Umbrel v0.3.12 fixes a bug that made Umbrel inaccessible over Tor.

If you face any difficulties while updating, please message us on Telegram: https://t.me/getumbrel

Diff: https://github.com/getumbrel/umbrel/compare/v0.3.11...v0.3.12

Umbrel v0.3.11 is here with the latest versions of Specter Desktop, ThunderHub, Sphinx Relay, Ride The Lightning, and LNbits in the Umbrel App Store, hardware failure detection, low RAM alerts, and stability improvements.

If you face any difficulties while updating, please message us on Telegram: https://t.me/getumbrel

Diff: https://github.com/getumbrel/umbrel/compare/v0.3.10...v0.3.11

Binaries

There are two types of binaries:

Specter Desktop

It's a windowed GUI application with Specter server included. Supported platforms: Windows, MacOS, Linux (x86_64)

Note on Linux: you need to set up udev rules (included in the archive). Check out readme.

Note on macOS: The current build supports only macOS Catalina (10.15) or higher. If you'd like to run Specter on an older macOS version, you can install Specter from Pip.

specterd

It's a command-line program that only runs Specter server. Supported platforms: Windows, MacOS, Linux (x86_64)

Signatures and hashes

sha256.signed.txt file contains sha256 hashes of all binary files and signed with @ben-kaufman's GPG key. You can get the public key from here: https://benkaufman.info/ben-kaufman.asc. It is also available via keys.gnupg.net or keys.openpgp.org. Fingerprint of the key is 5DF6 A760 1DB8 B78E BDEC 18DB 5D27 DE56 4153 F2BD, short id: 5d27de564153f2bd

Release notes

• Bugfix: add some liquid fixes #1194 (Stepan Snigirev)
• Feature: Fully unblind liquid transactions sent by Specter #1220 (Stepan Snigirev)

Changelog:

• Support supplying contract hash to issueasset RPC
• Fix description of -chain parameter
• Add liquidv1test chainparams
• Add logging for dynafed activation and transitions
• Undo default signalling behavior for dynafed unless enabled

Main changes

Remove editable fee rate in swap-out

Swap-outs (LN -> on-chain) are actually spending from a shared UTXO set. To make things consistent and ensure good UX for every users, the swap-out fee rate is now defined by the swap service.

More info here: https://phoenix.acinq.co/faq#why-dont-you-let-me-set-the-feerate-myself-when-sending-on-chain

Added a button to enlarge the receive QR code

This will help scanning a invoice with low resolution camera.

Added an option to disable pay-to-open

On-the-fly channel creation has a fee and users may want to disable it. In that case, if a new channel was required to be created in order for a incoming payment to be received, the payment will fail and a notification will be displayed (with a cooldown to prevent notification spam).

Full list of changes

• app: https://github.com/ACINQ/phoenix/compare/v1.4.13...v1.4.14
• core: https://github.com/ACINQ/eclair/compare/v0.4.11-android-phoenix...v0.4.12-android-phoenix

Verifying signatures

You will need gpg and our release signing key 7A73FE77DE2C4027. Note that you can get it: - from our website: https://acinq.co/pgp/drouinf.asc - from github user @sstone, a committer on eclair: https://api.github.com/users/sstone/gpg_keys

To import our signing key: $ gpg --import drouinf.asc

To verify the release file checksums and signatures: $ gpg -d SHA256SUMS.asc > SHA256SUMS.stripped $ sha256sum -c SHA256SUMS.stripped

This release of btcd is primarily to act as a catchup for the various changes that have accumulated.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

Once you have the required PGP keys, you can verify the release (assuming manifest-v0.22.0-beta.txt and manifest-v0.22.0-beta.txt.sig are in the current directory) with:

gpg --verify manifest-v0.22.0-beta.txt.sig

You should see the following if the verification was successful:

``` gpg: assuming signed data in 'manifest-v0.22.0-beta.txt' gpg: Signature made Tue 08 Jun 2021 10:07:53 AM EDT gpg: using DSA key 0DB39EAF526568682088EEDFB15210D35378BD54 gpg: Good signature from "John C. Vernaleo john@netpurgatory.com" [ultimate]

```

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Binaries

As of this release, our release binaries are fully reproducible thanks to go1.13! Third parties are now able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved. The release binaries are compiled with go1.16.5, which is required by verifiers to arrive at the same ones.

Finally, you can also verify the tag itself with the following command: git verify-tag v0.22.0-beta

You should see something along the lines of this in the case of a valid tag: gpg: Signature made Tue 08 Jun 2021 09:42:52 AM EDT gpg: using DSA key 0DB39EAF526568682088EEDFB15210D35378BD54 gpg: Good signature from "John C. Vernaleo <john@netpurgatory.com>" [ultimate]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming that vendor.tar.gz and btcd-source-v0.22.0-beta.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz tar -xvzf btcd-source-v0.22.0.tar.gz GO111MODULE=on go install -v -mod=vendor GO111MODULE=on go install -v -mod=vendor ./cmd/btcctl

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's also possible to use the enclosed release.sh script to bundle a release for a specific system like so:

BTCBUILDSYS="linux-arm64 darwin-amd64" ./build/release/release.sh

Release Notes

Protocol and network-related changes:

• Added support for witness tx and block in notfound msg. (#1625)

• Added support for receiving sendaddrv2 messages from a peer. (#1670)

• Fixed bug in peer package causing last block height to go backwards. (#1606)

• Added chain parameters for connecting to the public Signet network. (#1692, #1718)

Also added --signet command line flag to btcctl and btcd utilities.

Crypto changes:

• Fixed bug causing panic due to bad R and S signature components in btcec.RecoverCompact. (#1691)
• Set the name (secp256k1) in the CurveParams of the S256 curve. (#1565)

Notable developer-related package changes:

• Improve gc for txscript.IsUnspendable method. (#1615)

Significantly reduced allocations, which should bring a performance gain during sync. * Used RLock/RUnlock when possible in the addrmgr package. (#1697) * Removed unknown block version warning in the blockchain package, due to false positives triggered by AsicBoost. (#1463) * Added proper types for flag field and improve docs, for msgtx in the wire package. (#1632) * Added chaincfg.RegisterHDKeyID function to populate HD key ID pairs. (#1617) * Fixed flaky hash cache test due to resetting RNG. (#1689) * Added new method mining.AddWitnessCommitment to add the witness commitment as an OP_RETURN output within the coinbase transaction. (#1716)

RPC changes:

• Implemented Batch JSON-RPC in rpcclient and server. (#1583)

Please refer to rpcclient/examples/bitcoincorehttpbulk/README.md for examples.

• Implemented rpcclient method to invoke getdescriptorinfo JSON-RPC command. (#1578)
• Updated the rpcserver handler for validateaddress JSON-RPC command to have parity with the bitcoind 0.20.0 interface. (#1613)
• Implemented rpcclient method to invoke getblockfilter JSON-RPC command. (#1579)
• Implemented signmessagewithprivkey JSON-RPC command in rpcserver. (#1585)
• Implemented rpcclient method to invoke importmulti JSON-RPC command. (#1579)
• Implemented watchOnly argument in rpcclient method to invoke listtransactions JSON-RPC command. (#1628)
• Updated btcjson.ListTransactionsResult for compatibility with Bitcoin Core 0.20.0. (#1626)

Two new fields BlockHeight and Label were added as optional, to keep backwards compatibility. * Implemented nullable optional JSON-RPC parameters. (#1594)

Fixed command marshalling dropping params that follow params with nil value. * Implemented rpcclient and server method to invoke getnodeaddresses JSON-RPC command. (#1590) * Implemented rpcclient methods to invoke PSBT JSON-RPC commands. (#1596)

The walletcreatefundedpsbt and walletprocesspsbt commands were implemented. * Implemented rpcclient method to invoke listsinceblock with the include_watchonly parameter enabled. (#1451) * Implemented rpcclient method to invoke deriveaddresses JSON-RPC command. (#1631) * Implemented rpcclient method to invoke getblocktemplate JSON-RPC command. (#1629)

The corresponding btcjson structs were also updated to reflect changes in Bitcoin Core. * Implemented rpcclient method to invoke getaddressinfo JSON-RPC command. (#1633) * Implemented rpcclient method to invoke getwalletinfo JSON-RPC command. (#1638) * Fixed error message in rpcserver when an unknown RPC command is encountered. (#1695) * Fixed error message returned by estimatefee when the number of blocks exceeds the max depth. (#1678) * Updated btcjson.GetBlockChainInfoResult to include new fields in Bitcoin Core. (#1676)

Two new fields InitialBlockDownload and SizeOnDisk were added. * Added ExtraHeaders in rpcclient.ConnConfig struct. (#1669)

It's useful when the RPC provider needs customized headers, for example, the X-Auth-Token header. * Fixed bitcoind compatibility issue with the sendrawtransaction JSON-RPC command. (#1659) * Added new JSON-RPC errors to btcjson package, and documented them. (#1648) * Implemented rpcclient method to invoke createwallet JSON-RPC command. (#1650)

This is also the first rpcclient method that uses the functional options pattern, which will be used more and more in future. * Implemented rpcclient methods to invoke backupwallet, dumpwallet, loadwallet and unloadwallet JSON-RPC commands. (#1645) * Fixed unmarshalling error in getmininginfo JSON-RPC command, for valid integers in scientific notation. (#1644) * Implemented rpcclient method to invoke gettxoutsetinfo JSON-RPC command. (#1641) * Implemented rpcclient method to invoke signrawtransactionwithwallet JSON-RPC command. (#1642) * Added txid to getblocktemplate response of rpcserver. (#1639) * Fixed monetary unit used in createrawtransaction JSON-RPC command in rpcserver. (#1614) * Added rawtx field to btcjson.GetBlockVerboseTxResult to provide backwards compatibility with older versions of Bitcoin Core. (#1677)

Misc changes:

• Updated btcutil dependency. (#1704)
• Updated documentation links to use https://pkg.go.dev instead of http://godoc.org. (#1693)
• Added Dockerfile to build and run btcd on Docker. (#1465)
• Reworked documentation and published on https://btcd.readthedocs.io. (#1468)
• Added support for Go 1.15. (#1619)
• Added Go 1.14 as the minimum supported version of Golang. (#1621)
• Removed unnecessary GOMAXPROCS function calls. (#1627)
• Enabled Go Race detector and code coverage on GitHub Actions. (#1601)

Changelog

The full list of changes since v0.21.0-beta can be found here:

• https://github.com/btcsuite/btcd/compare/v0.21.0-beta..v0.22.0-beta

Contributors (Alphabetical Order)

10gic Andrew Tugarinov Anirudha Bose Appelberg-s Armando Ochoa Aurèle Oulès Calvin Kim Christian Lehmann Conner Fromknecht Dan Cline David Mazary Elliott Minns Federico Bond Friedger Müffke Gustavo Chain Hanjun Kim Henry Fisher Iskander Sharipov Jake Sylvestre Johan T. Halseth John C. Vernaleo Liran Sharir Mikael Lindlof Olaoluwa Osuntokun Oliver Gugger Rjected Steven Kreuzer Torkel Rogstad Tristyn Victor Lavaud Vinayak Borkar Wilmer Paulino Yaacov Akiba Slama ebiiim ipriver wakiyamap yyforyongyu

This release of btcd is primarily to act as a catchup for the various changes that have accumulated.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

Once you have the required PGP keys, you can verify the release (assuming manifest-v0.22.0-beta.txt and manifest-v0.22.0-beta.txt.sig are in the current directory) with:

gpg --verify manifest-v0.22.0-beta.txt.sig

You should see the following if the verification was successful:

``` gpg: assuming signed data in 'manifest-v0.22.0-beta.txt' gpg: Signature made Tue 08 Jun 2021 10:07:53 AM EDT gpg: using DSA key 0DB39EAF526568682088EEDFB15210D35378BD54 gpg: Good signature from "John C. Vernaleo john@netpurgatory.com" [ultimate]

```

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Binaries

As of this release, our release binaries are fully reproducible thanks to go1.13! Third parties are now able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved. The release binaries are compiled with go1.16.5, which is required by verifiers to arrive at the same ones.

Finally, you can also verify the tag itself with the following command: git verify-tag v0.22.0-beta

You should see something along the lines of this in the case of a valid tag: gpg: Signature made Tue 08 Jun 2021 09:42:52 AM EDT gpg: using DSA key 0DB39EAF526568682088EEDFB15210D35378BD54 gpg: Good signature from "John C. Vernaleo <john@netpurgatory.com>" [ultimate]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming that vendor.tar.gz and btcd-source-v0.22.0-beta.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz tar -xvzf btcd-source-v0.22.0.tar.gz GO111MODULE=on go install -v -mod=vendor GO111MODULE=on go install -v -mod=vendor ./cmd/btcctl

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's also possible to use the enclosed release.sh script to bundle a release for a specific system like so:

BTCBUILDSYS="linux-arm64 darwin-amd64" ./build/release/release.sh

Release Notes

Protocol and network-related changes:

• Added support for witness tx and block in notfound msg. (#1625)

• Added support for receiving sendaddrv2 messages from a peer. (#1670)

• Fixed bug in peer package causing last block height to go backwards. (#1606)

• Added chain parameters for connecting to the public Signet network. (#1692, #1718)

Also added --signet command line flag to btcctl and btcd utilities.

Crypto changes:

• Fixed bug causing panic due to bad R and S signature components in btcec.RecoverCompact. (#1691)
• Set the name (secp256k1) in the CurveParams of the S256 curve. (#1565)

Notable developer-related package changes:

• Improve gc for txscript.IsUnspendable method. (#1615)

Significantly reduced allocations, which should bring a performance gain during sync. * Used RLock/RUnlock when possible in the addrmgr package. (#1697) * Removed unknown block version warning in the blockchain package, due to false positives triggered by AsicBoost. (#1463) * Added proper types for flag field and improve docs, for msgtx in the wire package. (#1632) * Added chaincfg.RegisterHDKeyID function to populate HD key ID pairs. (#1617) * Fixed flaky hash cache test due to resetting RNG. (#1689) * Added new method mining.AddWitnessCommitment to add the witness commitment as an OP_RETURN output within the coinbase transaction. (#1716)

RPC changes:

• Implemented Batch JSON-RPC in rpcclient and server. (#1583)

Please refer to rpcclient/examples/bitcoincorehttpbulk/README.md for examples.

• Implemented rpcclient method to invoke getdescriptorinfo JSON-RPC command. (#1578)
• Updated the rpcserver handler for validateaddress JSON-RPC command to have parity with the bitcoind 0.20.0 interface. (#1613)
• Implemented rpcclient method to invoke getblockfilter JSON-RPC command. (#1579)
• Implemented signmessagewithprivkey JSON-RPC command in rpcserver. (#1585)
• Implemented rpcclient method to invoke importmulti JSON-RPC command. (#1579)
• Implemented watchOnly argument in rpcclient method to invoke listtransactions JSON-RPC command. (#1628)
• Updated btcjson.ListTransactionsResult for compatibility with Bitcoin Core 0.20.0. (#1626)

Two new fields BlockHeight and Label were added as optional, to keep backwards compatibility. * Implemented nullable optional JSON-RPC parameters. (#1594)

Fixed command marshalling dropping params that follow params with nil value. * Implemented rpcclient and server method to invoke getnodeaddresses JSON-RPC command. (#1590) * Implemented rpcclient methods to invoke PSBT JSON-RPC commands. (#1596)

The walletcreatefundedpsbt and walletprocesspsbt commands were implemented. * Implemented rpcclient method to invoke listsinceblock with the include_watchonly parameter enabled. (#1451) * Implemented rpcclient method to invoke deriveaddresses JSON-RPC command. (#1631) * Implemented rpcclient method to invoke getblocktemplate JSON-RPC command. (#1629)

The corresponding btcjson structs were also updated to reflect changes in Bitcoin Core. * Implemented rpcclient method to invoke getaddressinfo JSON-RPC command. (#1633) * Implemented rpcclient method to invoke getwalletinfo JSON-RPC command. (#1638) * Fixed error message in rpcserver when an unknown RPC command is encountered. (#1695) * Fixed error message returned by estimatefee when the number of blocks exceeds the max depth. (#1678) * Updated btcjson.GetBlockChainInfoResult to include new fields in Bitcoin Core. (#1676)

Two new fields InitialBlockDownload and SizeOnDisk were added. * Added ExtraHeaders in rpcclient.ConnConfig struct. (#1669)

It's useful when the RPC provider needs customized headers, for example, the X-Auth-Token header. * Fixed bitcoind compatibility issue with the sendrawtransaction JSON-RPC command. (#1659) * Added new JSON-RPC errors to btcjson package, and documented them. (#1648) * Implemented rpcclient method to invoke createwallet JSON-RPC command. (#1650)

This is also the first rpcclient method that uses the functional options pattern, which will be used more and more in future. * Implemented rpcclient methods to invoke backupwallet, dumpwallet, loadwallet and unloadwallet JSON-RPC commands. (#1645) * Fixed unmarshalling error in getmininginfo JSON-RPC command, for valid integers in scientific notation. (#1644) * Implemented rpcclient method to invoke gettxoutsetinfo JSON-RPC command. (#1641) * Implemented rpcclient method to invoke signrawtransactionwithwallet JSON-RPC command. (#1642) * Added txid to getblocktemplate response of rpcserver. (#1639) * Fixed monetary unit used in createrawtransaction JSON-RPC command in rpcserver. (#1614) * Added rawtx field to btcjson.GetBlockVerboseTxResult to provide backwards compatibility with older versions of Bitcoin Core. (#1677)

Misc changes:

• Updated btcutil dependency. (#1704)
• Updated documentation links to use https://pkg.go.dev instead of http://godoc.org. (#1693)
• Added Dockerfile to build and run btcd on Docker. (#1465)
• Reworked documentation and published on https://btcd.readthedocs.io. (#1468)
• Added support for Go 1.15. (#1619)
• Added Go 1.14 as the minimum supported version of Golang. (#1621)
• Removed unnecessary GOMAXPROCS function calls. (#1627)
• Enabled Go Race detector and code coverage on GitHub Actions. (#1601)

Changelog

The full list of changes since v0.21.0-beta can be found here:

• https://github.com/btcsuite/btcd/compare/v0.21.0-beta..v0.22.0-beta

Contributors (Alphabetical Order)

10gic Andrew Tugarinov Anirudha Bose Appelberg-s Armando Ochoa Aurèle Oulès Calvin Kim Christian Lehmann Conner Fromknecht Dan Cline David Mazary Elliott Minns Federico Bond Friedger Müffke Gustavo Chain Hanjun Kim Henry Fisher Iskander Sharipov Jake Sylvestre Johan T. Halseth John C. Vernaleo Liran Sharir Mikael Lindlof Olaoluwa Osuntokun Oliver Gugger Rjected Steven Kreuzer Torkel Rogstad Tristyn Victor Lavaud Vinayak Borkar Wilmer Paulino Yaacov Akiba Slama ebiiim ipriver wakiyamap yyforyongyu

Upgrade unchained-bitcoin and unchained-wallets to the latest versions primarily to fix Ledger WebUSB in MacOS Chrome.

Summary

This release contains mostly updates. With the NBitcoin update, DNS seed queries are done over Tor as well - this can fix problems for users who use an operating system that can only communicate through Tor. HWI update contains minor fixes, check the release notes here.

• Updated Bitcoin Hardware Wallet Interface HWI 2.0.2.
• Updated NBitcoin 5.0.81.

Newbie Guide

While setting up Wasabi is straightforward, even a Linux wizard with the longest beard can get stuck on the most basic tasks. Consider taking a look at the Installation Instructions guide.

Advanced Guide

If you want to build Wasabi from source code or update the source code check out these instructions.

From version 1.1.3 Wasabi also introduces reproducible builds: Deterministic Build Guide

Build with .NET Core 3.1.407-win-x64.

FAQ

• Frequently asked questions here.
• Requirements? x64, Linux, >Win10, >macOS 10.13.

Release Notes

• HWI https://github.com/zkSNACKs/WalletWasabi/pull/5861
• NBitcoin https://github.com/zkSNACKs/WalletWasabi/pull/5800
• Wallet rescan in case of file corruption https://github.com/zkSNACKs/WalletWasabi/pull/5508 https://github.com/zkSNACKs/WalletWasabi/pull/5537
• Account keypath validation on Wallet Recovery https://github.com/zkSNACKs/WalletWasabi/pull/4070

Fixed Cannot read seed words for vault key - mostly blank #3232
LNURLPay was defaulting to sats No scroll in android sim on receive #3192
RTL on iOS doesn't work #3122

Refactored Storage improvements

Added Abbreviated Watch Complication Price display

This release marks the first major release in the 0.13 series, and the second major release of the year! This release includes a number of compelling additions including: first-class pruning support, AMP sending+receiving support, arbitrary pubkey/xpub import w/ PSBT transaction crafting, clustered lnd using etcd failover, and much more!

Database Migrations

The lnd database is migrated to store all wire messages with an additional TLV field. See details below.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

shell $ curl https://keybase.io/bitconner/pgp_keys.asc | gpg --import $ curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.13.0-beta.rc5.sig and manifest-v0.13.0-beta.rc5.txt are in the current directory) with:

shell $ gpg --verify manifest-roasbeef-v0.13.0-beta.rc5.sig manifest-v0.13.0-beta.rc5.txt

You should see the following if the verification was successful:

text gpg: Signature made Wed Sep 30 17:35:20 2020 PDT gpg: using RSA key 4AB7F8DA6FAEBB3B70B1F903BC13F65E2DC84465 gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onward, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.13.0-beta.rc5.txt.asc.ots.

Assuming you have the OpenTimestamps client installed locally, the timestamps can be verified with the following commands:

shell $ ots verify manifest-roasbeef-v0.13.0-beta.rc5.sig.ots -f manifest-roasbeef-v0.13.0-beta.rc5.sig

Alternatively, the open timestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally. These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved. The release binaries are compiled with go1.16.3, which is required by verifiers to arrive at the same ones.

They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, routerrpc, and watchtowerrpc. Note that these are already included in the release script, so they do not need to be provided. The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

shell $ git verify-tag v0.13.0-beta.rc5 gpg: Signature made Tue Sep 15 18:55:00 2020 PDT gpg: using RSA key 4AB7F8DA6FAEBB3B70B1F903BC13F65E2DC84465 gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

Verifying the Docker Images

To verify the lnd and lncli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

shell $ docker pull lightninglabs/lnd:v0.13.0-beta.rc5 $ docker run --rm --entrypoint="" lightninglabs/lnd:v0.13.0-beta.rc5 /verify-install.sh $ OK=$? $ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done $ docker run lightninglabs/lnd [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming that vendor.tar.gz and lnd-source-v0.13.0-beta.rc5.tar.gz are in the current directory, follow these steps:

shell $ tar -xvzf vendor.tar.gz $ tar -xvzf lnd-source-v0.13.0-beta.rc5.tar.gz $ GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.13.0-beta.rc5" ./cmd/lnd $ GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.13.0-beta.rc5" ./cmd/lncli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

shell $ make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

Database and wire changes

Wire Message TLV Support

The wire messages sent between LN peers have the ability to carry additional data, using the TLV format. This allows attaching data and protocol extensions to messages in a non-breaking way, paving the way for future feature upgrades to the protocol.

