Download Latest Version
v0.1.4 - May 23, 2025 - _Careful Validation of Bogus States_ source code.tar.gz (1.8 MB)
Get an email when there's a new version of Rust-Lightning
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2025-04-30 | 1.2 kB | |
| v0.1.3 - Apr 30, 2025 - _Routing Unicode in 2025_ source code.tar.gz | 2025-04-30 | 1.8 MB | |
| v0.1.3 - Apr 30, 2025 - _Routing Unicode in 2025_ source code.zip | 2025-04-30 | 2.1 MB | |
| Totals: 3 Items | 3.8 MB | 0 | |
Bug Fixes
Event::InvoiceReceivedis now only generated once for eachBolt12Invoicereceived matching a pending outbound payment. Previously it would be provided each time we received an invoice, which may happen many times if the sender sends redundant messages to improve success rates (#3658).- LDK's router now more fully saturates paths which are subject to HTLC maximum restrictions after the first hop. In some rare cases this can result in finding paths when it would previously spuriously decide it cannot find enough diverse paths (#3707, [#3755]).
Security
0.1.3 fixes a denial-of-service vulnerability which cause a crash of an
LDK-based node if an attacker has access to a valid Bolt12Offer which the
LDK-based node created.
* A malicious payer which requests a BOLT 12 Invoice from an LDK-based node
(via the Bolt12InvoiceRequest message) can cause the panic of the
LDK-based node due to the way String::truncate handles UTF-8 codepoints.
The codepath can only be reached once the received Botlt12InvoiceRequest
has been authenticated to be based on a valid Bolt12Offer which the same
LDK-based node issued (#3747, [#3750]).