Download Latest Version
v0.1.4 - May 23, 2025 - _Careful Validation of Bogus States_ source code.tar.gz (1.8 MB)
Get an email when there's a new version of Rust-Lightning
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2025-05-24 | 1.4 kB | |
| v0.1.4 - May 23, 2025 - _Careful Validation of Bogus States_ source code.tar.gz | 2025-05-24 | 1.8 MB | |
| v0.1.4 - May 23, 2025 - _Careful Validation of Bogus States_ source code.zip | 2025-05-24 | 2.1 MB | |
| Totals: 3 Items | 3.9 MB | 3 | |
Bug Fixes
- In cases where using synchronous persistence with higher latency than the
latency to communicate with peers caused issues fixed in 0.1.2,
ChannelManagers may have been left in a state which LDK 0.1.2 and later would refuse to deserialize. This has been fixed and nodes which experienced this issue prior to 0.1.2 should now deserialize fine (#3790). - In some cases, when using synchronous persistence with higher latency than the latency to communicate with peers, when receiving an MPP payment with multiple parts received over the same channel, a channel could hang and not make progress, eventually leading to a force-closure due to timed-out HTLCs. This has now been fixed (#3680).
Security
0.1.4 fixes a funds-theft vulnerability in exceedingly rare cases. * If an LDK-based node funds an anchor channel to a malicious peer, and that peer sets the channel reserve on the LDK-based node to zero, the LDK-node could overdraw its total balance upon increasing the feerate of the commitment transaction. If the malicious peer forwards HTLCs through the LDK-based node, this could leave the LDK-based node with no valid commitment transaction to broadcast to claim its part of the forwarded HTLC. The counterparty would have to forfeit their reserve value (#3796).