In this release all stored messages in the lnd database are migrated to a format supporting these TLV extensions, and message parsing now always read out these fields and keep them for future handling.

Protocol Updates

Anchor Output Channels

The spec compliant anchor channel format introduced in v0.12 is now the default channel type if both nodes support it when opening a new channel. You can read more about it in the v0.12.0 release notes, and it can be disabled by providing the --protocol.no-anchors flag at startup.

Since a node having channels using this format must keep on-chain funds around in case unilateral fee bumping is needed, we reserve 10k sats per channel for this purpose. In this release we cap this at 100k sats, and in addition avoid reserving this value for private channels.

Finally a change to breach handling has been made, to mitigate a theoretical attack the channel peer can perform by pinning HTLC outputs on a breached commitment transaction. If we suspect such pinning is taking place, lnd will now attempt to sweep the breached commitment outputs separately.

P2P Gossip Handling, Hardening & Optimizations

Ephemeral & Persistent Gossip Reject Caches

Those that run larger lnd instances may have noticed a cyclic nature of gossip traffic that would lead to many announcements being rejected, only to be processed hours later. This burst of traffic typically causes high CPU and memory usage, along with a large batch of blocks fetched from the node backend.

During this release cycle we dug into the issue and found that the culprit was actually a new variant of zombie channel churn: fully closed channels (funding UTXO spent) being continually offered by nodes that aren't (for some reason) pruning their channel graph.

In this release, we'll now add channels that fail full validation irrevocably to the existing zombie index cache. Expanding the usage of this cache means that new lnd nodes will only validate those spent channels once (as they should), then never request them again during the historical sync spot checks that happen periodically.

Related to the above fix, a bug has been fixed that would cause us to continually re-validate a channel announcement that we had already rejected.

Dependent Gossip Processing

ChannelUpdate and NodeAnnouncement gossip messages depend on its ChannelAnnouncement being processed successfully. Throughout our investigative efforts above, we also noticed that lnd would process these messages when their corresponding ChannelAnnouncement's validation failed, which has now been fixed.

Improved Gossip Rate Limiting

lnd v0.12.1-beta featured a new gossip rate limiting heuristic in which keep-alive updates were throttled to allow one per day, while non-keep-alive updates were throttled to allow one per block. The latter heuristic for non-keep-alive updates proved to be inconsistent, especially for our auto enable/disable channel behavior, as blocks are not guaranteed to arrive at a constant rate. To mitigate this, we've moved towards a token bucket based approach to allow by default one update per minute with a maximum burst tolerance of 10 updates. These defaults may change as the structure of the network does, but they can also be changed through two new config options: gossip.channel-update-interval and gossip.max-channel-update-burst.

Routing Optimizations & New Payment Types

Atomic Multi-Path (AMP) Payments

This version of lnd introduces initial support for AMP payments, which is a generalized version of the experimental keysend protocol added in lnd-v0.9.0-beta. While keysend payments must be fulfilled with a single HTLC, AMP offers the ability to perform multi-path spontaneous payments and leverage channel liquidity more effectively. It also offers an initial incarnation of AMP invoices, which helps to facilitate spontaneous payments to private nodes, and serve as a basis for recurring payments down the road.

Receiving Spontaneous Payments

Users can set the accept-amp=1 configuration option to automatically accept incoming, spontaneous AMP payments. Without setting this option, all spontaneous AMP payments will be rejected. Note that this setting is not required to accept one-time payments to an AMP Invoice.

Sending Spontaneous Payments

Users can send spontaneous AMP payments to nodes with accept-amp=1 using lncli, routerrpc.SendToRouteV2, or routerrpc.SendPaymentV2.

When paying with lncli: by including the --amp flag, payments only need to specify the amount and pubkey of the destiation, e.g. lncli sendpayment --amt 100 --dest 0247a5b3b2f6794da6ab930974e3396fd9973aa7dc333ea8dd3b59fb71a70165be --amp. This will only work for nodes in public channel graph, to pay private nodes see below regarding AMP Invoices.

When paying withrouterrpc.SendPaymentV2: when manually specifiying arguments, setting the Amp flag to true and omitting the PaymentHash will cause lnd to initiate an AMP payment. This behavior can also be forced by providing an AMP Invoice in the PaymentRequest field.

When paying with routerrpc.SendToRouteV2: users can force an AMP payment by setting AmpRecord field to a well crafted lnrpc.AmpRecord on the route's final lnrpc.Hop.

AMP Invoices

In this version of lnd, we introduce a new concept of AMP invoices. Having invoices at all may seem counterintuitive to the spontaneous use case of AMP, however AMP invoices will provided two necessary use cases: - Offering the ability to pay private nodes via AMP, by providing the sender with hop hints to reach the desination. - In the future, the ability to make recurring payments to an invoice, e.g. subscriptions, deposits/withdrawals, etc.

Full-blown recurring invoices are not implemented in this release, but will be available at a later point. For now an AMP invoice can only be settled by one payment. That said, this release does include support for simulating recurring payments, making the existing AMP invoices "pseudo-reusable".

In order to do so, users can make payments via routerrpc.SendPaymentV2 by passing in the (AMP) PaymentRequest, and providing an randomly-generated PaymentAddr. The external PaymentAddr will causelnd to ignore the payment address provided in the invoice, and make a spontaneous payment using the rest of the parameters in the payment request. Note that the receiver must have accept-amp=1 set, otherwise these subsequent payments will be ignored.

The default expiry for AMP invoices is set 30 days. Users may wish to increase this duration using the Expiry field to further amortize the setup costs of obtaining a new invoice.

MPP+AMP Payment Splitting on by Default

In this version of lnd, MPP/AMP payment splitting is now activated by default. Prior versions of lnd required a caller to manually specify that they wanted their payment to possibly be split via the MaxShards RPC/CLI flag. The default number of attempted splits is now 16 (we'll attempt to split up to 16 times by default). In addition, a new MaxShardAmt flag has been added that allows the caller to control how large the largest split can be. This new flag can effectively be used to force lnd to adhere to a given maximum payment unit expressed in satoshis, which means lnd may split more frequently than before.

Strict Zombie Pruning

Typically lnd will mark a channel as a zombie when both of its edges aren't re-advertised within a two week period. This is typically referred to as a channel's heartbeat update. Analysis by Conner Fromknecht demonstrated that the channel graph itself could be shrunk by ~20% if a stricter pruning heuristic was adopted: pruning a channel once only a single edge fails the heartbeat check. The latest version of lnd has implemented this stricter pruning variant in an opt-in manner.

This new graph pruning variant is on by default for neutrino nodes as it was common for them to never actually receive a "double disable" of a channel's edges, meaning it would never actually remove certain closed channels from its channel graph. Routing nodes and nodes that frequently send outbound payments can activate the new pruning variant with a new flag: --routing.strictgraphpruning. The new logic also requires that party that originally failed the heartbeat check to the be one that re-publishes the channel update in order for a prior zombie channel to be resurrected.

New M1 Release Target

This is the first release that includes binaries for the recently released Apple Silicon (M1) architecture! roasbeef has switched to using an M1 machine as his primary development machine over the past few months and hasn't reported any unsafe behavior. We encourage those switching to run lnd on an M1 machine to reach out to us if any abnormal behavior is detected.

For the 0.14 release, we aim to start to remove architectures for binaries included with the final packaged release that are either in the bottom tier of downloads, or have no downloads at all.

P2P Networking

A bug that wouldn't allow a node to listen on an IPv6 REST port when Tor is active has been fixed.

Wallet Enhancements

This release features several improvements that will enable lnd (in a future release!) to operate without the access of private keys within its process.

Watch-Only Key Import

The wallet is now able to import BIP-0049 and BIP-0084 accounts/public keys as watch-only through xpubs! This feature was made possible by the introduction of watch-only accounts to btcwallet, our internal wallet. This functionality is exposed through two new RPCs within the WalletKit sub-server: ImportAccount and ImportPublicKey.

Events (deposits/spends) for imported keys or keys derived from an imported account will only be detected by lnd if they happen after the import. Rescans to detect past events will be supported in a future release, so make sure to use a new unused wallet when using this functionality.

A new document was added that explains the account import and PSBT signing process.

ECDH Revocation Seed

The revocation seed is used to generate revocation secrets during the lifetime of a channel. The seed-generation code has been updated to no longer handle raw private keys, using ECDH to achieve this.

Auto-unlock wallet from password file

In automated or unattended setups such as cluster/container environments, unlocking the wallet through RPC presents a series of challenges. Usually, the password is present as a file somewhere in the container already anyway so writing an extra custom script for unlocking is error prone and tedious. Instead the new --wallet-unlock-password-file flag was added that can be used to read the password for an existing wallet from a file (or device or named pipe) to auto-unlock it.

Random Coin Selection

By default lnd's internal wallet uses a coin selection algorithm that always picks the largest UTXOs available first when crafting a transaction. This can lead to a wallet state that has many small and uneconomical UTXOs. To counteract that, a new --coin-selection-strategy flag was added that can be set to random instead of the default larges value to enable random coin selection.

Backend Enhancements & Optimizations

Daemon-Level Block Cache

lnd now maintains a global daemon-level block cache to prevent redundant GetBlock calls across all of its sub-systems. This cache can store up to 20MB worth of block data by default, and can be changed through the new config option blockcachesize.

bitcoind Pruned Node Support

lnd now supports connecting to pruned bitcoind backends! A new sub-system has been introduced that maintains connections to bitcoin peers to retrieve pruned blocks from and caches them. These peers are sourced from the peer list of the connected bitcoind instance, or from the getnodeaddress RPC otherwise. The number of connections (4 by default) can be configured through the new config option bitcoind.pruned-node-max-peers.

Neutrino Optimizations

The memory footprint used throughout the initial block header sync has been reduced by 50%.

The set of filter header checkpoints for the mainnet and testnet chains have been updated.

Neutrino Channel Validation

Compact filters retrieved from peers to determine whether the corresponding block contains any relevant transactions are now validated by checking whether they were constructed correctly.

lnd instances backed by Neutrino now have channel validation disabled by default. Channel validation includes obtaining the block a channel was included in and verifying the channel output remains unspent. This is an intensive process for light-clients as they don't maintain a block index and UTXO set. The routing.assumechanvalid config option, which disables channel validation, has now been deprecated. Channel validation can be re-enabled for Neutrino-backed lnd nodes with the new config option neutrino.validatechannels.

Neutrino Configuration

neutrino.broadcasttimeout allows users to specify how long they wish their broadcast attempts to last before giving up.

neutrino.persistfilters allows users to persist compact filters retrieved from the network. This will result in less bandwidth consumption at the expense of storage.

neutrino.validatechannels can be activated to enable channel validation. Note that light-clients are not well-equipped to perform this type of validation without SPV channel proofs (keep an eye out for this in future releases!).

Immediate graph updates for local channels

In lnd v0.12.0 we saw a massive enhancement to graph sync, since batch writing of gossip messages to the database was introduced. However, this also included local updates made, which could cause these to become slightly delayed. In this release the local updates will now get special treatment, and are added immediately.

Clustered LND configuration with leader elected primary

So far lnd has mainly been used in single node setups with local databases. This configuration makes it challenging to build a highly available lighting service, since the node itself has to be online and users have to build ad-hoc solutions for database replication and re-deployment in case of failure or datacenter migration. With the recent addtion of the etcd kvdb driver for lnd we've made incremental steps toward an out-of-the box HA solution. With this release we add experimental support for leader elected lnd cluster, where apart from the graph, all important state can reside in a replicated etcd database. This allows us to use etcd's leader election facilities to form a cluster of multiple lnd nodes, where one of them is the primary node accessing the DB, while the rest are waiting in line to become the leader if a failover happens (eg. primary is decomissioned, crash, network partition, etc). In such configuration all the nodes in the cluster share the same lightning identity but only the active leader has full control while the rest are dormant.

RPC

Unification of WalletUnlocker and Lightning services

This release brings a massive overhaul to the way the wallet is unlocked on the backend, while staying backwards compatible.

Earlier version of lnd would bring up a gRPC server that exposed the WalletUnlocker service, which would in turn be stopped and restarted to bring up the Lightning service after successful unlock. This caused issues with some clients that didn't expect the available services to change during runtime, and it also made it hard to determine the state of the wallet without string matching on the error received from calling the RPC server.

In lnd v0.13.0, the two gRPC services (and subserver services) are available at all times such that we avoid tearing down the gRPC server at runtime. The RPC endpoints are gated by the wallet state (see below) such that only RPCs from the WalletUnlocker service are available as long as the wallet remains locked.

If you relied on the RPC errors or availability of the different services to determine the wallet state, you should change to use the new State service.

New State Service

A new service is now exposed on the lnd gRPC server: State. This can be used to get the state of the wallet at all times, and should be used to programatically drive the unlocking process.

The possible wallet states are [NON_EXISTING, LOCKED, UNLOCKED, RPC_ACTIVE] and the state can be subscribed to using the SubscribeState RPC, or fetched using lncli state.

Mission Control

Mission Control's parameters can now read and set while lnd is running using the GetMissionControlConfig and SetMissionControlConfig endpoints. This allows nodes to experiment with these parameters without restarting lnd.

An experimental XImportMissionControl API has been added to allow nodes to import state from other lnd nodes' QueryMissionControl output. This allows new nodes to start include routing insights that another node has learned, rather than starting with no information about the network. This imported information is not currently persisted. Note that sharing your QueryMissionControl output with another party may leak information about your payment history.

Bi-directional Stream Support for REST WebSockets

A fix to the WebSocket proxy now allows all RPCs to be used over REST/WebSockets, including the client-streaming ones (specifically lnrpc.Lightning.ChannelAcceptor, lnrpc.Lightning.SendPayment and routerrpc.Router.HtlcInterceptor).

An example for using the channel acceptor over REST was added to the documentation.

Option to delete failed payments

In earlier versions of lnd you could delete all finished payments from the database using the DeleteAllPayments RPC. Two new flags failed_payments_only and failed_htlcs_only have been added to this RPC, which can be used to delete only payments (HTLCs) that failed.

WalletKit & Wallet-Related RPCs

LeaseOutput has been extended to allow custom lease expirations and a new ListLeases RPC has been added to allow users to determine which outputs are currently being leased and for how long.

As part of our watch-only key import efforts, three new RPCs have been added to the WalletKit sub-server to interact with them:

• ImportAccount imports an BIP-0049/BIP-0084 account as watch-only through its extended public key (xpub).
• ImportPublicKey imports a BIP-0049/BIP-0084 public key into a default "imported" account.
• ListAccounts exposes information for accounts (watch-only or not) existing within the wallet.

Several existing RPCs were also modified (in a backwards-compatible manner) to either accept an account parameter in their requests or break down their responses by accounts.

• GetTransactions and ListUnspent can now filter through transactions and outputs belonging to a specific account.
• FundPSBT/FinalizePSBT can now fund/finalize PSBTs from a specific account.
• NewAddress can now generate addresses for a specific account.
• WalletBalance now returns an additional breakdown of the total wallet balance by accounts.

Longer Default Invoice Expiries

Over the past few months, we've heard from multiple sources that the default invoice expiries are too short. As a result, the default expiry for MPP invoices has been raised from one hour to one day.

Surfacing INVALID_ONION_PAYLOAD failures

Payments that fail with INVALID_ONION_PAYLOAD are now properly reported via SendToRoute and SendPaymentV2 as lnrpc.INVALID_ONION_PAYLOAD. Prior to 0.13 these were reported as lnrpc.Failure_UNKNOWN_FAILURE.

pprof Security

lnd will no longer make its pprof port accessible to the world by default, and will instead listen on localhost if a port is specified. Exposing the pprof port is still left as an option for certain use cases.

Mobile

Simplified API using the State service

Using the mobile bindings one would earlier need to wait for the unlockerReady callback to fire to unlock the wallet, and then the second callbackrpcReady before the lnd RPCs were ready to be used. This was a bit awkward, and not very well supported with React Native.

This release moves back to a single rpcReady callback, which together with the new State service can be used to determine the state of lnd at all times.

To build lnd with these new bindings for mobile, falafel v0.9.0 should be used.

Avoid killing the app on lnd failure

Instead of killing the application in case lnd fails to start, we now return an error back over the API.

Delayed Zombie Pruning

We delay graph zombie pruning on startup by 30 sec, to avoid blocking on this operation. This shortens the delay from unlocking to lnd is ready, which especially should improve the experience on mobile.

Bug Fixes

• A regression in the channel state-machine that would lead to de-sync and force close has been fixed. Channels between upgraded nodes should not experience incorrect force closes.
• The failure message used by the HTLC Interceptor to reject HTLCs has been updated to include a channel update with the temporary channel failure error code.
• A bug that could cause lnd to fail starting up if a new channel was in the process of being opened has been fixed.
• In case a channel announcment for a local channel was received after channel closure, neutrino backed nodes could end up re-adding the channel to the graph. This has been fixed by ignoring all local announcements coming from our peers.
• A bug in the payment state machine which would result in a payment getting stuck if it received a terminal payment error shortly before dispatching another shard has been addressed.
• The SubscribeSingleInvoice API has been updated to terminate the stream of events once the invoice reaches a terminal state.
• During a block storm or integration tests the router subsystem can lag behind on its best known block due to the pruning work it has to complete for each block. Previously the synced_to_chain flag of the GetInfo RPC would only look at the best height of the wallet vs. its chain backend. To make sure the router is also up to date, the flag now only turns true if the router subsystem is synced to the same height as the wallet
• Some terminals don't allow more than 4096 characters to be pasted if running in interactive/TTY mode. This lead to large PSBTs being cut off during channel open. This was fixed by allowing the PSBT to be read from a file in addition to the terminal.
• The GetNodeInfo RPC has been updated to output the channel policies for the requested node in the expected order. Previously, its ordering was inconsistent with DescribeGraph and GetChanInfo.
• The num_pending_backups stat exposed by configured watchtower clients through the WatchtowerClient sub-server is now properly decremented after a backup has been accepted by a watchtower.

Contributors (Alphabetical Order)

Alex Bosworth Andras Banki-Horvath Anton Kovalenko Bjarne Magnussen Carla Kirk-Cohen Conner Fromknecht Elle Mouton Elliott Jin Eugene Siegel GameXG Hampus Sjöberg Jake Sylvestre Johan T. Halseth Jonathan Underwood Joost Jager Juan Pablo Civile Martin Habovštiak Olaoluwa Osuntokun Oliver Gugger Pierre Rochard Roei Erez Tom Kirkpatrick Umar Bolatov Vlad Stan Wilmer Paulino Yaacov Akiba Slama rockstardev whythat yuki-js Yong Yu

Adding UTXO selection in the script explorer and minor bug fixes.

Also available on PyPi and can be installed with pip install -U hwi

Added

• Message signing for BitBox02

Fixed

• Fixed handling of multiple BitBox02s being connected
• Fixed standalone Linux build to work on older Linux distributions
• Always use h instead of ' for hardened derivation paths

Binaries

There are two types of binaries:

Specter Desktop

It's a windowed GUI application with Specter server included. Supported platforms: Windows, MacOS, Linux (x86_64)

Note on Linux: you need to set up udev rules (included in the archive). Check out readme.

Note on macOS: The current build supports only macOS Catalina (10.15) or higher. If you'd like to run Specter on an older macOS version, you can install Specter from Pip.

specterd

It's a command-line program that only runs Specter server. Supported platforms: Windows, MacOS, Linux (x86_64)

Signatures and hashes

sha256.signed.txt file contains sha256 hashes of all binary files and signed with @ben-kaufman's GPG key. You can get the public key from here: https://benkaufman.info/ben-kaufman.asc. It is also available via keys.gnupg.net or keys.openpgp.org. Fingerprint of the key is 5DF6 A760 1DB8 B78E BDEC 18DB 5D27 DE56 4153 F2BD, short id: 5d27de564153f2bd

Release notes

• Bugfix: unconventional derivations fail regexes #1204 (Stepan Snigirev)
• Chore: Simplify emptiness checks in txlist #1202 (Roman Zeyde)

Binaries

There are two types of binaries:

Specter Desktop

It's a windowed GUI application with Specter server included. Supported platforms: Windows, MacOS, Linux (x86_64)

Note on Linux: you need to set up udev rules (included in the archive). Check out readme.

Note on macOS: The current build supports only macOS Catalina (10.15) or higher. If you'd like to run Specter on an older macOS version, you can install Specter from Pip.

specterd

It's a command-line program that only runs Specter server. Supported platforms: Windows, MacOS, Linux (x86_64)

Signatures and hashes

sha256.signed.txt file contains sha256 hashes of all binary files and signed with @ben-kaufman's GPG key. You can get the public key from here: https://benkaufman.info/ben-kaufman.asc. It is also available via keys.gnupg.net or keys.openpgp.org. Fingerprint of the key is 5DF6 A760 1DB8 B78E BDEC 18DB 5D27 DE56 4153 F2BD, short id: 5d27de564153f2bd

Release notes

• Bugfix: a few typos #1201 (Roman Zeyde)
• Bugfix: Set http as default network protocol if non specified #1199 (benk10)
• Bugfix: Update Tor circuit every request #1200 (benk10)

Release notes

This release makes DAO synchronization 30% quicker, improves BSQ SegWit fee calculation to save mining fees, and (as always) fixes many bugs across the board.

Improvements

• Speed up "Synchronizing DAO" by ~30%
• Reduce BSQ fee estimation constant to reduce fees for BSQ SegWit transactions
• Upgrade JavaFX to v16
• Withdrawal view: reduce vertical spacing and fix issue with custom fee
• Add fiat equivalent for Total Amount & Security Deposit for both makers and sellers
• Replace bisq.network/faq links with bisq.wiki
• Replace docs.bisq.network links with bisq.wiki
• Remove Bitpay as a pricenode data provider because of too low volume and high spread

Bug fixes

• Prevent burning of BSQ dust in specific edge cases
• Fix the formula used to calculate BSQ amount needed to avoid dust
• Fix the price node lower bounds for minimum fee
• Add missing check if transaction was in correct voting phase
• Fix custom fee rate field when custom inputs are used
• Fix string when creating a new offer
• Fix focus issue when enter key used to edit offer
• Fixed XRC coin title to correct one

Development & Documentation

• Build: Change default console to plain
• Build: Preserve shadow plugin name
• Build:Remove jcenter repository
• Create Installer: Open binaries shared folder on finish
• Create Installer: Enforce Java 11
• Create Installer: Include build platform in fat jar filename
• Create Installer: Fix Raspberry Pi build
• Create Installer: Fix macOS jar hash

Assets

No new assets.

Verification

For a detailed description on how to verify your Bisq installer please have a look at our wiki: https://bisq.wiki/Downloading_and_installing#Verify_installer_file

Url of the signing key (Christoph Atteneder): https://bisq.network/pubkey/29CDFD3B.asc Full fingerprint: CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B

Import the key: curl https://bisq.network/pubkey/29CDFD3B.asc | gpg --import GPG prints a confusion warning: "This key is not certified with a trusted signature!" - See https://serverfault.com/questions/569911/how-to-verify-an-imported-gpg-key for background information what it means.

