Cosmos SDK Security Advisory: Release coordination for Cosmos SDK Barberry

[greg-szabo]

The Cosmos SDK team has notified the community that a high-severity security issue patch will be released on June 8th, 16:00UTC. I am contacting you because your network is running an impacted version of the Cosmos SDK and to give advanced notice to prepare for security patch coordination. The patch can be applied without a consensus upgrade and will require at least 33.3% of the validators to update their nodes as quickly as possible to protect the network from exploitation.

When the Cosmos SDK patch is available, it is the responsibility of each network to validate it as quickly as possible, have a security release for the network binary as soon as possible, and coordinate with the network validators to upgrade their nodes as early as possible.

I am contacting you here because there was no e-mail address listed in the SECURITY.MD file for the repository or the SECURITY.MD file is missing. Please populate a SECURITY.MD file with the relevant information for subsequent reach-outs regarding security updates.

You can find more information on the link above.

[johnletey]

Thanks for opening this issue @greg-szabo.

The team is aware of the Barberry Advisory, and is ready to release a patch.

We're also adding a SECURITY.md file for future advisories. (See #81)