEnvelope` method when attempting to 328 send messages, as opposed to the blocking `SendEnvelope` method. It is unclear 329 whether this has a meaningful impact on P2P performance, but this patch does 330 correct the underlying behaviour to what it should be 331 ([tendermint/tendermint\#9936](https://github.com/tendermint/tendermint/pull/9936)) 332 333 ### DEPENDENCIES 334 335 - Replace [tm-db](https://github.com/tendermint/tm-db) with 336 [cometbft-db](https://github.com/aakash4dev/cometbft-db) 337 ([\#160](https://github.com/aakash4dev/cometbft/pull/160)) 338 - Bump tm-load-test to v1.3.0 to remove implicit dependency on Tendermint Core 339 ([\#165](https://github.com/aakash4dev/cometbft/pull/165)) 340 - `[crypto]` Update to use btcec v2 and the latest btcutil 341 ([tendermint/tendermint\#9787](https://github.com/tendermint/tendermint/pull/9787): 342 @wcsiu) 343 344 ### FEATURES 345 346 - `[rpc]` Add `match_event` query parameter to indicate to the RPC that it 347 should match events _within_ attributes, not only within a height 348 ([tendermint/tendermint\#9759](https://github.com/tendermint/tendermint/pull/9759)) 349 350 ### IMPROVEMENTS 351 352 - `[e2e]` Add functionality for uncoordinated (minor) upgrades 353 ([\#56](https://github.com/tendermint/tendermint/pull/56)) 354 - `[tools/tm-signer-harness]` Remove the folder as it is unused 355 ([\#136](https://github.com/aakash4dev/cometbft/issues/136)) 356 - Append the commit hash to the version of CometBFT being built 357 ([\#204](https://github.com/aakash4dev/cometbft/pull/204)) 358 - `[mempool/v1]` Suppress "rejected bad transaction" in priority mempool logs by 359 reducing log level from info to debug 360 ([\#314](https://github.com/aakash4dev/cometbft/pull/314): @JayT106) 361 - `[consensus]` Add `consensus_block_gossip_parts_received` and 362 `consensus_step_duration_seconds` metrics in order to aid in investigating the 363 impact of database compaction on consensus performance 364 ([tendermint/tendermint\#9733](https://github.com/tendermint/tendermint/pull/9733)) 365 - `[state/kvindexer]` Add `match.event` keyword to support condition evaluation 366 based on the event the attributes belong to 367 ([tendermint/tendermint\#9759](https://github.com/tendermint/tendermint/pull/9759)) 368 - `[p2p]` Reduce log spam through reducing log level of "Dialing peer" and 369 "Added peer" messages from info to debug 370 ([tendermint/tendermint\#9764](https://github.com/tendermint/tendermint/pull/9764): 371 @faddat) 372 - `[consensus]` Reduce bandwidth consumption of consensus votes by roughly 50% 373 through fixing a small logic bug 374 ([tendermint/tendermint\#9776](https://github.com/tendermint/tendermint/pull/9776)) 375 376 --- 377 378 CometBFT is a fork of [Tendermint Core](https://github.com/tendermint/tendermint) as of late December 2022. 379 380 ## Bug bounty 381 382 Friendly reminder, we have a [bug bounty program](https://hackerone.com/cosmos). 383 384 ## Previous changes 385 386 For changes released before the creation of CometBFT, please refer to the Tendermint Core [CHANGELOG.md](https://github.com/tendermint/tendermint/blob/a9feb1c023e172b542c972605311af83b777855b/CHANGELOG.md). 387