How to verify signatures? gpg --digest-algo SHA256 --verify BINARY{.asc*,} Replace BINARY with the file you downloaded (e.g. Bisq-1.6.5.dmg)

Verify jar file inside binary: You can verify on OSX the jar file with: shasum -a256 [PATH TO BISQ APP]/Bisq.app/Contents/app/desktop-1.6.5-all.jar The output need to match the value from the Bisq-1.6.5.jar.txt file.

NEW: There are three hashes within the Bisq-1.6.5.jar.txt file (macOS, Windows, Linux). If you want to reproduce and verify the hash of the jar file locally, you need to do so on Windows or Linux using Java 11.0.10 and the v1.6.5 release tag. Because of the signing and notarization process that requires the developer certificate used for the build on macOS it is not possible to create the same jar on macOS.

Known issues with installation

Windows:

There is a known issue with Anti Virus software. We got several reports from users running into different problems. Either the AV software blocks Bisq or Tor, delete files in the data directory [2] or app directory [1]) or cause such a long delay at startup that Tor gets terminated and a file remains locked which can cause that Bisq cannot be started afterwards. To resolve that you need to restart Windows then the lock get released. We are working on solutions to fix those issues.

If you use Crypto currencies on your Windows system be aware that Windows is much more vulnerable to malware than Linux or OSX. Consider to use a dedicated non-Windows system when dealing with cryptocurrencies.

[1] Application directory (contains application installation files): C:\Users<username>\AppData\Local\Bisq

[2] Data directory (contains all Bisq data including wallet): C:\Users<username>\AppData\Roaming\Bisq\btc_mainnet\tor (you can delete everything except the hiddenservice directory)

Linux:

Hint for Debian users: If you have problems starting Bisq on Debian use: /opt/bisq/bin/Bisq

If your Linux distro does not support .deb files please follow this instruction: cd ~/Downloads mkdir tmp cd tmp ar x ../Bisq-64bit-1.6.5.deb sudo tar Jxvf data.tar.xz sudo cp -rp opt/Bisq /opt/ That instruction is not tested on many different distros. If you encounter problems please report it in a Github issue so we can improve it.

Credits

Thanks to everyone who directly contributed to this release:

• @BtcContributor
• @cd2357
• @chimp1984
• @devinbileck
• @ghubstan
• @jmacxx
• @m52go
• @maxim-belkin
• @ripcurlx
• @sqrrm
• @Emzy
• @wiz

As well as to everyone that helped with translations on Transifex.

Binaries

There are two types of binaries:

Specter Desktop

It's a windowed GUI application with Specter server included. Supported platforms: Windows, MacOS, Linux (x86_64)

Note on Linux: you need to set up udev rules (included in the archive). Check out readme.

Note on macOS: The current build supports only macOS Catalina (10.15) or higher. If you'd like to run Specter on an older macOS version, you can install Specter from Pip.

specterd

It's a command-line program that only runs Specter server. Supported platforms: Windows, MacOS, Linux (x86_64)

Signatures and hashes

sha256.signed.txt file contains sha256 hashes of all binary files and signed with @ben-kaufman's GPG key. You can get the public key from here: https://benkaufman.info/ben-kaufman.asc. It is also available via keys.gnupg.net or keys.openpgp.org. Fingerprint of the key is 5DF6 A760 1DB8 B78E BDEC 18DB 5D27 DE56 4153 F2BD, short id: 5d27de564153f2bd

Release notes

• Feature: Broadcast transactions over block explorer via Tor #1183 (benk10)
• Feature: "Verify on device" with Coldcard sugggest using airgap instead of USB connection #1157 (Manolis)
• Feature: Merge in Liquid branch (preparation for Liquid support) #1174 (benk10)
• Feature: Support importing BIP48 xpubs from JSON #1156 (benk10)
• Feature: Managing more than one Node-connection and switch between them #1146 (benk10)
• Feature: Managing multiple internal nodes with testnet(s) support #1165 (benk10)
• Feature: Hide sensitive info mode #1170 (benk10)
• Feature: Add cancel transaction with RBF button and show cancelled transactions status #1197 (benk10)
• UIUX: Updated change text from 'payed' to 'paid' in fee_selection file #1155 (Chris Pollard)
• UIUX: Move backup PDF SLIP132 option to advanced section #1168 (benk10)
• Docs: Update tor.md #1129 (benk10)
• Bugfix: Improve Tor resilience #1161 (Kim Neunert)
• Bugfix: Fix issue with selecting remote USB option #1147 (benk10)
• Bugfix: Fix unremovable linebreak in address label #1171 (benk10)
• Bugfix: Update compatibility for Bitcoin Core v22 "addresses" RPC changes #1180 (benk10)
• Bugfix: Fix broadcast via block explorer #1191 (benk10)
• Bugfix: Fix sensitive info notification and xpub hiding #1189 (benk10)
• Bugfix: Fix xpub format when no node is used #1188 (benk10)
• Bugfix: Fix updating addresses list caching for wallets using Bitcoin Core native wallet descriptors #1193 (benk10)
• Chore: Bump embit version #1186 (Stepan Snigirev)
• Chore: Bump flask-cors from 3.0.8 to 3.0.9 #1149 (dependabot[bot])
• Chore: Bump hosted-git-info from 2.8.8 to 2.8.9 in /pyinstaller/electron #1154 (dependabot[bot])
• Chore: Bump lodash from 4.17.20 to 4.17.21 in /pyinstaller/electron #1159 (dependabot[bot])
• Chore: Update hidapi to 0.10.1 #1141 (Leon Costa)
• Chore: Update hwibridge.md #1178 (kdmukai)
• Chore: Upgrade internal bitcoind version to v0.21.1 #1173 (benk10)

Release Candidate 1 for HWI 2.0.2

Main changes

Add maximum amount for swap-out

There is now a maximum amount that can be sent using swap-out (currently 20 mBTC, this value can change).

Fix a few issues and potential crashes

Full list of changes

• app: https://github.com/ACINQ/phoenix/compare/v1.4.12...v1.4.13

Verifying signatures

You will need gpg and our release signing key 7A73FE77DE2C4027. Note that you can get it: - from our website: https://acinq.co/pgp/drouinf.asc - from github user @sstone, a committer on eclair: https://api.github.com/users/sstone/gpg_keys

To import our signing key: $ gpg --import drouinf.asc

To verify the release file checksums and signatures: $ gpg -d SHA256SUMS.asc > SHA256SUMS.stripped $ sha256sum -c SHA256SUMS.stripped

This is a pre-release! Don't use it if you don't know why!

v1.4.0-pre1 May 26, 2021

• Feature: Broadcast txs over block explorer via Tor #1183 (benk10)
• Feature: "Verify on device" with Coldcard sugggest using airgap instead of USB connection #1157 (Manolis)
• Feature: Merge in Liquid branch #1174 (benk10)
• Feature: Multiple internal nodes support #1165 (benk10)
• Feature: Support importing BIP48 from json #1156 (benk10)
• Feature: Node manager #1146 (benk10)
• Feature: Hide sensitive info mode #1170 (benk10)
• Bugfix: Improve Tor resilience #1161 (Kim Neunert)
• Bugfix: Fix issue with selecting remote USB option #1147 (benk10)
• Bugfix: Fix unremovable linebreak in address label #1171 (benk10)
• Bugfix: Update compatibility for Bitcoin Core v22 "addresses" RPC changes #1180 (benk10)
• Chore: Bump embit version #1186 (Stepan Snigirev)
• Chore: Bump flask-cors from 3.0.8 to 3.0.9 #1149 (dependabot[bot])
• Chore: Bump hosted-git-info from 2.8.8 to 2.8.9 in /pyinstaller/electron #1154 (dependabot[bot])
• Chore: Bump lodash from 4.17.20 to 4.17.21 in /pyinstaller/electron #1159 (dependabot[bot])
• Chore: Update hidapi to 0.10.1 #1141 (Leon Costa)
• Chore: Update hwibridge.md #1178 (kdmukai)
• Chore: Upgrade internal bitcoind version #1173 (benk10)
• Docs: Update tor.md #1129 (benk10)
• UIUX: Updated change text from 'payed' to 'paid' in fee_selection file #1155 (Chris Pollard)
• UI/UX: Move backup PDF SLIP132 option to advanced #1168 (benk10)

Fixed * File import icon was not visible * Check Bech32 uppercase address * Dont display Tor text in catalyst * Applied xpub to wrong object
* Cobo vault watch-only occasionally gets imported as wrong wallet type (closes #3152) * Widgets shows wrong price in RUB currency

Added * Add close to modals #2584

Refactored * Smarter utxo selection (closes #3085)

Removed * Remove tooltip as its not needed on multisig create screen.

Main changes

Add support for LNURL-pay

LNURL-pay is an offband protocol using http requests to get invoices from a compliant node. It supports comments, min/max amounts, metadata (including images) and callback messages from the recipient (including encrypted messages that can only be read once the payment is successful, using the preimage).

This change does not mean that Phoenix offers static invoices, but that it can now pay them.

Switch to bouncy castle and update secp256k1

See https://github.com/ACINQ/eclair/pull/1788

Add German localization

See https://github.com/ACINQ/phoenix/pull/146

Complete list of changes

• app: https://github.com/ACINQ/phoenix/compare/v1.4.11...v1.4.12
• core: https://github.com/ACINQ/eclair/compare/v0.4.10-android-phoenix...v0.4.11-android-phoenix

Verifying signatures

You will need gpg and our release signing key 7A73FE77DE2C4027. Note that you can get it: - from our website: https://acinq.co/pgp/drouinf.asc - from github user @sstone, a committer on eclair: https://api.github.com/users/sstone/gpg_keys

To import our signing key: $ gpg --import drouinf.asc

To verify the release file checksums and signatures: $ gpg -d SHA256SUMS.asc > SHA256SUMS.stripped $ sha256sum -c SHA256SUMS.stripped

This release makes some core features mandatory, includes a few important bug fixes and several performance improvements. It is fully compatible with 0.5.1 (and all previous versions of eclair).

Major changes

Mandatory payment secrets

This release makes two important features mandatory:

• var_onion_optin (added to the spec in July 2019)
• payment_secret (added to the spec in December 2019)

These features have been widely deployed and protect against privacy attacks and stealing payments to 0-value invoices (as described here). You won't be able to connect to nodes that don't support these features nor pay invoices that don't include a payment_secret.

Improved detection of stale blocks

Eclair uses ZMQ to receive blocks and transactions from your bitcoin node. While ZMQ is usually very reliable, we discovered that its pub/sub model has some limitations. If a subscriber encounters network failures, it will silently disconnect without notifying the publisher. This never happens when your bitcoin node is on the same machine as eclair, but may happen when bitcoin is running on a remote machine and a VPN is used between the two machines. Eclair now sets a TCP keep-alive on the ZMQ socket to work around this limitation and quickly reconnect.

The blockchain watchdogs have also been improved to run at fixed intervals if no blocks are received. They will poll secondary blockchain sources (bitcoinheaders.net, blockstream.info, mempool.space and blockcypher.com) to detect that your eclair node is missing blocks.

Electrum support removed

This release removes support for using Electrum instead of Bitcoin Core for your bitcoin wallet. Electrum support was necessary for mobile wallets, but wasn't recommended for server deployments. Wallets are migrating to our Kotlin lightning stack, so eclair can now target exclusively server deployments.

Eclair depends on many low-level bitcoind RPCs for fee bumping which aren't available yet in Electrum.

Improved Postgres support

We previously introduced beta support for using PostgreSQL as database backend in eclair v0.4.1. We've fixed some bugs since then and improved the integration, but please note that PostgreSQL support is still in beta. We're actively working on finalizing this integration and making PostgreSQL production-ready in a future release.

Support for future segwit versions

This release adds support for option_shutdown_anysegwit (spec PR available here). Current segwit bitcoin addresses (P2WPKH and P2WSH) only use segwit version 0, but this change lets nodes use bitcoin addresses with other version numbers (taproot will use version 1).

API changes

This release updates a few APIs:

• Features are now displayed as a map (feature name -> support) in API responses (#1715)
• Channel internal state tracking force-close scenarios has been enriched (#1728)
• A --blocking=<bool> option has been added to the payinvoice API (#1751)

We've also updated our internal API DSL, which paves the way for more plugin integration in a future release. Head over to our API documentation for more details.

Miscellaneous improvements and bug fixes

• Eclair now defaults to Bech32 addresses (#1717)
• Anchor output commitment feerate is now configurable (#1718)
• All outputs of revoked anchor output commitments are claimed (there is a subtle edge case, see #1738)
• Internal codec packages and database versions have been reworked to improve future backwards-compatibility
• Several improvements have been made to our path-finding algorithms, improving tail latency
• A bug affecting reconnections to peers has been fixed (#1760)
• A bug affecting transaction outputs ordering (which can lead to channel force-close) has been fixed (#1806)

Verifying signatures

You will need gpg and our release signing key 7A73FE77DE2C4027. Note that you can get it:

• from our website: https://acinq.co/pgp/drouinf.asc
• from github user @sstone, a committer on eclair: https://api.github.com/users/sstone/gpg_keys

To import our signing key:

sh $ gpg --import drouinf.asc

To verify the release file checksums and signatures:

sh $ gpg -d SHA256SUMS.asc > SHA256SUMS.stripped $ sha256sum -c SHA256SUMS.stripped

Building

Eclair builds are deterministic. To reproduce our builds, please use the following environment (*):

• Ubuntu 20.04
• AdoptOpenJDK 11.0.6
• Maven 3.8.1

Use the following command to generate the eclair-node package:

sh mvn clean install -DskipTests

That should generate eclair-node/target/eclair-node-0.6.0-XXXXXXX-bin.zip with sha256 checksums that match the one we provide and sign in SHA256SUMS.asc

(*) You may be able to build the exact same artefacts with other operating systems or versions of JDK 11, we have not tried everything.

Upgrading

This release is fully compatible with eclair v0.5.1. You don't need to close your channels, just stop eclair, upgrade and restart.

Changelog

• 163700a23 Set version to 0.5.2-SNAPSHOT (#1714)
• 844829a9b Features should be a Map (#1715)
• afa378fbb Fix Bolt 3 spec change that broke our test suite (#1719)
• c4c0248ee Use bech32 addresses by default (#1717)
• 92e53dc9a Configurable anchor output max commitment feerate (#1718)
• ea8f94022 Fix potential race condition in node-relay (#1716)
• 9ff2f833e Refactor and simplify API dsl (#1690)
• 6364ae335 Reject trampoline payments with expired outgoing cltv (#1727)
• 277213875 Better handling of TemporaryChannelFailure (#1726)
• ded5ce0e1 Add metadata to local_channels table (#1724)
• 8dc64dbaa Fix API regression (#1729)
• 4bc2dec66 Reorganize internal codecs (master) (#1732)
• 6d28cbc8e Rework XxxCommitPublished types (#1728)
• 6e72785d6 fixup! Rework XxxCommitPublished types (#1728) (#1735)
• 7819faec3 Move protocol codecs to their own package (#1736)
• 3d3766ef5 Clarify some comments and add tests (#1734)
• f39718a38 Add high-level architecture diagrams (#1733)
• f202587e9 Clarify commit tx fee anchor cost (#1721)
• c37eb1ad5 Handle aggregated anchor outputs htlc txs (#1738)
• e5429ebdf Avoid visiting vertices multiple times in Dijkstra's algorithm (#1745)
• c6a76af9d Introduce actor factories (#1744)
• 75cb777c6 Prevent loops and improve shortest paths perf (#1747)
• 936f36b9f Refactor Postgres code (#1743)
• ac2b78437 Fix flaky relay-htlc-add test (#1752)
• 5729b2891 Add blocking option to payinvoice API (#1751)
• 89d248929 Remove Electrum support (#1750)
• b25e5523e Remove Docker test dependency (#1753)
• 13217610a Make signing payment requests faster (#1754)
• 5f68bf922 Database nits (#1755)
• 1e2abaed0 Index database metrics by backend (#1758)
• 6518bb47a Posgres: fix concurrency in channels db (#1762)
• 3da0b80cb Add a list of community plugins (#1763)
• 48c0c4c98 Extract tx publishing from watchers (#1749)
• 357f7f994 Catch all connection failures and reconnect (#1760)
• 205653d09 Make db errors fatal in channels (#1764)
• ccae92d7d (Minor) Minimize conflicts with feature branches (#1765)
• eb834e252 Do not explicitly provide address for ServerSocket in tests (#1766)
• d0e79fa31 Add shorter CI timeout (#1769)
• 15ddc1718 Add trampoline info to auditDB (#1767)
• 32a86a476 Ignore tests with ServerSocket (#1776)
• 33d52b653 More database nits (#1773)
• e092677b9 Rework the db version management (#1775)
• 4a1dfd2a2 Reenable ServerSocket tests (#1777)
• e14c40d7c Use proper data type for timestamps in Postgres (#1778)
• 62dd3932f Use bouncycastle instead of spongycastle (#1772)
• 3669428b5 Don't log ClosingType object (#1781)
• 223a14cb5 Remove bintray (#1785)
• 9e4042fd4 Migrate ZmqWatcher to akka-typed (#1759)
• 90fbcd32f Index trampoline payments by hash and secret (#1770)
• 3079cb4fc Remove unused class (#1792)
• a8d4e07bd Use less strict isolation level for channel meta (#1790)
• 55b50ecf4 ZMQ actors should subscribe to a single topic (#1793)
• c64154938 Fix computation of path weight (#1794)
• 340fd299b Update default path-finding weight ratios (#1796)
• 55a629f11 Update instructions for downloading Tor Bundle (#1784)
• 898c17bc7 Remove ConnectionControlPlugin trait (#1797)
• 0805d51af Do not retry sending if payment gets confirmed on chain (#1799)
• ec276f8e7 Use satoshi for htlc ordering (#1806)
• 9c3ee59cf Check blockchain watchdogs regularly (#1808)
• 91419980b Make payment_secret mandatory (#1810)
• 1fbede761 Add TCP keep-alive on ZMQ socket (#1807)
• 5a92f8474 Add support for optionshutdownanysegwit (#1801)
• e2b3b4735 Update Tor doc for Windows (#1811)
• f746ade34 Set version to 0.6.0 (#1812)

Special thanks to @tompro who reworked our internal API DSL.

• Fix: Unable to activate shopify integration @Kukks

This release marks the first major release in the 0.13 series, and the second major release of the year! This release includes a number of compelling additions including: first-class pruning support, AMP sending+receiving support, arbitrary pubkey/xpub import w/ PSBT transaction crafting, clustered lnd using etcd failover, and much more!

Database Migrations

The lnd database is migrated to store all wire messages with an additional TLV field. See details below.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

shell $ curl https://keybase.io/bitconner/pgp_keys.asc | gpg --import $ curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-${{ env.RELEASE_VERSION }}.sig and manifest-${{ env.RELEASE_VERSION }}.txt are in the current directory) with:

shell $ gpg --verify manifest-roasbeef-${{ env.RELEASE_VERSION }}.sig manifest-${{ env.RELEASE_VERSION }}.txt

You should see the following if the verification was successful:

text gpg: Signature made Wed Sep 30 17:35:20 2020 PDT gpg: using RSA key 4AB7F8DA6FAEBB3B70B1F903BC13F65E2DC84465 gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onward, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-${{ env.RELEASE_VERSION }}.txt.asc.ots.

Assuming you have the OpenTimestamps client installed locally, the timestamps can be verified with the following commands:

shell $ ots verify manifest-roasbeef-${{ env.RELEASE_VERSION }}.sig.ots -f manifest-roasbeef-${{ env.RELEASE_VERSION }}.sig

Alternatively, the open timestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally. These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved. The release binaries are compiled with go${{ env.GO_VERSION }}, which is required by verifiers to arrive at the same ones.

They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, routerrpc, and watchtowerrpc. Note that these are already included in the release script, so they do not need to be provided. The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

shell $ git verify-tag ${{ env.RELEASE_VERSION }} gpg: Signature made Tue Sep 15 18:55:00 2020 PDT gpg: using RSA key 4AB7F8DA6FAEBB3B70B1F903BC13F65E2DC84465 gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

Verifying the Docker Images

To verify the lnd and lncli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

shell $ docker pull lightninglabs/lnd:${{ env.RELEASE_VERSION }} $ docker run --rm --entrypoint="" lightninglabs/lnd:${{ env.RELEASE_VERSION }} /verify-install.sh $ OK=$? $ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done $ docker run lightninglabs/lnd [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming that vendor.tar.gz and lnd-source-${{ env.RELEASE_VERSION }}.tar.gz are in the current directory, follow these steps:

shell $ tar -xvzf vendor.tar.gz $ tar -xvzf lnd-source-${{ env.RELEASE_VERSION }}.tar.gz $ GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=${{ env.RELEASE_VERSION }}" ./cmd/lnd $ GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=${{ env.RELEASE_VERSION }}" ./cmd/lncli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

shell $ make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

Database and wire changes

Wire Message TLV Support

The wire messages sent between LN peers have the ability to carry additional data, using the TLV format. This allows attaching data and protocol extensions to messages in a non-breaking way, paving the way for future feature upgrades to the protocol.

In this release all stored messages in the lnd database are migrated to a format supporting these TLV extensions, and message parsing now always read out these fields and keep them for future handling.

Protocol Updates

Anchor Output Channels

The spec compliant anchor channel format introduced in v0.12 is now the default channel type if both nodes support it when opening a new channel. You can read more about it in the v0.12.0 release notes, and it can be disabled by providing the --protocol.no-anchors flag at startup.

Since a node having channels using this format must keep on-chain funds around in case unilateral fee bumping is needed, we reserve 10k sats per channel for this purpose. In this release we cap this at 100k sats, and in addition avoid reserving this value for private channels.

Finally a change to breach handling has been made, to mitigate a theoretical attack the channel peer can perform by pinning HTLC outputs on a breached commitment transaction. If we suspect such pinning is taking place, lnd will now attempt to sweep the breached commitment outputs separately.

P2P Gossip Handling, Hardening & Optimizations

Ephemeral & Persistent Gossip Reject Caches

Those that run larger lnd instances may have noticed a cyclic nature of gossip traffic that would lead to many announcements being rejected, only to be processed hours later. This burst of traffic typically causes high CPU and memory usage, along with a large batch of blocks fetched from the node backend. During this release cycle we dug into the issue and found that the culprit was actually a new variant of zombie channel churn: fully closed channels (funding UTXO spent) being continually offered by nodes that aren't (for some reason) pruning their channel graph.

In this release, we'll now add channels that fail full validation irrevocably to the existing zombie index cache. Expanding the usage of this cache means that new lnd nodes will only validate those spent channels once (as they should), then never request them again during the historical sync spot checks that happen periodically.

Related to the above fix, a bug has been fixed that would cause us to continually re-validate a channel announcement that we had already rejected.

Dependent Gossip Processing

ChannelUpdate and NodeAnnouncement gossip messages depend on its ChannelAnnouncement being processed successfully. Throughout our investigative efforts above, we also noticed that lnd would process these messages when their corresponding ChannelAnnouncement's validation failed, which has now been fixed.

