From 4ec2d9cf25dc41a78336ee1d1b6c39db4157bd3c Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Fri, 5 Mar 2021 20:00:56 +0000 Subject: [PATCH 1/5] finalize changelog and release notes --- CHANGELOG.md | 1 + RELEASE_NOTES.md | 18 +++++++++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8305df6c45a0..76c6893fe7ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -41,6 +41,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ ### Improvements * (x/ibc) [\#8624](https://github.com/cosmos/cosmos-sdk/pull/8624) Emit full header in IBC UpdateClient message. +* (x/crisis) [\#8621](https://github.com/cosmos/cosmos-sdk/issues/8621) crisis invariants' names are now printed to loggers. ### Bug fixes diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 42b512e0f69a..4b2224d5bcb7 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,7 +1,19 @@ # Cosmos SDK v0.42.0 "Stargate" Release Notes -This release contains a single, but important security fix for all non "Cosmos Hub" chains (e.g. any chain that does not use the default `cosmos` bech32 prefix). The fix addresses a bug in evidence handling on the Cosmos SDK that rendered the `v0.41.x` and `v0.40.x` release series unsafe for most chains. Please see the PR below for more details. +This release includes an important security fix for all non "Cosmos Hub" chains (e.g. any chain that does not use the default `cosmos` bech32 prefix), and a few performance improvements. -## Bug Fixes +See the [Cosmos SDK v0.42.0 milestone](https://github.com/cosmos/cosmos-sdk/milestone/42?closed=1) on our issue tracker for further details. -- [#8461](https://github.com/cosmos/cosmos-sdk/pull/8461) Fix bech32 prefix in evidence validator address conversion +# Security fix: validator address conversion in evidence handling + +Due to incorrect handling of validators' consensus addresses, Cosmos SDK applications that were not +using the default `cosmos1` bech32 default one could not be able to jail validators that commit +misbehaviours such as double signing. + +Although the issue **does not affect the Cosmos Hub**, it still potentially renders the `v0.41` and `v0.40` +release series unsafe for most chains. + +# Full header is emitted on IBC UpdateClient message event + +The event emitted by the IBC UpdateClient message now contains the full header. +This is meant to make misbehaviour handling, which requires tracking these headers, easier. From 032da526032cac9cf1bb99792ed0dcff108b9863 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Fri, 5 Mar 2021 21:08:25 +0000 Subject: [PATCH 2/5] Update CHANGELOG.md Co-authored-by: Barrie Byron --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 76c6893fe7ba..909071d6c6f3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -41,7 +41,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ ### Improvements * (x/ibc) [\#8624](https://github.com/cosmos/cosmos-sdk/pull/8624) Emit full header in IBC UpdateClient message. -* (x/crisis) [\#8621](https://github.com/cosmos/cosmos-sdk/issues/8621) crisis invariants' names are now printed to loggers. +* (x/crisis) [\#8621](https://github.com/cosmos/cosmos-sdk/issues/8621) crisis invariants names now print to loggers. ### Bug fixes From 4f238c244e8b0c00ffe402333d45830f6b1c234d Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Fri, 5 Mar 2021 21:10:52 +0000 Subject: [PATCH 3/5] Update RELEASE_NOTES.md Co-authored-by: Barrie Byron --- RELEASE_NOTES.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 4b2224d5bcb7..2641641d183b 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -6,12 +6,9 @@ See the [Cosmos SDK v0.42.0 milestone](https://github.com/cosmos/cosmos-sdk/mile # Security fix: validator address conversion in evidence handling -Due to incorrect handling of validators' consensus addresses, Cosmos SDK applications that were not -using the default `cosmos1` bech32 default one could not be able to jail validators that commit -misbehaviours such as double signing. +The security fix resolves the issue regarding incorrect handling of validators' consensus addresses. Because of this incorrect handling, Cosmos SDK apps that were not using the default `cosmos1` Bech32 address prefix were not able to jail validators that committed misbehaviors such as double signing. -Although the issue **does not affect the Cosmos Hub**, it still potentially renders the `v0.41` and `v0.40` -release series unsafe for most chains. +Although the issue does **not** affect the Cosmos Hub, this issue potentially renders the `v0.41` and `v0.40` release series unsafe for most chains. # Full header is emitted on IBC UpdateClient message event From a142ac36c66bd499534aa579ba02e2481c298297 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Fri, 5 Mar 2021 21:11:12 +0000 Subject: [PATCH 4/5] Update RELEASE_NOTES.md Co-authored-by: Barrie Byron --- RELEASE_NOTES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 2641641d183b..ec054889198c 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -13,4 +13,4 @@ Although the issue does **not** affect the Cosmos Hub, this issue potentially re # Full header is emitted on IBC UpdateClient message event The event emitted by the IBC UpdateClient message now contains the full header. -This is meant to make misbehaviour handling, which requires tracking these headers, easier. +This change makes header tracking easier and improves the handling of misbehaviors. From 6af89a89933b44bf655182a39157b1dc2c8718b5 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Sat, 6 Mar 2021 14:24:56 +0000 Subject: [PATCH 5/5] Update RELEASE_NOTES.md Co-authored-by: Cory --- RELEASE_NOTES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index ec054889198c..80c80889a00c 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -6,7 +6,7 @@ See the [Cosmos SDK v0.42.0 milestone](https://github.com/cosmos/cosmos-sdk/mile # Security fix: validator address conversion in evidence handling -The security fix resolves the issue regarding incorrect handling of validators' consensus addresses. Because of this incorrect handling, Cosmos SDK apps that were not using the default `cosmos1` Bech32 address prefix were not able to jail validators that committed misbehaviors such as double signing. +The security fix resolves the issue regarding incorrect handling of validators' consensus addresses. Because of this incorrect handling, Cosmos SDK apps that were not using the default `cosmos` Bech32 address prefix were not able to jail validators that committed misbehaviors such as double signing. Although the issue does **not** affect the Cosmos Hub, this issue potentially renders the `v0.41` and `v0.40` release series unsafe for most chains.