Improved Gossip Rate Limiting

lnd v0.12.1-beta featured a new gossip rate limiting heuristic in which keep-alive updates were throttled to allow one per day, while non-keep-alive updates were throttled to allow one per block. The latter heuristic for non-keep-alive updates proved to be inconsistent, especially for our auto enable/disable channel behavior, as blocks are not guaranteed to arrive at a constant rate. To mitigate this, we've moved towards a token bucket based approach to allow by default one update per minute with a maximum burst tolerance of 10 updates. These defaults may change as the structure of the network does, but they can also be changed through two new config options: gossip.channel-update-interval and gossip.max-channel-update-burst.

Routing Optimizations & New Payment Types

MPP+AMP Payment Splitting on by Default

In this version of lnd, MPP payment splitting is now activated by default. Prior versions of lnd required a caller to manually specify that they wanted their payment to possibly be split via the MaxShards RPC/CLI flag. The default number of attempted splits is now 16 (we'll attempt to split up to 16 times by default). In addition, a new MaxShardAmt flag has been added that allows the caller to control how large the largest split can be. This new flag can effectively be used to force lnd to adhere to a given maximum payment unit expressed in satoshis, which means lnd may split more frequently than before.

Strict Zombie Pruning

Typically lnd will mark a channel as a zombie when both of its edges aren't re-advertised within a two week period. This is typically referred to as a channel's heartbeat update. Analysis by Conner Fromknecht demonstrated that the channel graph itself could be shrunk by ~20% if a stricter pruning heuristic was adopted: pruning a channel once only a single edge fails the heartbeat check. The latest version of lnd has implemented this stricter pruning variant in an opt-in manner.

This new graph pruning variant is on by default for neutrino nodes as it was common for them to never actually receive a "double disable" of a channel's edges, meaning it would never actually remove certain closed channels from its channel graph. Routing nodes and nodes that frequently send outbound payments can activate the new pruning variant with a new flag: --routing.strictgraphpruning. The new logic also requires that party that originally failed the heartbeat check to the be one that re-publishes the channel update in order for a prior zombie channel to be resourced. the channel update in order for a prior zombie channel to be resurrected.

New M1 Release Target

This is the first release that includes binaries for the recently released Apple Silicon (M1) architecture! roasbeef has switched to using an M1 machine as his primary development machine over the past few months and hasn't reported any unsafe behavior. We encourage those switching to run lnd on an M1 machine to reach out to us if any abnormal behavior is detected.

For the 0.14 release, we aim to start to remove architectures for binaries included with the final packaged release that are either in the bottom tier of downloads, or have no downloads at all.

P2P Networking

A bug that wouldn't allow a node to listen on an IPv6 REST port when Tor is active has been fixed.

Wallet Enhancements

This release features several improvements that will enable lnd (in a future release!) to operate without the access of private keys within its process.

Watch-Only Key Import

The wallet is now able to import BIP-0049 and BIP-0084 accounts/public keys as watch-only through xpubs! This feature was made possible by the introduction of watch-only accounts to btcwallet, our internal wallet. This functionality is exposed through two new RPCs within the WalletKit sub-server: ImportAccount and ImportPublicKey.

Events (deposits/spends) for imported keys or keys derived from an imported account will only be detected by lnd if they happen after the import. Rescans to detect past events will be supported in a future release, so make sure to use a new unused wallet when using this functionality.

TODO: Include link to documentation featuring an in-depth example of account/pubkey import.

ECDH Revocation Seed

The revocation seed is used to generate revocation secrets during the lifetime of a channel. The seed-generation code has been updated to no longer handle raw private keys, using ECDH to achieve this.

Auto-unlock wallet from password file

In automated or unattended setups such as cluster/container environments, unlocking the wallet through RPC presents a series of challenges. Usually, the password is present as a file somewhere in the container already anyway so writing an extra custom script for unlocking is error prone and tedious. Instead the new --wallet-unlock-password-file flag was added that can be used to read the password for an existing wallet from a file (or device or named pipe) to auto-unlock it.

Backend Enhancements & Optimizations

Daemon-Level Block Cache

lnd now maintains a global daemon-level block cache to prevent redundant GetBlock calls across all of its sub-systems. This cache can store up to 20MB worth of block data by default, and can be changed through the new config option blockcachesize.

bitcoind Pruned Node Support

lnd now supports connecting to pruned bitcoind backends! A new sub-system has been introduced that maintains connections to bitcoin peers to retrieve pruned blocks from and caches them. These peers are sourced from the peer list of the connected bitcoind instance, or from the getnodeaddress RPC otherwise. The number of connections (4 by default) can be configured through the new config option bitcoind.pruned-node-max-peers.

Neutrino Optimizations

The memory footprint used throughout the initial block header sync has been reduced by 50%.

The set of filter header checkpoints for the mainnet and testnet chains have been updated.

Neutrino Channel Validation

Compact filters retrieved from peers to determine whether the corresponding block contains any relevant transactions are now validated by checking whether they were constructed correctly.

lnd instances backed by Neutrino now have channel validation disabled by default. Channel validation includes obtaining the block a channel was included in and verifying the channel output remains unspent. This is an intensive process for light-clients as they don't maintain a block index and UTXO set. The routing.assumechanvalid config option, which disables channel validation, has now been deprecated. Channel validation can be re-enabled for Neutrino-backed lnd nodes with the new config option neutrino.validatechannels.

Neutrino Configuration

neutrino.broadcasttimeout allows users to specify how long they wish their broadcast attempts to last before giving up.

neutrino.persistfilters allows users to persist compact filters retrieved from the network. This will result in less bandwidth consumption at the expense of storage.

neutrino.validatechannels can be activated to enable channel validation. Note that light-clients are not well-equipped to perform this type of validation without SPV channel proofs (keep an eye out for this in future releases!).

Immediate graph updates for local channels

In lnd v0.12.0 we saw a massive enhancement to graph sync, since batch writing of gossip messages to the database was introduced. However, this also included local updates made, which could cause these to become slightly delayed. In this release the local updates will now get special treatment, and are added immediately.

RPC

Unification of WalletUnlocker and Lightning services

This release brings a massive overhaul to the way the wallet is unlocked on the backend, while staying backwards compatible.

Earlier version of lnd would bring up a gRPC server that exposed the WalletUnlocker service, which would in turn be stopped and restarted to bring up the Lightning service after successful unlock. This caused issues with some clients that didn't expect the available services to change during runtime, and it also made it hard to determine the state of the wallet without string matching on the error received from calling the RPC server.

In lnd v0.13.0, the two gRPC services (and subserver services) are available at all times such that we avoid tearing down the gRPC server at runtime. The RPC endpoints are gated by the wallet state (see below) such that only RPCs from the WalletUnlocker service are available as long as the wallet remains locked.

If you relied on the RPC errors or availability of the different services to determine the wallet state, you should change to use the new State service.

New State Service

A new service is now exposed on the lnd gRPC server: State. This can be used to get the state of the wallet at all times, and should be used to programatically drive the unlocking process.

The possible wallet states are [NON_EXISTING, LOCKED, UNLOCKED, RPC_ACTIVE] and the state can be subscribed to using the SubscribeState RPC, or fetched using lncli state.

Mission Control

Mission Control's parameters can now read and set while lnd is running using the GetMissionControlConfig and SetMissionControlConfig endpoints. This allows nodes to experiment with these parameters without restarting lnd.

An experimental XImportMissionControl API has been added to allow nodes to import state from other lnd nodes' QueryMissionControl output. This allows new nodes to start include routing insights that another node has learned, rather than starting with no information about the network. This imported information is not currently persisted. Note that sharing your QueryMissionControl output with another party may leak information about your payment history.

Bi-directional Stream Support for REST WebSockets

A fix to the WebSocket proxy now allows all RPCs to be used over REST/WebSockets, including the client-streaming ones (specifically lnrpc.Lightning.ChannelAcceptor, lnrpc.Lightning.SendPayment and routerrpc.Router.HtlcInterceptor).

An example for using the channel acceptor over REST was added to the documentation.

Option to delete failed payments

In earlier versions of lnd you could delete all finished payments from the database using the DeleteAllPayments RPC. Two new flags failed_payments_only and failed_htlcs_only have been added to this RPC, which can be used to delete only payments (HTLCs) that failed.

WalletKit & Wallet-Related RPCs

LeaseOutput has been extended to allow custom lease expirations and a new ListLeases RPC has been added to allow users to determine which outputs are currently being leased and for how long.

As part of our watch-only key import efforts, three new RPCs have been added to the WalletKit sub-server to interact with them:

• ImportAccount imports an BIP-0049/BIP-0084 account as watch-only through its extended public key (xpub).
• ImportPublicKey imports a BIP-0049/BIP-0084 public key into a default "imported" account.
• ListAccounts exposes information for accounts (watch-only or not) existing within the wallet.

Several existing RPCs were also modified (in a backwards-compatible manner) to either accept an account parameter in their requests or break down their responses by accounts.

• GetTransactions and ListUnspent can now filter through transactions and outputs belonging to a specific account.
• FundPSBT/FinalizePSBT can now fund/finalize PSBTs from a specific account.
• NewAddress can now generate addresses for a specific account.
• WalletBalance now returns an additional breakdown of the total wallet balance by accounts.

pprof Security

lnd will no longer make its pprof port accessible to the world by default, and will instead listen on localhost if a port is specified. Exposing the pprof port is still left as an option for certain use cases.

Mobile

Simplified API using the State service

Using the mobile bindings one would earlier need to wait for the unlockerReady callback to fire to unlock the wallet, and then the second callbackrpcReady before the lnd RPCs were ready to be used. This was a bit awkward, and not very well supported with React Native.

This release moves back to a single rpcReady callback, which together with the new State service can be used to determine the state of lnd at all times.

To build lnd with these new bindings for mobile, falafel v0.9.0 should be used.

Avoid killing the app on lnd failure

Instead of killing the application in case lnd fails to start, we now return an error back over the API.

Delayed Zombie Pruning

We delay graph zombie pruning on startup by 30 sec, to avoid blocking on this operation. This shortens the delay from unlocking to lnd is ready, which especially should improve the experience on mobile.

Bug Fixes

• A regression in the channel state-machine that would lead to de-sync and force close has been fixed. Channels between upgraded nodes should not experience incorrect force closes.
• The failure message used by the HTLC Interceptor to reject HTLCs has been updated to include a channel update with the temporary channel failure error code.
• A bug that could cause lnd to fail starting up if a new channel was in the process of being opened has been fixed.
• In case a channel announcment for a local channel was received after channel closure, neutrino backed nodes could end up re-adding the channel to the graph. This has been fixed by ignoring all local announcements coming from our peers.
• A bug in the payment state machine which would result in a payment getting stuck if it received a terminal payment error shortly before dispatching another shard has been addressed.
• The SubscribeSingleInvoice API has been updated to terminate the stream of events once the invoice reaches a terminal state.
• During a block storm or integration tests the router subsystem can lag behind on its best known block due to the pruning work it has to complete for each block. Previously the synced_to_chain flag of the GetInfo RPC would only look at the best height of the wallet vs. its chain backend. To make sure the router is also up to date, the flag now only turns true if the router subsystem is synced to the same height as the wallet
• Some terminals don't allow more than 4096 characters to be pasted if running in interactive/TTY mode. This lead to large PSBTs being cut off during channel open. This was fixed by allowing the PSBT to be read from a file in addition to the terminal.
• The GetNodeInfo RPC has been updated to output the channel policies for the requested node in the expected order. Previously, its ordering was inconsistent with DescribeGraph and GetChanInfo.
• The num_pending_backups stat exposed by configured watchtower clients through the WatchtowerClient sub-server is now properly decremented after a backup has been accepted by a watchtower.

Contributors (Alphabetical Order)

Alex Bosworth Andras Banki-Horvath Anton Kovalenko Bjarne Magnussen Carla Kirk-Cohen Conner Fromknecht Elle Mouton Elliott Jin Eugene Siegel GameXG Hampus Sjöberg Jake Sylvestre Johan T. Halseth Jonathan Underwood Joost Jager Juan Pablo Civile Martin Habovštiak Olaoluwa Osuntokun Oliver Gugger Pierre Rochard Roei Erez Tom Kirkpatrick Umar Bolatov Vlad Stan Wilmer Paulino Yaacov Akiba Slama rockstardev whythat yuki-js Yong Yu

Minor release minor bug fixes.

Improvements:

• Update BC-UR bundle and support decoding hex format of wallet (#2505 #2499) @Kukks

Bug fixes:

• During refund or payout, some payments issued from BTCPay were not properly detected. (#2513 #2518) @Kukks @NicolasDorier
• Fix payment button steps and validation range (#2506 #2503) @Kukks
• The local culture of the server could break some feature on BTCPay Server (#2512) @NicolasDorier
• Make sure unaccounted payments (double spent payments, or payjoin original transaction), are not accounted by the payment requests and crowdfund app @NicolasDorier
• Coinswitch page was not reflecting correctly in the side navigation @kukks
• Coinswitch showed as enabled when it was configured but disabled @kukks
• Lightning payment were not detected if Only enable the payment method after user explicitly chooses it was checked for the store @kukks

Added * Opt-out of performance and crash reports in settings/privacy

Fixed

• Loading indicator for wallet details
• Lightning invoice unit didn't reflect user change

A newer version is already available! Please don’t use this version anymore.

This is a follow-up release that updates a mempool explorer address and filters out banned seednode address with a wrong format.

For more details please see https://github.com/bisq-network/bisq/milestone/58

Here are the release notes from v1.6.3:

Release notes

This release ships the remaining functionality to create BSQ SegWit transactions to save on mining fees. You can also now easily create copies of existing (and past) offers. This release also leverages a new build system using an up-to-date Java runtime (Java 15) and UI library (JavaFX 15) that produces binaries that should be more reliable. And as always...there are many bug fixes and refinements. ​

Improvements

• Wallet changes for SegWit BSQ implementation
• Upgrade Java, JavaFX and binary packaging
  • Get rid of macOS security warnings and unnecessary key logging permission request
  • Getting LTS support (security fixes,...) for upgrading to Java 11 for compilation and Java 15 for runtime
  • Fix various UI issues on certain OSes due JavaFX upgrade to v15
• Functionality to duplicate an offer
• Add custom withdrawal transaction fee options on Send funds (BTC)
• Message sign verify functionality compatible with Bitcoin core & electrum
• Show a SPV resync suggestion if trade remains unconfirmed for 3 hours or more
• Allow Revolut username to be minimum 3 characters
• Disputes UI improvements
• Hide unnecessary bank id in offer details
• Tweak wording for takeOffer.fundsBox.isOfferAvailable
• CashByMail show terms and conditions upon taking an offer
• Add BTC node wubwzaadboxwiffa.onion

Bug fixes

• Wait for AckMessage before completing BuyerSendCounterCurrencyTransferStartedMessage task
• Fix shutdown persistence issue in Seednode
• Handle rounding of infinite Doubles

API

• Update apitest docs for bitcoin-core v0.21 compatibility
• Adjust to changing minimum tx fee rates
• Complete API support for BSQ/BTC trade pair
• Add api method createcryptopaymentacct
• Provide more offer & contract detail to CLI

Development & Documentation

• Generate more than 1 block(regtest)
• docs/build.md: Emphasize JDK requirements + formatting

Assets

No new assets.

Verification

Url of the signing key (Christoph Atteneder): https://bisq.network/pubkey/29CDFD3B.asc Full fingerprint: CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B

Import the key: curl https://bisq.network/pubkey/29CDFD3B.asc | gpg --import GPG prints a confusion warning: "This key is not certified with a trusted signature!" - See https://serverfault.com/questions/569911/how-to-verify-an-imported-gpg-key for background information what it means.

How to verify signatures? gpg --digest-algo SHA256 --verify BINARY{.asc*,} Replace BINARY with the file you downloaded (e.g. Bisq-1.6.4.dmg)

Known issues with installation

Windows:

There is a known issue with Anti Virus software. We got several reports from users running into different problems. Either the AV software blocks Bisq or Tor, delete files in the data directory [2] or app directory [1]) or cause such a long delay at startup that Tor gets terminated and a file remains locked which can cause that Bisq cannot be started afterwards. To resolve that you need to restart Windows then the lock get released. We are working on solutions to fix those issues.

If you use Crypto currencies on your Windows system be aware that Windows is much more vulnerable to malware than Linux or OSX. Consider to use a dedicated non-Windows system when dealing with cryptocurrencies.

[1] Application directory (contains application installation files): C:\Users<username>\AppData\Local\Bisq

[2] Data directory (contains all Bisq data including wallet): C:\Users<username>\AppData\Roaming\Bisq\btc_mainnet\tor (you can delete everything except the hiddenservice directory)

Linux:

Hint for Debian users: If you have problems starting Bisq on Debian use: /opt/bisq/bin/Bisq

If your Linux distro does not support .deb files please follow this instruction: cd ~/Downloads mkdir tmp cd tmp ar x ../Bisq-64bit-1.6.4.deb sudo tar Jxvf data.tar.xz sudo cp -rp opt/Bisq /opt/ That instruction is not tested on many different distros. If you encounter problems please report it in a Github issue so we can improve it.

Credits

Thanks to everyone who directly contributed to this release:

• @BtcContributor
• @cd2357
• @devinbileck
• @ghubstan
• @huey735
• @jmacxx
• @maxim-belkin
• @ripcurlx
• @sqrrm
• @wallclockbuilder
• @wiz

A special thanks to our first time contributor:

• @maxim-belkin :
  • Tweak wording for takeOffer.fundsBox.isOfferAvailable
  • docs/build.md: Emphasize JDK requirements + formatting

As well as to everyone that helped with translations on Transifex.

v0.6.0 - Javascript!

Executive Summary

This release support scalajs for both the crypto and core module. You can now use these modules from javascript.

We now support docker for our oracleServer and appServer projects. Follow these links for docker builds for appServer and oracleServer

We support the latest bitcoind rpc client (0.21.1) that has the taproot activation code baked into it.

Our libsecp256k1 pre-compiled binaries now support osx_arm64 which makes them compatible with the new M1 chip from Apple.

Finally, we had to re-write the git history for this release due to #2830 . This means previous commits have been re-written.

Contributors

101 Chris Stewart 49 benthecarman 44 Scala Steward 6 Nadav Kohen 6 rorp 2 Aris 1 saguywalker

Running Bitcoin-S

If you want to run the standalone server binary, after verifying gpg signatures, you can unzip bitcoin-s-server-0.6.0.zip and then run it with ./bin/bitcoin-s-server to start the node. You will need to configure the node properly first, you can find example configurations here.

You can then unzip the bitcoin-s-cli-0.6.0.zip folder and start using the bitcoin-s-cli like this:

```bashrc ./bin/bitcoin-s-cli --help Usage: bitcoin-s-cli [options] []

-n, --network Select the active network. --debug Print debugging information --rpcport The port to send our rpc request to on the server -h, --help Display this help message and exit ```

For more information on what commands bitcoin-s-cli supports check the documentation, here is where to start: https://bitcoin-s.org/docs/next/applications/server#server-endpoints

Verifying signatures

This release is signed with Chris's signing key with fingerprint 339A49229576050819083EB3F99724872F822910

To do the verification, first hash the executable using sha256sum. You should check that the result is listed in the SHA256SUMS.asc file next to its file name. After doing that you can use gpg --verify to authenticate the signature.

Example:

$ sha256sum bitcoin-s-server-0.6.0.zip 48585b6cb0e4ec29773bde619486cadd5fef6c0d480df54520bb52bea2f678b6 bitcoin-s-server-0.6.0.zip $ gpg --verify SHA256SUMS.asc gpg: Signature made Thu 04 Feb 2021 12:49:59 PM CST gpg: using RSA key 339A49229576050819083EB3F99724872F822910 gpg: Good signature from "Chris Stewart <stewart.chris1234@gmail.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 339A 4922 9576 0508 1908 3EB3 F997 2487 2F82 2910

Or you can verify all binaries at once with the following commands:

$ gpg -d SHA256SUMS.asc > SHA256SUMS.stripped $ sha256sum -c SHA256SUMS.stripped bitcoin-s-bundle-0.6.0.zip: OK bitcoin-s-cli-0.6.0.zip: OK bitcoin-s-cli-x86_64-apple-darwin: OK bitcoin-s-cli-x86_64-pc-linux: OK bitcoin-s-cli-x86_64-pc-win32.exe: OK bitcoin-s-gui-0.6.0.zip: OK bitcoin-s-oracle-server-0.6.0.zip: OK bitcoin-s-server-0.6.0.zip: OK

Website

https://bitcoin-s.org/

Releases

https://repo1.maven.org/maven2/org/bitcoin-s/

Snapshot releases

https://oss.sonatype.org/content/repositories/snapshots/org/bitcoin-s/

New modules

We added a few new modules in the 0.6. We will provide brief descriptions for the new modules below.

CoreJS & CryptoJS

This are scalajs compatible modules for our crypto and core projects. This means that you can now use the crypto and core modules in both the browser and nodejs runtimes.

TestkitCore

We split testkit into two modules this release. Now testkitcore is scalajs compatible, while testkit still takes in heavier weight JVM dependencies. testkitcore is used to test the scalajs projects like cryptoJS and coreJS.

c6c4e83e9eb Remove logging from testkit core (#2813)

1959495cec2 Add testkit-core module (#2726)

Lnd rpc client

This is a new lnd rpc client for the bitcoin-s project. You can now interact with a lnd daemon using bitcoin-s.

Not all lnd rpc functions are implemented as of this release.

8ec93c66322 Add protoc exception for apples new chip arch. This requires protoc to be built manually as they do not natively ship m1 support yet (#3013)

b874c1c54db Add Lnd macaroon to GRPC client settings (#2996)

07e0b19ec63 Add GetTransactions funciton to lnd (#2959)

be14de459ed Fix lnd build warning (#2899)

5310efc5aa0 Fix parsing comments in LndConfig (#2864)

825024fa1a0 Add sendouputs function to lnd rpc (#2858)

4055de7690f Inital LND rpc with some tests (#2836)

AsyncUtil

This is basic async functionality that is compatible with scalajs. This is used by testkitcore to test async code.

65cb0d16155 Move tests out of bitcoindRpcTest that belong in async-utils (#2796)

e06c9e44cc2 2021 03 09 async utils tests (#2781)

7a068ac036b 2021 02 25 async utils (#2725)

Suredbits Oracle Explorer Client

This is an implementation of our API for the oracle server. You can now use this to post announcements, and attestations to the oracle explorer. For more information on the API please see the docs.

eab5e51f34f Fix ExplorerEnv from string (#2968)

7b600bb5baf Add get oracle name to explorer client (#2969)

3916a0b58e5 2021 04 07 issue 2875 (#2879)

ac495647d9e Add website url to ExplorerEnv (#2868)

7968b234b77 Rework oracle explorer client to use new api paths (#2866)

a4454e83a18 Add helper functions for hashing annoucements for SbExplorerClient (#2861)

49b6d39ab46 Implement Oracle Explorer Client (#2838)

Scripts

This is a new module that provides useful scripts to run with bitcoin-s. We have two as of the time of this writing

1. ScanBitcoind - scans against bitcoind with a height range. You need bitcoind connection configured in your bitcoin-s.conf
2. ZipDatadir - compresses the bitcoin-s datadir into a .zip file
   

9ecea9f7103 2021 04 24 bitcoin s scripts (#2961)

136d6f50f9c 2021 04 19 Zip Bitcoin-s datadir (#2927)

Existing modules

App server

The primary changes in appServer are api bug fixes, adding new endpoints (estimateee) and using akka streams to improve efficiency when processing blocks from bitcoind.

84661bd122a Refactor BitcoinSRunner to use StartStopAsync

bf831ae32ec Fix lockunspent RPC (#2984)

6fbaf9f9ceb Add estimate fee cli command (#2983)

105942efa29 Use filters for bitcoind backend syncing if available (#2926)

0aa32916ab5 Implement workaround for spendinginfodb by rescanning to find missing spendingTxId (#2918)

4e1ace27069 2021 04 18 Use akka streams in BitcoindRpcBackendUtil.syncWalletToBitcoind (#2916)

b1be3347c99 Fix ZMQ Config with bitcoind backend (#2897)

Crypto

The primary changes in the crypto module are adding support for ecdsa adaptor signatures which are a fundamental primitive discreet log contracts.

The other major change in the crypto module is adding support for scalajs. To implement this we decided to use bcrypto as the javascript implementation of crypto.

To do this, we now have a CryptoRuntime trait that gives an interface to be implemented against for generic crypto runtimes support in bitcoin-s.

7fd9aca3047 Add Schnorr and Adaptor Secp Bindings and Update Adaptor (#2885)

c2409b46c4d Silence scalajs warnings for org.bitcoins.crypto package (#2822)

e6899b20b1f Made ECPrivateKey signing synchronous and got src compiling (#2652)

85f6ee889c1 Adaptor signatures for Scala.js (#2794)

911fca5825d Schnorr js (#2805)

78448b277c9 Revert "Schnorr sigs for Scala.js (#2784)" (#2802)

8e7bde0ed93 Schnorr sigs for Scala.js (#2784)

7e23eecb201 SipHash for Scala.js (#2797)

5a2f95c38e1 WIP: Implement bcrypto facades (#2743)

e59057483f0 Resturcutre cryptoTest & coreTest to work with scalajs build (#2731)

5ba7b553b04 2021 02 27 dersignatureutil mv (#2730)

c90f318fd77 Refactor crypto module to be compatible with Scala.js part 1 (#2719)

b1fc575ff54 CryptoRuntime abstraction (#2658)

Core

This release begins incorporating discreet log contract data structures in our core module.

This module also now supports scalajs.

There are also performance improvements and bug fixes in this release for core

279b93f9e0d Rework P2SHScriptSignature.isStandardNonP2SH() (#2963)

a3954dbcaec 2021 04 17 spendinfodb invariant (#2912)

8b8d5dcc0ec Fix conversion from sats/vb to sats/kw (#2895)

85fb931cbac Implement BIP32Path.fromHardenedString(). (#2886)

68a82deac33 Initial DLC Templates (#2847)

fa80f36d2fb Get all of Core working with JS (#2826)

8cd481650dd Fix potential unordered nonces in announcement (#2831)

7aa3ccd9742 Attempt to find type name when parsing incorrect tlv type (#2820)

50d4e1f9698 Move hard coded test vectors from resource files into scala files (#2818)

07514e2348f Remove logging from core (#2810)

b0f7d6f26b7 Implement bech32m (#2572)

12bff309c2f Add Broadcast TxoState (#2735)

8b6c0652a23 Completely remove range event descriptors (#2764)

f322a74ab09 2021 02 21 cheap redeemscript check (#2707)

63e44974f77 2021 02 20 number byte representation (#2703)

a0476e979a2 Decrease false positive rate to avoid spurious CI failures (#2698)

b30fdf88ca1 Fix normalized string comparison (#2695)

74a30fe9b89 Optimized sigPoint computation to use non-custom secp functions (#2665)

bcd2df60518 Compute sigPoints eagerly but asynchronously (#2642)

e68ffb49da7 Use specific functions for Oracle Signing version (#2659)

d1cc5e0ade5 Refactor HDCoinType to be ADT (#2657)

097fa24e586 Create ScriptFactory.isValidAsm() to standardize how check validity o… (#2629)

ea75d62571e Add number cache trait, use it in all number types (u8,u32,etc) and S… (#2627)

bbd1dbc15d2 Do cheap checks in predicates first before more expensive ones (#2628)

0d38721b3d6 Added utilities to created linear approximations of Long => Long functions (#2537)

Chain

Bug fixes and usage of caching of bitcoind for chain tests.

a27d4acd9f1 Get FilterSync test working with cached bitcoind in chainTest project (#2952)

85087b0f70d Refactoring chain (#2662)

Db commons

Unique naming of database connection pools and reduce the amount of logging.

db45ef9ca20 Name each database connection pool uniquely (#2973)

4f1f53e7ada Bump hikari logging interval to 10 minutes (#2888)

Fee Provider

Small quality of live improvements.

c7b717fa910 Allow HttpFeeRateProvider to have a specified return type (#2970)

Node

Some refactoring and improvements to get CI passing reliability.

e3017fd17d7 Peer Message Receiver Refactor (#2938)

16538980e35 Fix missing super.stop() to shutdown DbAppConfig db connection pool (#2943)

7764828b3a7 Bump timeout on bind to avoid spurious ci failures hopefully (#2791)

Wallet

This wallet release moves all OS resources such as threads into WalleAppConfig. Now you need to call WalletAppConfig.stop() to free those resources. Now you can treat the Wallet data structure as any old Scala/Java object rather than having to worry about leaking resources.

There are also a variety of bug fixes and performance improvements in this release.

27afb662206 2021 04 23 issue Move rebroadcast scheduling into WalletAppConfig (#2957)

cbfbdd17bab Call .hex on all txIds and blockhashes in logs for TxProcessing (#2939)

c95c0f97069 Move wallet scheduler into WalletAppConfig (#2933)

13fc3c2b4e7 2021 04 18 Reset txo state when overwriting spendingTxId (#2919)

38fdbb33c4f Add test for tx that doesn't originate from wallet (#2932)

238c083aade 2021 04 18 wallet received txo state (#2914)

d0629486aba Wallet Rebroadcast Transactions thread (#2711)

c3c96a61c32 Reduce fee rate for spending coinbase utxos (#2815)

9494eec1b8e Move blockhash to tx table from spending info table (#2744)

bf4afd63d1a Begin re-introducing parallelism in the wallet to make everything faster (#2705)

1a2ddf6a0d6 Reduce usage of .findAll() (doesn't scale for large dbs). Now pass in… (#2706)

b63333327fb Allow implicit execution context to be passed in to RescanHandling.findMatches() & RescanHandling.fetchFiltersInRange() (#2704)

a5252b20baa Bump the timeout for address queue exception test to make sure we get correct exception (#2697)

Secp256k1jni

libsecp256k1 natives for the new osx_arm64 used by the m1 chip.

1339abe410e 2021 05 02 m1 secp256k1 natives (#3014)

Testkit

This release for testkit focuses on fixing resource leaks in the fixture code. There were multiple places we were not shutting down threads and connection pools through out the testkit project.

This project also introduces the CachedBitcoind abstraction. Previously we would spin up a new bitcoind for EVERY test that is ran. This is obviously inefficient.

Now we cache a bitcoind and re-use it for the entire test suite. This improves CI reliability greatly, and reduces required resources to run our test suites.

a2911f31edf Fix race condition with BitcoindChainHandlerViaZmqTest (#2990)

38baea5e245 refactor BitcoindRpcTestUtil test methods to take ZmqConfig rather than zmqPort (#3002)

f792fb34801 Fix database pool name for postgres database connection pools (#2997)

77cd94ac41a 2021 04 27 wallet fixtures config (#2980)

85fed08c581 Reduce pg connections from 300 -> 50 in test cases (#2974)

73939a15fc0 Call WalletAppConfig.stop() when destroying wallet in test fixtures (#2975)

3483a461f1b Don't wrap pg.close() in a Try and then do nothing with it, propogate the exception (#2972)

de5f7fc7f9d Reduce number of threads in postgres connection pool for tests (#2931)

19319494cd7 2021 04 19 Cleanup after ourselves in postgres tests (#2921)

2287c6ced99 Implement caching of bitcoind in the walletTest,nodeTest, and partially bitcoindRpcTest project (#2792)

392eb316f66 Add guard for the case when listFiles returns null (#2696)

DLC oracle

This release makes the oracle have its own directory $HOME/.bitcoin-s/oracle

We also now provide the ability to delete and oracle's signatures. This is useful for when you accidentally submit signatures for an attestment, but don't publish it anywhere.

** DELETING SIGNATURES AND RE-ATTESTING CAN BE DANGEROUS, YOU CAN LEAK YOUR PRIVATE KEY IF YOU BROADCAST THE PREVIOUS ATTESTATIONS **

3dbeac276ee Add ability to delete Oracle signatures (#2851)

2a6da6a4eae Fix DLCOracle to be Network Agnostic (#2749)

a0180884c51 Make sure DLCOracleAppConfig creates the oracle directory (#2720)

93ec7ed4cbc Change oracle db to have its own directory (#2667)

Oracle Server

The theme for the oracle server release is segregating the oracleServer configuration from the appServer configuration.

There is also simplifications and bug fixes included in this release for the oracle server.

4bf4f0a0276 Add signed outcome to getevent rpc, fix other small api bugs (#2757)

7aa68998f1e Correct log location and logs for oracle server (#2722)

d94a4ed87ec 2021 02 15 appserver docker (#2673)

a78de18815b Fix docs to use correct oracle server port (#2666)

931a528723a Give oracle server its own port (#2653)

86566c575d2 Simplify oracle server RPC api (#2656)

Bitcoind rpc

This release includes a rpc client compatible with the 0.21.1 release of bitcoin core that includes taproot activation logic.

There are also various bug fixes included in this release.

52f609e235b Use bitcoind v0.21.1 (#3006)

e064cd77eaf Fix missing teardown code for MultiWalletRpcTest (#2946)

d726c498d07 Have BitcoindV21RpcClientTest wait for indexes to sync (#2855)

bfe7b3fb6f4 Create NativeProcessFactory, extend it in both Client.scala & EclairRpcClient.scala (#2800)

5b4aac5178b Refactor starting second bitcoind in MempoolRpcTest, remove Thread.sleep (#2776)

355fc6eefc8 Wrap entire Client.getPayload() into try catch to avoid exceptions leaking (#2767)

be18b1baf27 Cache httpClient in bitcoind, rename Test.akkaHttp -> Test.akkaHttpTestkit (#2702)

Documentation / Website

ff399457776 More release notes updates, mostly add boiler plate (#3018)

2e8790f3e5b Add descriptions for new projects (#3016)

7dc6acdce64 Add missing list resevedutxos docs (#3015)

d6f275b359d Redo release notes draft as we rewrote the git history (#3011)

93822c71ec2 Make sure call ci matrixs run on java11 (#2985)

acac751c5b1 Updated links in adaptor signature doc (#2950)

b80b039457e Lnd rpc docs (#2896)

5abf399e40a Use markdowns detail tags to collapse optional sections, remove the secp256k1 section on getting-setup.md (#2890)

bb379ecfcf4 Add docs for using CachedBitcoind (#2880)

17e088d8f0c 2021 04 07 first 0.6 release notes (#2872)

89c2e6c9a90 Add testkit-core.md (#2881)

c3e952a18b5 Add docs for getblockheader (#2811)

9b954c9c03d Make website publish work with teh latest stable version (#2766)

d03bb2d22d8 Make it clear on the getting-setup.md page that this is only for development, you can find binaries in getting-started.md (#2759)

e61e0cdb5b0 Update docs to use the latest docker image names (#2758)

b7030bb66ae 2021 02 19 dockerhub docs (#2693)

f4d0f369ec4 2021 02 10 Website fixes (#2643)

f8694eb097d Fix/typos (#2633)

593b1e2ce15 Update README to have correct latest version (#2631)

Build

991ce382085 Use release flag rather than target flag as that is what is intended (#2976)

4c859f1ad16 Add timeouts to our CI workflows (#2908)

c738f23e58b Fix build warnings that came with sbt 1.5.0 (#2857)

eb9b2de38b7 Enable scalajsbundler plugin on coreJS (#2853)

2554665e89e Enable publishing of scalajs artifacts (#2849)

60c1ad19196 Rework the website scaladoc aggregation and website (#2846)

a275668734c Update gitignore file with recommendations from unidoc (#2845)

00df875ec29 update Base docker image to a ubuntu buster (#2799)

49544fc7f3a Turn off parallelExecution and remove extra AsyncUtil test class (#2790)

7245eb0ec94 Update all deps that failed because of bad build (#2774)

aed21f02c7d Add fetch depth zero to everything to fix bug introduced in #2766 (#2773)

8a4739d5093 2021 03 04 fix publish pt2 (#2763)

6b4812848b8 Add new JS projects to list in build.sbt (#2761)

99c5d6e29bc Enable 'dockerUpdateLatest' option to give us the latest tag on publishing artifacts (#2752)

63e1320f527 Fix unidoc issue with scala-js modules, this now ignores them from un… (#2742)

2d25fe41abc Skip publishing of js projects (#2734)

94934e113dc Rework docker configuration to pass in a custom configuration file (#2718)

203b45c1409 Workaround for issue 2708 (#2709)

477597ea72f Set fetch-depth to 100 so we don't take forever to clone repo on ci (#2694)

56a14325e1c Get basic docker image working with oracle server (#2668)

2f85b67c3ff Add github workflow steps to publish to dockerhub (#2684)

d27f24e1908 Make sure dynver versions use '-' instead of '+' (#2681)

89745c201a8 Add --depth 100 restriction when cloning bitcoin-s repo to speed up clone time (#2674)

Dependencies

e7d34a9ba93 Update metrics-core to 4.1.21 (#3003)

56d177bb67a Update javafx-base, javafx-controls, ... to 17-ea+8 (#2978)

0f8903e67e1 Upgrade to scalac 2.12.13 (#2509)

e6d78c7c085 Update sbt-scoverage to 1.7.0 (#2982)

0bf6df77a59 Update scalatest + scodec deps (#2937)

7a73dc5cbb2 Update sourcecode to 0.2.6 (#2928)

0cad0edaaf5 Update metrics-core to 4.1.20 (#2958)

23d77b2f43b Update sbt to 1.5.1 (#2971)

a194adba988 Update scalafx to 16.0.0-R22 (#2942)

00efd8bccc3 Update scala-java-time to 2.2.2 (#2941)

27752062d44 Update postgresql to 42.2.20 (#2945)

27992ed37da Update sbt-mdoc to 2.2.20 (#2930)

0d546f3b65b Update javafx-base, javafx-controls, ... to 17-ea+7 (#2911)

b5b98492aae Update breeze-viz to 1.2 (#2907)

b6337b834db Bump website dependencies by running yarn update (#2884)

ce36112da22 Update akka-actor, akka-discovery, ... to 2.6.14 (#2878)

112067c905e Update metrics-core to 4.1.19 (#2877)

969dee78f6a Update javafx-base, javafx-controls, ... to 17-ea+6 (#2852)

a2628cacd13 Update scala-java-time to 2.2.1 (#2862)

89e84fff676 Update sbt to 1.5.0 (#2854)

4d2532538bb Update sourcecode to 0.2.5 (#2848)

832d9308b5c Update scalatest to 3.2.7 (#2843)

6e574931c6f Update sbt-scalajs, scalajs-compiler, ... to 1.5.1 (#2837)

703f9585efc Update scala-collection-compat to 2.4.3 (#2834)

a9ccf233661 Update sbt-mdoc to 2.2.19 (#2833)

c2e054d906b Update scodec-bits to 1.1.25 (#2835)

85ff255df3d Update akka to v10.2.4 (#2832)

2cc2da97616 Update javafx-base, javafx-controls, ... to 17-ea+5 (#2829)

c5a3b5ac3ff Update sbt-ci-release to 1.5.7 (#2819)

1daba85ddf0 Update javafx-base, javafx-controls, ... to 17-ea+3 (#2804)

fba880e5a92 Update sbt-native-packager to 1.8.1 (#2798)

77ee3f7e8da Update sbt-ci-release to 1.5.6 (#2789)

ecae07c8e1d Update javafx-base, javafx-controls, ... to 17-ea+2 (#2728)

06654f4e050 Update akka-http, akka-http-testkit to 10.1.14 (#2723)

54dc8243910 Update metrics-core to 4.1.18 (#2716)

eb24b183635 Upgrade scalac to 2.13.5 (#2713)

07488dd3f38 Update akka-actor, akka-slf4j, akka-stream, ... to 2.6.13 (#2714)

fca9e4b7d06 Update scalatest to 3.2.5 (#2687)

fe70391d0be Update sbt-bloop to 1.4.8 (#2683)

fb2e5d52e37 Update postgresql to 42.2.19 (#2686)

a19f35e6035 Update scalatest to 3.2.4 (#2677)

42f35232105 Update sbt-mdoc to 2.2.18 (#2676)

e4b0f1ff428 Update scala-collection-compat to 2.4.2 (#2670)

775aa67975c Update scodec-bits to 1.1.24 (#2671)

d929af4f9ac Update scalacheck to 1.15.3 (#2669)

0d5863b2f50 Update sbt-bloop to 1.4.7 (#2661)

a5d592ac404 Update javafx-base, javafx-controls, ... to 16-ea+7 (#2654)

19b47b8eb93 Update janino to 3.1.3 (#2559)

0c9bba8267c Update sbt-mdoc to 2.2.17 (#2632)

Main changes

Display fees for pay-to-open in settings

The fees for on-the-fly channel creation is now visible at any time in settings > payments options and fees

Display swap-in fees in-view

The swap-in modal dialog has been removed and information about the swap-in feature and the fees are now displayed in-view.

Complete list of changes

• app: https://github.com/ACINQ/phoenix/compare/v1.4.10...v1.4.11

Verifying signatures

You will need gpg and our release signing key 7A73FE77DE2C4027. Note that you can get it: - from our website: https://acinq.co/pgp/drouinf.asc - from github user @sstone, a committer on eclair: https://api.github.com/users/sstone/gpg_keys

To import our signing key: $ gpg --import drouinf.asc

To verify the release file checksums and signatures: $ gpg -d SHA256SUMS.asc > SHA256SUMS.stripped $ sha256sum -c SHA256SUMS.stripped

Umbrel v0.3.10 is here with Taproot ready Bitcoin Core v0.21.1, the new BlueWallet Lightning app in the Umbrel App Store, and Tor connection support for BlueWallet on both iOS and Android.

If you face any difficulties while updating, please message us on Telegram: https://t.me/getumbrel

Diff: https://github.com/getumbrel/umbrel/compare/v0.3.9...v0.3.10

New

• Tor support
• Hierarchy Navigator (List of addresses)
• Slip39 wallets (Shamir's Secret Sharing)
• PSBT for all HD watch-only wallets
• mempool.space as the main explorer

Fixed

• Complication was showing cents
• Dark mode makes text illegible
• Carousel padding and Scan button crash
• Remove leading zero when doing local currency
• QR code scanning from file doesn't work on Android
• Speeded up electrum (caching of some requests)
• Move general tools under wallet details to "tools" menu
• Move Privacy under General tab
• layout on invoice view
• Multsig layout fixes
• Refresh wallet if it never been done
• Easier pairing with HW wallets
• Derivation & Fingerprint visible only in advanced mode

Languages updates

Finnish, German, Dutch, Portuguese Brazilian, Slovenian, Persian, Spanish, Polish, French, Welsh, Hebrew, Japanese, Romanian Join us here → https://www.transifex.com/bluewallet/bluewallet

Download

Bitcoin Core version 0.21.1 is now available from:

https://bitcoincore.org/bin/bitcoin-core-0.21.1/

For the release notes please see the git repository:

https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md

Preferably use the above download link, not the links provided by GitHub to download the source tarball, as the release tarballs are generated deterministically whereas GitHub's are not.

A newer version is already available! Please don’t use this version anymore.

Release notes

This release ships the remaining functionality to create BSQ SegWit transactions to save on mining fees. You can also now easily create copies of existing (and past) offers. This release also leverages a new build system using an up-to-date Java runtime (Java 15) and UI library (JavaFX 15) that produces binaries that should be more reliable. And as always...there are many bug fixes and refinements. ​

Improvements

• Wallet changes for SegWit BSQ implementation
• Upgrade Java, JavaFX and binary packaging
  • Get rid of macOS security warnings and unnecessary key logging permission request
  • Getting LTS support (security fixes,...) for upgrading to Java 11 for compilation and Java 15 for runtime
  • Fix various UI issues on certain OSes due JavaFX upgrade to v15
• Functionality to duplicate an offer
• Add custom withdrawal transaction fee options on Send funds (BTC)
• Message sign verify functionality compatible with Bitcoin core & electrum
• Show a SPV resync suggestion if trade remains unconfirmed for 3 hours or more
• Allow Revolut username to be minimum 3 characters
• Disputes UI improvements
• Hide unnecessary bank id in offer details
• Tweak wording for takeOffer.fundsBox.isOfferAvailable
• CashByMail show terms and conditions upon taking an offer
• Add BTC node wubwzaadboxwiffa.onion

Bug fixes

• Wait for AckMessage before completing BuyerSendCounterCurrencyTransferStartedMessage task
• Fix shutdown persistence issue in Seednode
• Handle rounding of infinite Doubles

API

• Update apitest docs for bitcoin-core v0.21 compatibility
• Adjust to changing minimum tx fee rates
• Complete API support for BSQ/BTC trade pair
• Add api method createcryptopaymentacct
• Provide more offer & contract detail to CLI

Development & Documentation

• Generate more than 1 block(regtest)
• docs/build.md: Emphasize JDK requirements + formatting

Assets

No new assets.

Verification

Url of the signing key (Christoph Atteneder): https://bisq.network/pubkey/29CDFD3B.asc Full fingerprint: CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B

Import the key: curl https://bisq.network/pubkey/29CDFD3B.asc | gpg --import GPG prints a confusion warning: "This key is not certified with a trusted signature!" - See https://serverfault.com/questions/569911/how-to-verify-an-imported-gpg-key for background information what it means.

How to verify signatures? gpg --digest-algo SHA256 --verify BINARY{.asc*,} Replace BINARY with the file you downloaded (e.g. Bisq-1.6.3.dmg)

Known issues with installation

Windows:

There is a known issue with Anti Virus software. We got several reports from users running into different problems. Either the AV software blocks Bisq or Tor, delete files in the data directory [2] or app directory [1]) or cause such a long delay at startup that Tor gets terminated and a file remains locked which can cause that Bisq cannot be started afterwards. To resolve that you need to restart Windows then the lock get released. We are working on solutions to fix those issues.

If you use Crypto currencies on your Windows system be aware that Windows is much more vulnerable to malware than Linux or OSX. Consider to use a dedicated non-Windows system when dealing with cryptocurrencies.

[1] Application directory (contains application installation files): C:\Users<username>\AppData\Local\Bisq

[2] Data directory (contains all Bisq data including wallet): C:\Users<username>\AppData\Roaming\Bisq\btc_mainnet\tor (you can delete everything except the hiddenservice directory)

Linux:

Hint for Debian users: If you have problems starting Bisq on Debian use: /opt/Bisq/Bisq

If your Linux distro does not support .deb files please follow this instruction: cd ~/Downloads mkdir tmp cd tmp ar x ../Bisq-64bit-1.6.3.deb sudo tar Jxvf data.tar.xz sudo cp -rp opt/Bisq /opt/ That instruction is not tested on many different distros. If you encounter problems please report it in a Github issue so we can improve it.

Credits

Thanks to everyone who directly contributed to this release:

• @BtcContributor
• @cd2357
• @devinbileck
• @ghubstan
• @huey735
• @jmacxx
• @maxim-belkin
• @ripcurlx
• @sqrrm
• @wallclockbuilder
• @wiz

A special thanks to our first time contributor:

• @maxim-belkin :
  • Tweak wording for takeOffer.fundsBox.isOfferAvailable
  • docs/build.md: Emphasize JDK requirements + formatting

As well as to everyone that helped with translations on Transifex.

Maintenance release to update unchained libraries.

See our blog post for an overview of this new release.

Improvements:

• Improving navigation between files and storage services and rewording info text (#2272) @rockstardev
• UI: Header and navigation improvements (#2412 #2378) @dennisreimann @dstrukt
• Plugins will be disabled in the case of an unrecoverable runtime error caused by a plugin @Kukks
• UI: Improve Lightning setup page (#2348 #2477) @dennisreimann @dstrukt
• Greenfield: Provides unconf/conf balance, keypath + address + timestamp + confirmation count of utxos @Kukks
• Add BTCPAY_TOR_SERVICES configuration to expose tor services via the server settings. Useful for integration with self-hosted node such as Umbrel (#2388) @Kukks @junderw
• Payment methods can be toggled directly from the update store page, rather than inside the page of each payment method (#2469) @dennisreimann
• Start separation of Coinswitch feature and Shopify integration as plugins (#2384 #2390) @Kukks
• Greenfield: Ability to pass more query parameters to filter results of api/v1/invoices @SakerOmera
• Human friendly error if webhook or webhook delivery not found @NicolasDorier
• Add button to copy API key to clipboard (#2439) @ubolator

New features:

• Support WebAuthN/FIDO2 as second factor @Kukks
• Can get a receive address in the wallet accepting Payjoin (without creating an invoice) @Kukks
• Can disable modification of SSH settings via the server settings to prevent escalation of privilege. (See #2468) @NicolasDorier
• Manual coin selection has a "confirmed utxo" filter @Kukks
• Greenfield: Can query fee rate @Kukks
• New setting for checkout: Ability to activate specific payment methods after the creation of the invoice @xpayserver @Kukks @rockstardev

Bug fixes:

• Fix: Clicking on "Unreserve this address" was not properly reflected in the UI @Kukks
• Fix: Block explorer links for signet @kristapsk
• Fix: Typo in PoS cart view (#2428) @MaxHillebrand
• Allow accessing "misc/lang" endpoint with Greenfield auth schemes (#2471) @bolatovumar
• Greenfield: Fix typo of webhook type OrignalDeliveryId => OriginalDeliveryId @NicolasDorier
• If the posData property of invoice metadata was not a JObject, the invoice would crash @Kukks
• If a store was created via the Greenfield API, warning signs of unconfigured stores would not appear. (Fix #2434) @bolatovumar
• Do not crash if plugin folder mismatches plugin identifier @Kukks
• Fix notification count on mobile (#2483) @dennisreimann
• Fix: Passing invalid query parameters or route value in the Greenfield API should returns HTTP 422 + validation details rather than empty 400. @NicolasDorier
• Greenfield: Deleting a store in the server, should delete only webhooks of this store @NicolasDorier

Miscellaneous

• Add user id in logs when somebody logs in. @NicolasDorier
• Fix: Json type in doc API @g33kme

Binaries

There are two types of binaries:

Specter Desktop

It's a windowed GUI application with Specter server included. Supported platforms: Windows, MacOS, Linux (x86_64)

Note on Linux: you need to set up udev rules (included in the archive). Check out readme.

Note on macOS: The current build supports only macOS Catalina (10.15) or higher. If you'd like to run Specter on an older macOS version, you can install Specter from Pip.

specterd

It's a command-line program that only runs Specter server. Supported platforms: Windows, MacOS, Linux (x86_64)

Signatures and hashes

sha256.signed.txt file contains sha256 hashes of all binary files and signed with @ben-kaufman's GPG key. You can get the public key from here: https://benkaufman.info/ben-kaufman.asc. It is also available via keys.gnupg.net or keys.openpgp.org. Fingerprint of the key is 5DF6 A760 1DB8 B78E BDEC 18DB 5D27 DE56 4153 F2BD, short id: 5d27de564153f2bd

Release notes

• Feature: Add unconfirmed tx fees data #1085 (benk10)
• Feature: Use RPCAuth instead of username + password #1093 (benk10)
• Feature: Return to/ cancel setup process #1091 (benk10)
• UIUX: Show user-friendly error messages when session expires #1087 (benk10)
• UIUX: Use Bitcoin icon set #1080 (benk10)
• Docs: Update faq.md #1123 (Kim Neunert)
• Docs: added build-instructions #1077 (Kim Neunert)
• Bugfix: BitBox02 timeout issue #1090 (benk10)
• Bugfix: Fix crash if estimatesmartfee fails #1086 (benk10)
• Bugfix: typo/exception #1102 (djpnewton)
• Bugfix: #1073 #1094 (benk10)
• Bugfix: #987 #1088 (benk10)
• Bugfix: arrow down svg #1125 (benk10)
• Bugfix: del user with wallets #1126 (Stepan Snigirev)
• Bugfix: month names #1069 (Kim Neunert)
• Bugfix: truncated PDF #1095 (benk10)
• Bugfix: UI issues #1084 (benk10)
• Bugfix: using correct image for gitlab #1127 (Kim Neunert)
• Bugfix: Improve tx-table and addresses-table render performance #1122 (Will Cosgrove)
• Chore: Bump y18n from 5.0.4 to 5.0.8 in /pyinstaller/electron #1114 (dependabot[bot])
• Chore: Refactoring new device setup #1111 (benk10)
• Chore: allow python version 3.9.X after upgrade to HWI 2.0.1 #1104 (djpnewton)
• Chore: upgrade wait-on and axios #1124 (Kim Neunert)
• Chore: refactor check_methods out of specter #1106 (Kim Neunert)
• Chore: Refactor setup wizard #1120 (benk10)

Tor by default, 64-bit base image, update apps, migration from other node projects

Umbrel v0.3.9 brings up to 5x faster performance, a brand new way to troubleshoot, always online Lightning node, wider support for SSDs and enclosures, connection support for LilyWallet, bug fixes, and more.

Note: It may take up to 5 minutes for Lightning and Bitcoin Core data to appear after the update.

If you face any difficulties while updating, please message us on Telegram: https://t.me/getumbrel

Diff: https://github.com/getumbrel/umbrel/compare/v0.3.8...v0.3.9

Main changes

Reject invoices that have already been paid

The app now checks if an invoice has already been paid before sending. This does not work if the app has been restored and the payment is not in the database anymore.

Add information notice when the pay-to-open and swap-in features are disabled

Channel creation features involve on-chain operations and may be disabled when the mempool is congested. The app now degrades gracefully and properly informs the user, and also prevents using the swap-in feature.

Note that in that case the user is still able to receive using existing channels.

Complete list of changes

• app: https://github.com/ACINQ/phoenix/compare/v1.4.9...v1.4.10

Verifying signatures

You will need gpg and our release signing key 7A73FE77DE2C4027. Note that you can get it: - from our website: https://acinq.co/pgp/drouinf.asc - from github user @sstone, a committer on eclair: https://api.github.com/users/sstone/gpg_keys

To import our signing key: $ gpg --import drouinf.asc

To verify the release file checksums and signatures: $ gpg -d SHA256SUMS.asc > SHA256SUMS.stripped $ sha256sum -c SHA256SUMS.stripped

This is a Pre-release. It's mostly relevant for people who want to test the Fix for the Bitbox2 issue: https://github.com/cryptoadvance/specter-desktop/pull/1090

Main changes

This release fixes an issue with channels opening, where on-the-fly channel creation could timeout immediately if device's clock was off.

Complete list of changes

• app: https://github.com/ACINQ/phoenix/compare/v1.4.8...v1.4.9
• core: https://github.com/ACINQ/eclair/compare/v0.4.9-android-phoenix...v0.4.10-android-phoenix

Verifying signatures

You will need gpg and our release signing key 7A73FE77DE2C4027. Note that you can get it: - from our website: https://acinq.co/pgp/drouinf.asc - from github user @sstone, a committer on eclair: https://api.github.com/users/sstone/gpg_keys

To import our signing key: $ gpg --import drouinf.asc

To verify the release file checksums and signatures: $ gpg -d SHA256SUMS.asc > SHA256SUMS.stripped $ sha256sum -c SHA256SUMS.stripped

New

• RTL language support
• Allow send MAX and BATCH for all wallet types
• ANG and AWG currencies
• Show fingerprint and derivation path for HD wallets

Fixed

• Aezeed onchain correct zpub
• Address input QRcode denomination reset
• Currency rates loader, add LPB new rate source
• Import procedure improvements

Languages updates

French, Chinese (Simplified), Chinese (Traditional), Finnish, German, Dutch, Portuguese Brazilian, Greek, Indonesian, Italian, Japanese, Turkish, Polish, Persian, Romanian, Spanish and Czech . Join us here → https://www.transifex.com/bluewallet/bluewallet

Download

Summary

This is a trivial fix for letting our users be able to recover from 12, 15, 18, 21, 24 Recovery Words.

Newbie Guide

While setting up Wasabi is straightforward, even a Linux wizard with the longest beard can get stuck on the most basic tasks. Consider taking a look at the Installation Instructions guide.

Advanced Guide

If you want to build Wasabi from source code or update the source code check out these instructions.

From version 1.1.3 Wasabi also introduces reproducible builds: Deterministic Build Guide

Build with .NET Core 3.1.407-win-x64.

FAQ

• Frequently asked questions here.
• Requirements? x64, Linux, >Win10, >macOS 10.13.

Release Notes

• BugFix https://github.com/zkSNACKs/WalletWasabi/pull/5510

A newer version is already available! Please don’t use this version anymore.

This is a hotfix release that fixes an issue with SPV resync introduced in v1.6.0 and fixes a minor bug in the portfolio view when price nodes aren't available.

For more details please see https://github.com/bisq-network/bisq/milestone/56?closed=1

Here are the release notes from v1.6.0:

Release notes

This release ships the official beta release for the Bisq API! It has been tested on mainnet, but is still in beta, so please be careful.

Other highlights: absolute minimum deposits have now been lowered from 0.006 BTC to 0.001 BTC. Maker and taker fee transactions are now verified via mempool.space to reduce trade issues, and mediation and arbitration were improved as well. And as always, there are many bug fixes and refinements.

Also important: this release ships part of 1 of 2 for BSQ SegWit implementation. It prepares the network for handling SegWit BSQ transactions (activation block is 680300, around 2021/04/25 -- all full nodes should update to 1.6.0+ before that time). Shortly after this activation point, the wallet code (https://github.com/bisq-network/bisq/pull/5109) will be merged into master for testing so that the full BSQ SegWit update is shipped in the following release.

DAO

• Implement Segwit for BSQ - Step 1/2

UI

• Update commands for mediator/refund agent registration
• Fix copy of BankName value + BranchId/BankId
• Changes "Verify result" to "Check signature"
• Fix dark mode readability of specific texts
• Fix Set Password text button
• Fix key shortcut documentation when using CMD+Y
• Replace Slack with Keybase
• Fix opening of proposal links in DAO on Windows
• Fix length check text on manual payout tool
• Fix ClassCastError in portfolio history summary popup

Trading

• Lower min deposit to 0.001 BTC
• Add pop-up warning for trading with risky payment methods
• Verify maker & taker fee transactions via Mempool lookup
• Allow default fee values in leniency checks
• Fee validation leniency using old DAO param values
• Improve portfolio history
• Add NGN as a default currency
• Add pay from BSQ wallet button
• Prevent trading when not connected to the Bitcoin network
• Fix Multiple Warnings on Enable All Offers

Wallet

• Add coin input control
• Fix race condition in BTC sent confirmation popup

Reliability

• Prevent persist at startup, flush at backup
• Fix mailbox bootstrap issue

Privacy

• Upgrades Tor to v0.4.5.7

Mediation/Arbitration

• Improve chat functionality of mediation/arbitration: 1, 2
• Improve mediation tools / logging

API

• Add long running api tests
• Improve takeoffer error handing
• Disambiguate payment acct json form's "country" field
• Improve apitest docs
• Document test harness dispute agent registration
• Avoid null pointer exception due to null fee while wrapping tx in TxInfo
• Prevent creation of new offers with incompatible payment accounts
• Fix CLI number opt validation, improve server-not-up msg
• Fix call rate metering interceptor bug
• Fix API startup's wallet.init failure when wallet is encrypted
• Improve gRPC server error logging
• Display buyer's cost in api's gettrade output
• Refactor apitest cases to use GrpcClient
• Refactor grpc stub boilerplate from CliMain to GrpcClient
• Adjust api to new minimum fee per vbyte
• Add CLI testing bot to :apitest

Development

• Document tor upgrade steps
• Add step for signature creation for Arch Linux
• Fix typo in test

Assets

No new assets.

Verification

Url of the signing key (Christoph Atteneder): https://bisq.network/pubkey/29CDFD3B.asc Full fingerprint: CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B

Import the key: curl https://bisq.network/pubkey/29CDFD3B.asc | gpg --import GPG prints a confusion warning: "This key is not certified with a trusted signature!" - See https://serverfault.com/questions/569911/how-to-verify-an-imported-gpg-key for background information what it means.

How to verify signatures? gpg --digest-algo SHA256 --verify BINARY{.asc*,} Replace BINARY with the file you downloaded (e.g. Bisq-1.6.2.dmg)

Verify jar file inside binary: You can verify on OSX the jar file with: shasum -a256 [PATH TO BISQ APP]/Bisq.app/Contents/Java/Bisq-1.6.2.jar The output need to match the value from the Bisq-1.6.2.jar.txt file.

Known issues with installation

macOS Catalina:

Bisq can't be opened because Apple cannot check it for malicious software

This happens the first time Bisq is run on macOS Catalina. It is because a new security feature in Catalina has newer requirements of how apps are packaged. We are working on ways to address this (see #3402 and #4196 for details).

Workaround: Right click on the installed Bisq app > Click Open (warning popup shown again, but with new button available) > Click Open

Bisq would like to receive keystrokes from any application.

Discussed in issue https://github.com/bisq-network/bisq/issues/3373, you will see a permission request in the latest macOS version that Bisq wants to receive keystrokes from any application. Unfortunately that is an issue for all Java applications that are run on Catalina right now. We are investigating already how to solve this issue and will fix in one of our next updates.

Windows:

There is a known issue with Anti Virus software. We got several reports from users running into different problems. Either the AV software blocks Bisq or Tor, delete files in the data directory [2] or app directory [1]) or cause such a long delay at startup that Tor gets terminated and a file remains locked which can cause that Bisq cannot be started afterwards. To resolve that you need to restart Windows then the lock get released. We are working on solutions to fix those issues.

If you use Crypto currencies on your Windows system be aware that Windows is much more vulnerable to malware than Linux or OSX. Consider to use a dedicated non-Windows system when dealing with cryptocurrencies.

[1] Application directory (contains application installation files): C:\Users<username>\AppData\Local\Bisq

[2] Data directory (contains all Bisq data including wallet): C:\Users<username>\AppData\Roaming\Bisq\btc_mainnet\tor (you can delete everything except the hiddenservice directory)

Linux:

Hint for Debian users: If you have problems starting Bisq on Debian use: /opt/Bisq/Bisq

If your Linux distro does not support .deb files please follow this instruction: cd ~/Downloads mkdir tmp cd tmp ar x ../Bisq-64bit-1.6.2.deb sudo tar Jxvf data.tar.xz sudo cp -rp opt/Bisq /opt/ That instruction is not tested on many different distros. If you encounter problems please report it in a Github issue so we can improve it.

Credits

Thanks to everyone who directly contributed to this release:

• @BtcContributor
• @cd2357
• @chimp1984
• @ripcurlx
• @ghubstan
• @huey735
• @JaredBoone
• @jmacxx
• @wallclockbuilder
• @sqrrm
• @stejbac

A special thanks to our first time contributor:

• @BtcContributor:
  • Fix Set Password text button
  • Fix opening of proposal links in DAO on Windows
  • Fix dark mode readibility of specific texts
  • Fix copy of BankName value + BranchId/BankId
  • Fix length check text on manual payout tool
• @JaredBoone:
  • Changes "Verify result" to "Check signature"
• @wallclockbuilder:
  • Update commands for mediator/refund agent
  • Fix typo
  • Replace Slack with Keybase

As well as to everyone that helped with translations on Transifex.

Small release fixing bugs introduced in 1.0.7.1:

Bug fixes:

• The date in invoice page were not showing anymore the browser date time, but the server date time. (@NicolasDorier)
• Apps on root where not working anymore, redirecting to login page rather than showing the app (see #2414) (@bolatovumar)

We're pleased to announce the 0.10.0 release of c-lightning, named by @jsarenik.

This is a major release, consolidating a number of features, fixes and experimental extensions.

Highlights for Users

• pay has been refined and much improved across various less-common scenarios.
• listpeers shows the current feerate and unilateral close fee.
• listforwards can now filter by channel status, and in or out channel.
• fundpsbt and utxopsbt have a new excess_as_change parameter if you don't want to add it yourself.
• connect returns the address we actually connected to (and direction tells you if they actually connected to us instead).
• fundchannel_complete takes a PSBT, removing a common cause of tragic opening failures: txprepare and withdraw now provide a PSBT for convenience too.
• In regtest mode, we don't care that bitcoind doesn't give any fee estimates, but use the minimum.

Highlights for the Network

• We now send warning messages if an error condition is possibly recoverable, rather than closing the channel and sending error.
• We now implement sync_complete for gossip_range queries as per latest spec, with backwards compatibility for older nodes.
• experimental-dual-fund config option enables the draft dual funding option for compatible nodes, which includes RBF upgrades for opening transactions.

Highlights for Developers

• All hooks are now registerable by multiple plugins at once.
• experimental-shutdown-wrong-funding allows remote nodes to close incorrectly opened channels using the new wrong_funding option to close.

More details can be found in the changelog.

Thanks to everyone for their contributions and bug reports; please keep them coming.

Since 0.9.3, we've had 339 commits from 14 different authors over 69 days.

A special thanks goes to the 3 first time contributors:

• Matthias Debernardini
• Luke Childs
• Alexey Zagarin

Cheers, Rusty, Lisa, Christian, ZmnSCPxj

Summary

Trezor T's firmware (v2.3.5) breaks the compatibility with Wasabi, this release fixes this. I also added some minor updates and fixes.

• Update HWI to v2.0.1
  
• Update Tor to v0.4.5.7

Newbie Guide

While setting up Wasabi is straightforward, even a Linux wizard with the longest beard can get stuck on the most basic tasks. Consider taking a look at the Installation Instructions guide.

Advanced Guide

If you want to build Wasabi from source code or update the source code check out these instructions.

From version 1.1.3 Wasabi also introduces reproducible builds: Deterministic Build Guide

Build with .NET Core 3.1.407-win-x64.

FAQ

• Frequently asked questions here.
• Requirements? x64, Linux, >Win10, >macOS 10.13.

Release Notes

• Update HWI https://github.com/zkSNACKs/WalletWasabi/pull/5465
• RPC https://github.com/zkSNACKs/WalletWasabi/pull/5436
• Fix for recovering wallet from more then 12 Recovery words https://github.com/zkSNACKs/WalletWasabi/pull/5384
• Tor https://github.com/zkSNACKs/WalletWasabi/pull/5455

This is a security release that patches one critical and several low-impact vulnerabilities that affected BTCPay Server versions 1.0.7.0 and older.

The critical vulnerability (CVE-2021-29251) impacts users who:

• Use Docker Deployment, have a configured email server and enabled registration for users in Server Settings > Policies
  

We strongly recommend affected users to update their instances to mitigate the risk. We will release a full public disclosure of vulnerabilities with the next major version of the BTCPay Server.

We want to thank @teslamotors for filing a responsible disclosure, helping us with remediation, and handling the situation professionally.
We also want to thank Qaiser Abbas, an independent web-security researcher, for an additional responsible vulnerability disclosure that was handled in this release.

Thank you for keeping our users safe.

Improvements:

• Add user email search/sort @bolatovumar
• Fix pay button link preview (see #2396) @bumbummen99
• Change display date format on view pull payments (see #2339) @AlexGidge
• Update form required input styling (see #2373) @bolatovumar
• Order file uploaded list by descending timestamp (#2273) @bolatovumar
• Remove misleading title from hint icon @dennisreimann
• Make dates/timespan swagger docs more clear (#2399) @Kukks
• Add rate limiter for forgotpassword @NicolasDorier
• Upgrade Boostrap to v4.6 and jquery to 3.6.0 @dennisreimann
• Use better PRNG for payjoin input selection @NicolasDorier
• Decrease authentication cookie timeout after password change from 30min to 5min @NicolasDorier
• Use secure/http-only cookies for preferences @NicolasDorier

Bug fixes:

• Ensure submitting empty currency does not break update PoS page (#2376) @bolatovumar
• Fix point of sale item newline break (#2366) @Kukks
• Validate filename in file upload endpoints @NicolasDorier
• Turn off autocomplete for BIP39 Seed or HD private key inputs @nosovk
• Fix payment request template body/page height and footer style @Patrick

Changelog for v0.18.1.11:

• Specify the dynafed epoch length for liquidv1.

Changelog for v0.18.1.10

• Add SIGHASH_RANGEPROOF support
• Add two missing dynafed fields to getblockchaininfo
• Support changing mainnet dynafed activation
• Only verify proposed dynafed parameters if they differ from current

Binaries

There are two types of binaries:

Specter Desktop

It's a windowed GUI application with Specter server included. Supported platforms: Windows, MacOS, Linux (x86_64)

Note on Linux: you need to set up udev rules (included in the archive). Check out readme.

Note on macOS: The current build supports only macOS Catalina (10.15) or higher. If you'd like to run Specter on an older macOS version, you can install Specter from Pip.

specterd

It's a command-line program that only runs Specter server. Supported platforms: Windows, MacOS, Linux (x86_64)

Signatures and hashes

sha256.signed.txt file contains sha256 hashes of all binary files and signed with @ben-kaufman's GPG key. You can get the public key from here: https://benkaufman.info/ben-kaufman.asc. It is also available via keys.gnupg.net or keys.openpgp.org. Fingerprint of the key is 5DF6 A760 1DB8 B78E BDEC 18DB 5D27 DE56 4153 F2BD, short id: 5d27de564153f2bd

Release notes

Bugfix: bump embit version, add secp binary #1031 (Stepan Snigirev) - Bugfix: consolidations issue #1034 (benk10) - Bugfix: Default bitcoind timeout to 60s for all platforms #1044 (kdmukai) - Bugfix: Raspberry Pi check; fixing breaking changes when not using built-in Tor #1037 (kdmukai) - Bugfix: Remove potentially non-final txid #1011 (benk10) - Bugfix: auto-escaping of wallet.accountmap json in pdf backup #976 (djpnewton) - Bugfix: typo #1008 (Jan Rothen) - Bugfix: HWI2 integration issues #1045 (benk10) - Bugfix: misc Fixes for pre-release, mainly proper tor shutdown (#1048) (benk10) - Bugfix: fix fillpsbt #1050 (Stepan Snigirev) - Bugfix: exit cleanup #1053 (benk10) - Bugfix: Fix Windows pyinstaller typo #1064 (benk10) - Bugfix: Pre release minor fixes #1055 (benk10) - Bugfix: Remove scientific notations #1067 (benk10) - Bugfix: Update Bitcoin Core data dir even when installed and update Cobo Vault instructions #1056 (benk10) - Bugfix: Remove download attribute from link #1061 (Taylor Helsper) - Chore: Bump jinja2 from 2.11.2 to 2.11.3 #1033 (dependabot[bot]) - Chore: Some more Cypress tests #970 (benk10) - Chore: Re-applying config change to pass Black formatting #1003 (kdmukai) - Chore: Cypress travis #997 (Kim Neunert) - Chore: Bump HWI to 2.0.1 #1060 (benk10) - Chore: Refactor node setup state and timeout #1058 (benk10) - Docs: added signature-verification to FAQ #1042 (Kim Neunert) - Docs: Update DEVELOPMENT.md for Raspi #1032 (kdmukai) - Docs: update to specify correct docker tag #971 (kdmukai) - Docs: Fixed typos in faq.md #1004 (Dimitris Tsapakidis) - Docs: Add link to RaspiBlitz connection guide #1041 (d11n) - Feature: Add "Abandon transaction" option for low fee txs that have been purged from the mempool #991 (kdmukai) - Feature: Add full edit transaction for RBF #998 (benk10) - Feature: Add mempool.space as an option for fee estimation and block explorer #1020 (benk10) - Feature: many more currencies to the price provider #1021 (benk10) - Feature: Move wallets loading process to background #1017 (benk10) - Feature: Setup Bitcoin Core from Specter #1007 (benk10) - Feature: Show wallets overview for / , resolves #1018 #1019 (benk10) - Feature: improved the description of the CLI arguments/options #984 (8go) - Feature: Logging improvements #1043 (Kim Neunert) - Feature: Move to HWI v2 #1001 (benk10) - Feature: Specter-DIY: add sd card support #1047 (Stepan Snigirev) - Feature: Adding regular logs to core-settings-page #1065 (Kim Neunert) - Feature: Call the checker more often if IBD #1059 (benk10) - Feature: Pre download core and tor binaries #1062 (benk10) - UIUX: changing the background color of that input/output (using colors based on the send/receive svg icons) #989 (djpnewton) - UIUX: HWI Bridge design improvement #1015 (benk10) - UIUX: Timeout management and other improvements #1057 (Kim Neunert) - UIUX: Only tor quicksync warning #1054 (Kim Neunert)

A newer version is already available! Please don’t use this version anymore.

This is a follow-up release that allows default fee values in leniency checks, fixes an issue in the the new portfolio history popup and upgrades to the latest Tor version v0.4.5.7 that fixes two important denial-of-service bugs in earlier versions of Tor.

For more details please see https://github.com/bisq-network/bisq/milestone/54?closed=1

Here are the release notes from v1.6.0:

Release notes

This release ships the official beta release for the Bisq API! It has been tested on mainnet, but is still in beta, so please be careful.

Other highlights: absolute minimum deposits have now been lowered from 0.006 BTC to 0.001 BTC. Maker and taker fee transactions are now verified via mempool.space to reduce trade issues, and mediation and arbitration were improved as well. And as always, there are many bug fixes and refinements.

Also important: this release ships part of 1 of 2 for BSQ SegWit implementation. It prepares the network for handling SegWit BSQ transactions (activation block is 680300, around 2021/04/25 -- all full nodes should update to 1.6.0+ before that time). Shortly after this activation point, the wallet code (https://github.com/bisq-network/bisq/pull/5109) will be merged into master for testing so that the full BSQ SegWit update is shipped in the following release.

DAO

• Implement Segwit for BSQ - Step 1/2

UI

• Update commands for mediator/refund agent registration
• Fix copy of BankName value + BranchId/BankId
• Changes "Verify result" to "Check signature"
• Fix dark mode readability of specific texts
• Fix Set Password text button
• Fix key shortcut documentation when using CMD+Y
• Replace Slack with Keybase
• Fix opening of proposal links in DAO on Windows
• Fix length check text on manual payout tool

Trading

• Lower min deposit to 0.001 BTC
• Add pop-up warning for trading with risky payment methods
• Verify maker & taker fee transactions via Mempool lookup
• Fee validation leniency using old DAO param values
• Improve portfolio history
• Add NGN as a default currency
• Add pay from BSQ wallet button
• Prevent trading when not connected to the Bitcoin network
• Fix Multiple Warnings on Enable All Offers

Wallet

• Add coin input control
• Fix race condition in BTC sent confirmation popup

Reliability

• Prevent persist at startup, flush at backup
• Fix mailbox bootstrap issue

Mediation/Arbitration

• Improve chat functionality of mediation/arbitration: 1, 2
• Improve mediation tools / logging

API

• Add long running api tests
• Improve takeoffer error handing
• Disambiguate payment acct json form's "country" field
• Improve apitest docs
• Document test harness dispute agent registration
• Avoid null pointer exception due to null fee while wrapping tx in TxInfo
• Prevent creation of new offers with incompatible payment accounts
• Fix CLI number opt validation, improve server-not-up msg
• Fix call rate metering interceptor bug
• Fix API startup's wallet.init failure when wallet is encrypted
• Improve gRPC server error logging
• Display buyer's cost in api's gettrade output
• Refactor apitest cases to use GrpcClient
• Refactor grpc stub boilerplate from CliMain to GrpcClient
• Adjust api to new minimum fee per vbyte
• Add CLI testing bot to :apitest

Development

• Document tor upgrade steps
• Add step for signature creation for Arch Linux
• Fix typo in test

Assets

No new assets.

Verification

Url of the signing key (Christoph Atteneder): https://bisq.network/pubkey/29CDFD3B.asc Full fingerprint: CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B

Import the key: curl https://bisq.network/pubkey/29CDFD3B.asc | gpg --import GPG prints a confusion warning: "This key is not certified with a trusted signature!" - See https://serverfault.com/questions/569911/how-to-verify-an-imported-gpg-key for background information what it means.

How to verify signatures? gpg --digest-algo SHA256 --verify BINARY{.asc*,} Replace BINARY with the file you downloaded (e.g. Bisq-1.6.1.dmg)

Verify jar file inside binary: You can verify on OSX the jar file with: shasum -a256 [PATH TO BISQ APP]/Bisq.app/Contents/Java/Bisq-1.6.1.jar The output need to match the value from the Bisq-1.6.1.jar.txt file.

Known issues with installation

macOS Catalina:

Bisq can't be opened because Apple cannot check it for malicious software

This happens the first time Bisq is run on macOS Catalina. It is because a new security feature in Catalina has newer requirements of how apps are packaged. We are working on ways to address this (see #3402 and #4196 for details).

Workaround: Right click on the installed Bisq app > Click Open (warning popup shown again, but with new button available) > Click Open

Bisq would like to receive keystrokes from any application.

Discussed in issue https://github.com/bisq-network/bisq/issues/3373, you will see a permission request in the latest macOS version that Bisq wants to receive keystrokes from any application. Unfortunately that is an issue for all Java applications that are run on Catalina right now. We are investigating already how to solve this issue and will fix in one of our next updates.

Windows:

There is a known issue with Anti Virus software. We got several reports from users running into different problems. Either the AV software blocks Bisq or Tor, delete files in the data directory [2] or app directory [1]) or cause such a long delay at startup that Tor gets terminated and a file remains locked which can cause that Bisq cannot be started afterwards. To resolve that you need to restart Windows then the lock get released. We are working on solutions to fix those issues.

If you use Crypto currencies on your Windows system be aware that Windows is much more vulnerable to malware than Linux or OSX. Consider to use a dedicated non-Windows system when dealing with cryptocurrencies.

[1] Application directory (contains application installation files): C:\Users<username>\AppData\Local\Bisq

[2] Data directory (contains all Bisq data including wallet): C:\Users<username>\AppData\Roaming\Bisq\btc_mainnet\tor (you can delete everything except the hiddenservice directory)

Linux:

Hint for Debian users: If you have problems starting Bisq on Debian use: /opt/Bisq/Bisq

If your Linux distro does not support .deb files please follow this instruction: cd ~/Downloads mkdir tmp cd tmp ar x ../Bisq-64bit-1.6.1.deb sudo tar Jxvf data.tar.xz sudo cp -rp opt/Bisq /opt/ That instruction is not tested on many different distros. If you encounter problems please report it in a Github issue so we can improve it.

Credits

Thanks to everyone who directly contributed to this release:

• @BtcContributor
• @cd2357
• @chimp1984
• @ripcurlx
• @ghubstan
• @huey735
• @JaredBoone
• @jmacxx
• @wallclockbuilder
• @sqrrm
• @stejbac

A special thanks to our first time contributor:

• @BtcContributor:
  • Fix Set Password text button
  • Fix opening of proposal links in DAO on Windows
  • Fix dark mode readibility of specific texts
  • Fix copy of BankName value + BranchId/BankId
  • Fix length check text on manual payout tool
• @JaredBoone:
  • Changes "Verify result" to "Check signature"
• @wallclockbuilder:
  • Update commands for mediator/refund agent
  • Fix typo
  • Replace Slack with Keybase

As well as to everyone that helped with translations on Transifex.

Also available on PyPi and can be installed with pip install -U hwi

Fixed

• Fixed Trezor T on device passphrase entry
• Fixed hwi-qt Linux binary crashing when using keyboard shortcuts

v1.3.0-pre6 - This is a pre-release (i.e. beta software).

Use this with caution!!!

Main changes to test:

• Bitcoin Core and Tor setup: Specter now has a new setup wizard, accessible from the main screen, which allows setting up Bitcoin Core and Tor directly from Specter. You can also setup Tor separately from the Tor settings tab. The Tor and Bitcoin Core will automatically start and stop with Specter launch/ close. (Warning: If you're already using Bitcoin Core on the machine you're testing the setup on, Specter by default will use and override existing files in the default location of Bitcoin Core - since we assume users who need Bitcoin Core installation from Specter don't have a node there already. If that is a concern for you, make sure to specify a custom path to Bitcoin Core data folder so Specter will use that instead, this can be done from the advanced section of the wizard).
• Full RBF editing option: You can now fully edit an RBF transaction - i.e. change recipient address, add inputs, edit amounts etc.
• HWI v2.0.0: New version of HWI with major changes, meaning all USB-connected hardware wallets should be tested to ensure the new version did not break any integration.
• BitBox02 Multisig support: With HWI v2.0.0, Specter now supports using BitBox02 in multisig setups.
• Async wallets loading: The process of loading existing wallets into Specter on startup has been moved to the background. Specter should now start up much faster, and you may see loading indication at first for the wallets.
• Abandon transaction: If you sent a transaction that has been purged from the mempool, it is now possible to make your wallet forget it so that the funds are spendable again.
• Mempool.space fee estimation: The default fee estimation source is now mempool.space. It's also possible to configure in the general settings to use either Bitcoin Core, or a self-hosted instance of mempool.space.
• Block explorer default options: We now have default options for block explorers instead of only free text. It's still possible to use as free text by choosing custom.
• HWI Bridge Redesign: The process and design of configuring Specter used on a remote machine to allow USB connections has been simplified and redesigned.
• More currencies and precious metals in price bar: More currencies are now available for automated price pulling, also precious metals, with multiple weight unit options, are now available too.
• Fix escaping of JSON wallet backup: Avoid escaping the JSON file downloaded on wallet backup.
• Fix Bitcoin Core v0.21 UTXO consolidation issue: Previous version had a bug where UTXO consolidation transactions were would always show up as unconfirmed if Bitcoin Core v0.21 is used.
• Fix Signet Nested SegWit: Nested SegWit addresses on Signet were previously generated incorrectly.

Planned release-notes:

• Bugfix: bump embit version, add secp binary #1031 (Stepan Snigirev)
• Bugfix: consolidations issue #1034 (benk10)
• Bugfix: Default bitcoind timeout to 60s for all platforms #1044 (kdmukai)
• Bugfix: Raspberry Pi check; fixing breaking changes when not using built-in Tor #1037 (kdmukai)
• Bugfix: Remove potentially non-final txid #1011 (benk10)
• Bugfix: auto-escaping of wallet.account_map json in pdf backup #976 (djpnewton)
• Bugfix: typo #1008 (Jan Rothen)
• Bugfix: HWI2 integration issues #1045 (benk10)
• Chore: Bump jinja2 from 2.11.2 to 2.11.3 #1033 (dependabot[bot])
• Chore: Some more Cypress tests #970 (benk10)
• Chore: Re-applying config change to pass Black formatting #1003 (kdmukai)
• Chore: Cypress travis #997 (Kim Neunert)
• Docs: added signature-verification to FAQ #1042 (Kim Neunert)
• Docs: Update DEVELOPMENT.md for Raspi #1032 (kdmukai)
• Docs: update to specify correct docker tag #971 (kdmukai)
• Docs: Fixed typos in faq.md #1004 (Dimitris Tsapakidis)
• Docs: Add link to RaspiBlitz connection guide #1041 (d11n)
• Feature: Add "Abandon transaction" option for low fee txs that have been purged from the mempool #991 (kdmukai)
• Feature: Add full edit transaction for RBF #998 (benk10)
• Feature: Add mempool.space as an option for fee estimation and block explorer #1020 (benk10)
• Feature: many more currencies to the price provider #1021 (benk10)
• Feature: Move wallets loading process to background #1017 (benk10)
• Feature: Setup Bitcoin Core from Specter #1007 (benk10)
• Feature: Show wallets overview for / , resolves #1018 #1019 (benk10)
• Feature: improved the description of the CLI arguments/options #984 (8go)
• Feature: Logging improvements #1043 (Kim Neunert)
• Feature: Move to HWI v2 #1001 (benk10)
• Feature: Specter-DIY: add sd card support #1047 (Stepan Snigirev)
• UIUX: changing the background color of that input/output (using colors based on the send/receive svg icons) #989 (djpnewton)
• UIUX: HWI Bridge design improvement #1015 (benk10)

Signatures and hashes

sha256.signed.txt file contains sha256 hashes of all binary files and signed with @ben-kaufman's GPG key. You can get the public key from here: https://benkaufman.info/ben-kaufman.asc. It is also available via keys.gnupg.net or keys.openpgp.org. Fingerprint of the key is 5DF6 A760 1DB8 B78E BDEC 18DB 5D27 DE56 4153 F2BD, short id: 5d27de564153f2bd

A newer version is already available! Please don’t use this version anymore.

Release notes

This release ships the official beta release for the Bisq API! It has been tested on mainnet, but is still in beta, so please be careful.

Other highlights: absolute minimum deposits have now been lowered from 0.006 BTC to 0.001 BTC. Maker and taker fee transactions are now verified via mempool.space to reduce trade issues, and mediation and arbitration were improved as well. And as always, there are many bug fixes and refinements.

Also important: this release ships part of 1 of 2 for BSQ SegWit implementation. It prepares the network for handling SegWit BSQ transactions (activation block is 680300, around 2021/04/25 -- all full nodes should update to 1.6.0 before that time). Shortly after this activation point, the wallet code (https://github.com/bisq-network/bisq/pull/5109) will be merged into master for testing so that the full BSQ SegWit update is shipped in the following release.

DAO

• Implement Segwit for BSQ - Step 1/2

UI

• Update commands for mediator/refund agent registration
• Fix copy of BankName value + BranchId/BankId
• Changes "Verify result" to "Check signature"
• Fix dark mode readability of specific texts
• Fix Set Password text button
• Fix key shortcut documentation when using CMD+Y
• Replace Slack with Keybase
• Fix opening of proposal links in DAO on Windows
• Fix length check text on manual payout tool

Trading

• Lower min deposit to 0.001 BTC
• Add pop-up warning for trading with risky payment methods
• Verify maker & taker fee transactions via Mempool lookup
• Fee validation leniency using old DAO param values
• Improve portfolio history
• Add NGN as a default currency
• Add pay from BSQ wallet button
• Prevent trading when not connected to the Bitcoin network
• Fix Multiple Warnings on Enable All Offers

Wallet

• Add coin input control
• Fix race condition in BTC sent confirmation popup

Reliability

• Prevent persist at startup, flush at backup
• Fix mailbox bootstrap issue

Mediation/Arbitration

• Improve chat functionality of mediation/arbitration: 1, 2
• Improve mediation tools / logging

API

• Add long running api tests
• Improve takeoffer error handing
• Disambiguate payment acct json form's "country" field
• Improve apitest docs
• Document test harness dispute agent registration
• Avoid null pointer exception due to null fee while wrapping tx in TxInfo
• Prevent creation of new offers with incompatible payment accounts
• Fix CLI number opt validation, improve server-not-up msg
• Fix call rate metering interceptor bug
• Fix API startup's wallet.init failure when wallet is encrypted
• Improve gRPC server error logging
• Display buyer's cost in api's gettrade output
• Refactor apitest cases to use GrpcClient
• Refactor grpc stub boilerplate from CliMain to GrpcClient
• Adjust api to new minimum fee per vbyte
• Add CLI testing bot to :apitest

Development

• Document tor upgrade steps
• Add step for signature creation for Arch Linux
• Fix typo in test

Assets

No new assets.

Verification

Url of the signing key (Christoph Atteneder): https://bisq.network/pubkey/29CDFD3B.asc Full fingerprint: CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B

Import the key: curl https://bisq.network/pubkey/29CDFD3B.asc | gpg --import GPG prints a confusion warning: "This key is not certified with a trusted signature!" - See https://serverfault.com/questions/569911/how-to-verify-an-imported-gpg-key for background information what it means.

How to verify signatures? gpg --digest-algo SHA256 --verify BINARY{.asc*,} Replace BINARY with the file you downloaded (e.g. Bisq-1.6.0.dmg)

Verify jar file inside binary: You can verify on OSX the jar file with: shasum -a256 [PATH TO BISQ APP]/Bisq.app/Contents/Java/Bisq-1.6.0.jar The output need to match the value from the Bisq-1.6.0.jar.txt file.

Known issues with installation

macOS Catalina:

Bisq can't be opened because Apple cannot check it for malicious software

This happens the first time Bisq is run on macOS Catalina. It is because a new security feature in Catalina has newer requirements of how apps are packaged. We are working on ways to address this (see #3402 and #4196 for details).

Workaround: Right click on the installed Bisq app > Click Open (warning popup shown again, but with new button available) > Click Open

Bisq would like to receive keystrokes from any application.

Discussed in issue https://github.com/bisq-network/bisq/issues/3373, you will see a permission request in the latest macOS version that Bisq wants to receive keystrokes from any application. Unfortunately that is an issue for all Java applications that are run on Catalina right now. We are investigating already how to solve this issue and will fix in one of our next updates.

Windows:

There is a known issue with Anti Virus software. We got several reports from users running into different problems. Either the AV software blocks Bisq or Tor, delete files in the data directory [2] or app directory [1]) or cause such a long delay at startup that Tor gets terminated and a file remains locked which can cause that Bisq cannot be started afterwards. To resolve that you need to restart Windows then the lock get released. We are working on solutions to fix those issues.

If you use Crypto currencies on your Windows system be aware that Windows is much more vulnerable to malware than Linux or OSX. Consider to use a dedicated non-Windows system when dealing with cryptocurrencies.

[1] Application directory (contains application installation files): C:\Users<username>\AppData\Local\Bisq

[2] Data directory (contains all Bisq data including wallet): C:\Users<username>\AppData\Roaming\Bisq\btc_mainnet\tor (you can delete everything except the hiddenservice directory)

Linux:

Hint for Debian users: If you have problems starting Bisq on Debian use: /opt/Bisq/Bisq

If your Linux distro does not support .deb files please follow this instruction: cd ~/Downloads mkdir tmp cd tmp ar x ../Bisq-64bit-1.6.0.deb sudo tar Jxvf data.tar.xz sudo cp -rp opt/Bisq /opt/ That instruction is not tested on many different distros. If you encounter problems please report it in a Github issue so we can improve it.

Credits

Thanks to everyone who directly contributed to this release:

• @BtcContributor
• @cd2357
• @chimp1984
• @ripcurlx
• @ghubstan
• @huey735
• @JaredBoone
• @jmacxx
• @wallclockbuilder
• @sqrrm
• @stejbac

A special thanks to our first time contributor:

• @BtcContributor:
  • Fix Set Password text button
  • Fix opening of proposal links in DAO on Windows
  • Fix dark mode readibility of specific texts
  • Fix copy of BankName value + BranchId/BankId
  • Fix length check text on manual payout tool
• @JaredBoone:
  • Changes "Verify result" to "Check signature"
• @wallclockbuilder:
  • Update commands for mediator/refund agent
  • Fix typo
  • Replace Slack with Keybase

As well as to everyone that helped with translations on Transifex.

Umbrel v0.3.8 brings the following apps up to their latest versions:

• Thunderhub
• RTL
• BTCPay
• Lightning Terminal
• Specter Desktop
• Sphinx Relay
• Samourai Server

If you face any difficulties while updating, please message us on Telegram: https://t.me/getumbrel

Diff: https://github.com/getumbrel/umbrel/compare/v0.3.7...v0.3.8

New

• Encrypted Message sign/verify
• Main SCAN button can import wallets
• Card colors
• Romanian language
• TZS currency

Fixed

• Improved accessibility
• Show XPUB for AEZEED wallets
• Wallet selection was not visible
• Coin Control handle 0 conf output correctly
• Decrease animated QR codes density
• Send MAX can be used with regular outputs

Languages updates

French, Chinese (Simplified), Chinese (Traditional), Finnish, German, Dutch, Portuguese Brazilian and Slovenian. Join us here → https://www.transifex.com/bluewallet/bluewallet

Download

Changelog

• Allow specifying an explicit script type for xpubs using -x <xpub>:wpkh, -x <xpub>:shwpkh or -x <xpub>:pkh.

• Fix blockchain.block.headers sending wrong number of headers (#87, thanks @stevenroose!)

• Check testmempoolaccept prior to custom broadcast (#80)

• Dependency updates and various small enhancements

Also see the v0.2.4 releases for bwt-electrum-plugin, libbwt, libbwt-nodejs and libbwt-jni.

Installation

Installation instructions are available on the README.

Verifying signatures

The releases are signed by Nadav Ivgi (@shesek). The public key can be verified on the PGP WoT, github, twitter, keybase, hacker news and this video presentation.

```bash

Download (change x86_64-linux to your platform)

$ wget https://github.com/bwt-dev/bwt/releases/download/v0.2.4/bwt-0.2.4-x86_64-linux.tar.gz

Fetch public key

$ gpg --keyserver keyserver.ubuntu.com --recv-keys FCF19B67866562F08A43AAD681F6104CD0F150FC

Verify signature

$ wget -qO - https://github.com/bwt-dev/bwt/releases/download/v0.2.4/SHA256SUMS.asc \ | gpg --decrypt - | grep ' bwt-0.2.4-x86_64-linux.tar.gz$' | sha256sum -c -

$ tar zxvf bwt-0.2.4-x8664-linux.tar.gz $ ./bwt-0.1.5-x8664-linux/bwt --xpub ... ```

The signature verification should show Good signature from "Nadav Ivgi <nadav@shesek.info>" ... Primary key fingerprint: FCF1 9B67 ... and bwt-0.2.4-x86_64-linux.tar.gz: OK.

Reproducible builds

The builds are fully reproducible.

You can verify the checksums against the v0.2.4 builds on Travis CI: https://travis-ci.org/github/bwt-dev/bwt/builds/764306060

See more details here.

v1.3.0-pre4 - This is a pre-release (i.e. beta software).

Use this with caution!!!

Main changes to test:

• Bitcoin Core and Tor setup: Specter now has a new setup wizard, accessible from the main screen, which allows setting up Bitcoin Core and Tor directly from Specter. You can also setup Tor separately from the Tor settings tab. The Tor and Bitcoin Core will automatically start and stop with Specter launch/ close. (Warning: If you're already using Bitcoin Core on the machine you're testing the setup on, Specter by default will use and override existing files in the default location of Bitcoin Core - since we assume users who need Bitcoin Core installation from Specter don't have a node there already. If that is a concern for you, make sure to specify a custom path to Bitcoin Core data folder so Specter will use that instead, this can be done from the advanced section of the wizard).
• Full RBF editing option: You can now fully edit an RBF transaction - i.e. change recipient address, add inputs, edit amounts etc.
• HWI v2.0.0: New version of HWI with major changes, meaning all USB-connected hardware wallets should be tested to ensure the new version did not break any integration.
• BitBox02 Multisig support: With HWI v2.0.0, Specter now supports using BitBox02 in multisig setups.
• Async wallets loading: The process of loading existing wallets into Specter on startup has been moved to the background. Specter should now start up much faster, and you may see loading indication at first for the wallets.
• Abandon transaction: If you sent a transaction that has been purged from the mempool, it is now possible to make your wallet forget it so that the funds are spendable again.
• Mempool.space fee estimation: The default fee estimation source is now mempool.space. It's also possible to configure in the general settings to use either Bitcoin Core, or a self-hosted instance of mempool.space.
• Block explorer default options: We now have default options for block explorers instead of only free text. It's still possible to use as free text by choosing custom.
• HWI Bridge Redesign: The process and design of configuring Specter used on a remote machine to allow USB connections has been simplified and redesigned.
• More currencies and precious metals in price bar: More currencies are now available for automated price pulling, also precious metals, with multiple weight unit options, are now available too.
• Fix escaping of JSON wallet backup: Avoid escaping the JSON file downloaded on wallet backup.
• Fix Bitcoin Core v0.21 UTXO consolidation issue: Previous version had a bug where UTXO consolidation transactions were would always show up as unconfirmed if Bitcoin Core v0.21 is used.
• Fix Signet Nested SegWit: Nested SegWit addresses on Signet were previously generated incorrectly.

Planned release-notes:

• Bugfix: bump embit version, add secp binary #1031 (Stepan Snigirev)
• Bugfix: consolidations issue #1034 (benk10)
• Bugfix: Default bitcoind timeout to 60s for all platforms #1044 (kdmukai)
• Bugfix: Raspberry Pi check; fixing breaking changes when not using built-in Tor #1037 (kdmukai)
• Bugfix: Remove potentially non-final txid #1011 (benk10)
• Bugfix: auto-escaping of wallet.account_map json in pdf backup #976 (djpnewton)
• Bugfix: typo #1008 (Jan Rothen)
• Bugfix: HWI2 integration issues #1045 (benk10)
• Chore: Bump jinja2 from 2.11.2 to 2.11.3 #1033 (dependabot[bot])
• Chore: Some more Cypress tests #970 (benk10)
• Chore: Re-applying config change to pass Black formatting #1003 (kdmukai)
• Chore: Cypress travis #997 (Kim Neunert)
• Docs: added signature-verification to FAQ #1042 (Kim Neunert)
• Docs: Update DEVELOPMENT.md for Raspi #1032 (kdmukai)
• Docs: update to specify correct docker tag #971 (kdmukai)
• Docs: Fixed typos in faq.md #1004 (Dimitris Tsapakidis)
• Docs: Add link to RaspiBlitz connection guide #1041 (d11n)
• Feature: Add "Abandon transaction" option for low fee txs that have been purged from the mempool #991 (kdmukai)
• Feature: Add full edit transaction for RBF #998 (benk10)
• Feature: Add mempool.space as an option for fee estimation and block explorer #1020 (benk10)
• Feature: many more currencies to the price provider #1021 (benk10)
• Feature: Move wallets loading process to background #1017 (benk10)
• Feature: Setup Bitcoin Core from Specter #1007 (benk10)
• Feature: Show wallets overview for / , resolves #1018 #1019 (benk10)
• Feature: improved the description of the CLI arguments/options #984 (8go)
• Feature: Logging improvements #1043 (Kim Neunert)
• Feature: Move to HWI v2 #1001 (benk10)
• Feature: Specter-DIY: add sd card support #1047 (Stepan Snigirev)
• UIUX: changing the background color of that input/output (using colors based on the send/receive svg icons) #989 (djpnewton)
• UIUX: HWI Bridge design improvement #1015 (benk10)

Signatures and hashes

sha256.signed.txt file contains sha256 hashes of all binary files and signed with @ben-kaufman's GPG key. You can get the public key from here: https://benkaufman.info/ben-kaufman.asc. It is also available via keys.gnupg.net or keys.openpgp.org. Fingerprint of the key is 5DF6 A760 1DB8 B78E BDEC 18DB 5D27 DE56 4153 F2BD, short id: 5d27de564153f2bd

v1.3.0-pre3 - This is a pre-release (i.e. beta software).

Use this with caution!!!

Main changes to test:

• Bitcoin Core and Tor setup: Specter now has a new setup wizard, accessible from the main screen, which allows setting up Bitcoin Core and Tor directly from Specter. You can also setup Tor separately from the Tor settings tab. The Tor and Bitcoin Core will automatically start and stop with Specter launch/ close. (Warning: If you're already using Bitcoin Core on the machine you're testing the setup on, Specter by default will use and override existing files in the default location of Bitcoin Core - since we assume users who need Bitcoin Core installation from Specter don't have a node there already. If that is a concern for you, make sure to specify a custom path to Bitcoin Core data folder so Specter will use that instead, this can be done from the advanced section of the wizard).
• Full RBF editing option: You can now fully edit an RBF transaction - i.e. change recipient address, add inputs, edit amounts etc.
• HWI v2.0.0: New version of HWI with major changes, meaning all USB-connected hardware wallets should be tested to ensure the new version did not break any integration.
• BitBox02 Multisig support: With HWI v2.0.0, Specter now supports using BitBox02 in multisig setups.
• Async wallets loading: The process of loading existing wallets into Specter on startup has been moved to the background. Specter should now start up much faster, and you may see loading indication at first for the wallets.
• Abandon transaction: If you sent a transaction that has been purged from the mempool, it is now possible to make your wallet forget it so that the funds are spendable again.
• Mempool.space fee estimation: The default fee estimation source is now mempool.space. It's also possible to configure in the general settings to use either Bitcoin Core, or a self-hosted instance of mempool.space.
• Block explorer default options: We now have default options for block explorers instead of only free text. It's still possible to use as free text by choosing custom.
• HWI Bridge Redesign: The process and design of configuring Specter used on a remote machine to allow USB connections has been simplified and redesigned.
• More currencies and precious metals in price bar: More currencies are now available for automated price pulling, also precious metals, with multiple weight unit options, are now available too.
• Fix escaping of JSON wallet backup: Avoid escaping the JSON file downloaded on wallet backup.
• Fix Bitcoin Core v0.21 UTXO consolidation issue: Previous version had a bug where UTXO consolidation transactions were would always show up as unconfirmed if Bitcoin Core v0.21 is used.
• Fix Signet Nested SegWit: Nested SegWit addresses on Signet were previously generated incorrectly.

Planned release-notes:

• Bugfix: bump embit version, add secp binary #1031 (Stepan Snigirev)
• Bugfix: consolidations issue #1034 (benk10)
• Bugfix: Default bitcoind timeout to 60s for all platforms #1044 (kdmukai)
• Bugfix: Raspberry Pi check; fixing breaking changes when not using built-in Tor #1037 (kdmukai)
• Bugfix: Remove potentially non-final txid #1011 (benk10)
• Bugfix: auto-escaping of wallet.account_map json in pdf backup #976 (djpnewton)
• Bugfix: typo #1008 (Jan Rothen)
• Bugfix: HWI2 integration issues #1045 (benk10)
• Chore: Bump jinja2 from 2.11.2 to 2.11.3 #1033 (dependabot[bot])
• Chore: Some more Cypress tests #970 (benk10)
• Chore: Re-applying config change to pass Black formatting #1003 (kdmukai)
• Chore: Cypress travis #997 (Kim Neunert)
• Docs: added signature-verification to FAQ #1042 (Kim Neunert)
• Docs: Update DEVELOPMENT.md for Raspi #1032 (kdmukai)
• Docs: update to specify correct docker tag #971 (kdmukai)
• Docs: Fixed typos in faq.md #1004 (Dimitris Tsapakidis)
• Docs: Add link to RaspiBlitz connection guide #1041 (d11n)
• Feature: Add "Abandon transaction" option for low fee txs that have been purged from the mempool #991 (kdmukai)
• Feature: Add full edit transaction for RBF #998 (benk10)
• Feature: Add mempool.space as an option for fee estimation and block explorer #1020 (benk10)
• Feature: many more currencies to the price provider #1021 (benk10)
• Feature: Move wallets loading process to background #1017 (benk10)
• Feature: Setup Bitcoin Core from Specter #1007 (benk10)
• Feature: Show wallets overview for / , resolves #1018 #1019 (benk10)
• Feature: improved the description of the CLI arguments/options #984 (8go)
• Feature: Logging improvements #1043 (Kim Neunert)
• Feature: Move to HWI v2 #1001 (benk10)
• Feature: Specter-DIY: add sd card support #1047 (Stepan Snigirev)
• UIUX: changing the background color of that input/output (using colors based on the send/receive svg icons) #989 (djpnewton)
• UIUX: HWI Bridge design improvement #1015 (benk10)

Signatures and hashes

sha256.signed.txt file contains sha256 hashes of all binary files and signed with @ben-kaufman's GPG key. You can get the public key from here: https://benkaufman.info/ben-kaufman.asc. It is also available via keys.gnupg.net or keys.openpgp.org. Fingerprint of the key is 5DF6 A760 1DB8 B78E BDEC 18DB 5D27 DE56 4153 F2BD, short id: 5d27de564153f2bd

v1.3.0-pre2 - This is a pre-release (i.e. beta software).

Use this with caution!!!

Main changes to test:

• Bitcoin Core and Tor setup: Specter now has a new setup wizard, accessible from the main screen, which allows setting up Bitcoin Core and Tor directly from Specter. You can also setup Tor separately from the Tor settings tab. The Tor and Bitcoin Core will automatically start and stop with Specter launch/ close. (Warning: If you're already using Bitcoin Core on the machine you're testing the setup on, Specter by default will use and override existing files in the default location of Bitcoin Core - since we assume users who need Bitcoin Core installation from Specter don't have a node there already. If that is a concern for you, make sure to specify a custom path to Bitcoin Core data folder so Specter will use that instead, this can be done from the advanced section of the wizard).
• Full RBF editing option: You can now fully edit an RBF transaction - i.e. change recipient address, add inputs, edit amounts etc.
• HWI v2.0.0: New version of HWI with major changes, meaning all USB-connected hardware wallets should be tested to ensure the new version did not break any integration.
• BitBox02 Multisig support: With HWI v2.0.0, Specter now supports using BitBox02 in multisig setups.
• Async wallets loading: The process of loading existing wallets into Specter on startup has been moved to the background. Specter should now start up much faster, and you may see loading indication at first for the wallets.
• Abandon transaction: If you sent a transaction that has been purged from the mempool, it is now possible to make your wallet forget it so that the funds are spendable again.
• Mempool.space fee estimation: The default fee estimation source is now mempool.space. It's also possible to configure in the general settings to use either Bitcoin Core, or a self-hosted instance of mempool.space.
• Block explorer default options: We now have default options for block explorers instead of only free text. It's still possible to use as free text by choosing custom.
• HWI Bridge Redesign: The process and design of configuring Specter used on a remote machine to allow USB connections has been simplified and redesigned.
• More currencies and precious metals in price bar: More currencies are now available for automated price pulling, also precious metals, with multiple weight unit options, are now available too.
• Fix escaping of JSON wallet backup: Avoid escaping the JSON file downloaded on wallet backup.
• Fix Bitcoin Core v0.21 UTXO consolidation issue: Previous version had a bug where UTXO consolidation transactions were would always show up as unconfirmed if Bitcoin Core v0.21 is used.
• Fix Signet Nested SegWit: Nested SegWit addresses on Signet were previously generated incorrectly.

Planned release-notes:

• Bugfix: bump embit version, add secp binary #1031 (Stepan Snigirev)
• Bugfix: consolidations issue #1034 (benk10)
• Bugfix: Default bitcoind timeout to 60s for all platforms #1044 (kdmukai)
• Bugfix: Raspberry Pi check; fixing breaking changes when not using built-in Tor #1037 (kdmukai)
• Bugfix: Remove potentially non-final txid #1011 (benk10)
• Bugfix: auto-escaping of wallet.account_map json in pdf backup #976 (djpnewton)
• Bugfix: typo #1008 (Jan Rothen)
• Bugfix: HWI2 integration issues #1045 (benk10)
• Chore: Bump jinja2 from 2.11.2 to 2.11.3 #1033 (dependabot[bot])
• Chore: Some more Cypress tests #970 (benk10)
• Chore: Re-applying config change to pass Black formatting #1003 (kdmukai)
• Chore: Cypress travis #997 (Kim Neunert)
• Docs: added signature-verification to FAQ #1042 (Kim Neunert)
• Docs: Update DEVELOPMENT.md for Raspi #1032 (kdmukai)
• Docs: update to specify correct docker tag #971 (kdmukai)
• Docs: Fixed typos in faq.md #1004 (Dimitris Tsapakidis)
• Docs: Add link to RaspiBlitz connection guide #1041 (d11n)
• Feature: Add "Abandon transaction" option for low fee txs that have been purged from the mempool #991 (kdmukai)
• Feature: Add full edit transaction for RBF #998 (benk10)
• Feature: Add mempool.space as an option for fee estimation and block explorer #1020 (benk10)
• Feature: many more currencies to the price provider #1021 (benk10)
• Feature: Move wallets loading process to background #1017 (benk10)
• Feature: Setup Bitcoin Core from Specter #1007 (benk10)
• Feature: Show wallets overview for / , resolves #1018 #1019 (benk10)
• Feature: improved the description of the CLI arguments/options #984 (8go)
• Feature: Logging improvements #1043 (Kim Neunert)
• Feature: Move to HWI v2 #1001 (benk10)
• Feature: Specter-DIY: add sd card support #1047 (Stepan Snigirev)
• UIUX: changing the background color of that input/output (using colors based on the send/receive svg icons) #989 (djpnewton)
• UIUX: HWI Bridge design improvement #1015 (benk10)

Signatures and hashes

sha256.signed.txt file contains sha256 hashes of all binary files and signed with @ben-kaufman's GPG key. You can get the public key from here: https://benkaufman.info/ben-kaufman.asc. It is also available via keys.gnupg.net or keys.openpgp.org. Fingerprint of the key is 5DF6 A760 1DB8 B78E BDEC 18DB 5D27 DE56 4153 F2BD, short id: 5d27de564153f2bd

v1.3.0-pre1 - This is a pre-release (i.e. beta software).

Use this with caution!!!

Signatures and hashes

sha256.signed.txt file contains sha256 hashes of all binary files and signed with @ben-kaufman's GPG key. You can get the public key from here: https://benkaufman.info/ben-kaufman.asc. It is also available via keys.gnupg.net or keys.openpgp.org. Fingerprint of the key is 5DF6 A760 1DB8 B78E BDEC 18DB 5D27 DE56 4153 F2BD, short id: 5d27de564153f2bd

Summary

The last hotfix release broke the Tor installation on fresh installs. This release fixes this.

• Fix Tor installation on fresh installs

Newbie Guide

While setting up Wasabi is straightforward, even a Linux wizard with the longest beard can get stuck on the most basic tasks. Consider taking a look at the Installation Instructions guide.

Advanced Guide

If you want to build Wasabi from source code or update the source code check out these instructions.

From version 1.1.3 Wasabi also introduces reproducible builds: Deterministic Build Guide

Build with .NET Core 3.1.407-win-x64.

FAQ

• Frequently asked questions here.
• Requirements? x64, Linux, >Win10, >macOS 10.13.

Release Notes

• Tor install fix https://github.com/zkSNACKs/WalletWasabi/pull/5411

Changelog

• New --prune-until <target> option to automatically prune the chain up to the given target (height, unix timestamp or YYYY-MM-DD formatted date)

Require configuring bitcoind with prune=1 to allow manual pruning via the RPC.

• New --no-wait-sync option to allow importing addresses without waiting for bitcoind to finish syncing first

Useful for tracking wallets during the IBD of a pruned node, so transactions could be indexed before the blocks get pruned.

• Fix compatibility with the upcoming v0.22 Bitcoin Core release (https://github.com/sparrowwallet/sparrow/issues/67#issuecomment-791522237)

• HTTP: Set the WWW-Authenticate header to make logging-in possible via web browsers

• Implement an fd-based daemon readiness notification mechanism, enabled with FD_NOTIFY=<fd>

• Fix whitepaper extractor

• UX touchups for progress indicator, welcome banner and logs

• Allow setting UNIX_LISTENER_MODE to control permissions for the unix socket notification listener

• Allow setting NO_REQUIRE_ADDRESSES as an env variable

Breaking CLI changes:

• The Electrum SOCKS5-based authentication needs to be explicitly enabled with --electrum-socks-auth, in addition to enabling the --auth-* options. By default, authentication will only be enabled for the HTTP API server.

Also see the v0.2.3 releases for bwt-electrum-plugin, libbwt, libbwt-nodejs and libbwt-jni.

Installation

Installation instructions are available on the README.

Verifying signatures

The releases are signed by Nadav Ivgi (@shesek). The public key can be verified on the PGP WoT, github, twitter, keybase, hacker news and this video presentation.

```bash

Download (change x86_64-linux to your platform)

$ wget https://github.com/bwt-dev/bwt/releases/download/v0.2.3/bwt-0.2.3-x86_64-linux.tar.gz

Fetch public key

$ gpg --keyserver keyserver.ubuntu.com --recv-keys FCF19B67866562F08A43AAD681F6104CD0F150FC

Verify signature

$ wget -qO - https://github.com/bwt-dev/bwt/releases/download/v0.2.3/SHA256SUMS.asc \ | gpg --decrypt - | grep ' bwt-0.2.3-x86_64-linux.tar.gz$' | sha256sum -c -

$ tar zxvf bwt-0.2.3-x8664-linux.tar.gz $ ./bwt-0.1.5-x8664-linux/bwt --xpub ... ```

The signature verification should show Good signature from "Nadav Ivgi <nadav@shesek.info>" ... Primary key fingerprint: FCF1 9B67 ... and bwt-0.2.3-x86_64-linux.tar.gz: OK.

Reproducible builds

The builds are fully reproducible.

You can verify the checksums against the v0.2.3 builds on Travis CI: https://travis-ci.org/github/bwt-dev/bwt/builds/763199070

See more details here.

Summary

The recent macOS update broke the initialization of the build-in Tor client in Wasabi. As a result, the client was not able to start Tor client, thus it was not able to connect to our Backend.

• Tor fix on the newest macOS.
• Update HWI to 2.0.0
• Add Ledger Nano X support

Newbie Guide

While setting up Wasabi is straightforward, even a Linux wizard with the longest beard can get stuck on the most basic tasks. Consider taking a look at the Installation Instructions guide.

Advanced Guide

If you want to build Wasabi from source code or update the source code check out these instructions.

From version 1.1.3 Wasabi also introduces reproducible builds: Deterministic Build Guide

Build with .NET Core 3.1.407-win-x64.

FAQ

• Frequently asked questions here.
• Requirements? x64, Linux, >Win10, >macOS 10.13.

Release Notes

• Tor update https://github.com/zkSNACKs/WalletWasabi/pull/5295
• New support link https://github.com/zkSNACKs/WalletWasabi/pull/5184
• HWI update https://github.com/zkSNACKs/WalletWasabi/pull/5331
• Ledger Nano X support https://github.com/zkSNACKs/WalletWasabi/pull/5270

Also available on PyPi and can be installed with pip install -U hwi

Added

• BitBox02 multisig signing.
• Documentation automatically generated with sphinx and hosted on https://hwi.readthedocs.io.
• Support for Python 3.9.
• Trezor allows transactions with OP_RETURN outputs.
• Full type annotations within hwilib and type checking.
• Updated documentation for Bitcoin Core descriptor wallets.
• Device support policy
• Enforce that the Ledger is in either the Bitcoin or Bitcoin Testnet apps.

Changed

• --sh_wpkh and --wpkh options have been replaced with --addr-type with the options legacy, sh_wit, and wit.
• --testnet option replaced with --chain with the options main, test, signet, and regtest.
• Overhauled descriptors implementation to be similar to Bitcoin Core's descriptors implementation.
• Replaced HardwareWalletClient.display_address with display_singlesig_address and display_multisig_address.
• Overhauled HardwareWalletClient functions to return the correct objects rather than string dictionaries.
• Raise errors and exceptions instead of returning string dictionary containing error.
• bech32.py, base58.py, cli.py, and gui.py are made internal modules.
• serializations.py is split into tx.py, psbt.py with some functions made internal with _script.py and _serialize.py.
• getmasterxpub takes options for chain type, address type, and BIP 44 account in order to provide the master xpub accordingly.

Removed

• Removed option to provide redeem script to displayaddress.

Fixed

• Fixed Ledger change path detection.
• Fixed Ledger message signing when the signature is shorter than expected.
• Fixed Trezor One pin sending when a passphrase is expected.
• Fixed handling of sortedmulti() descriptors. Some devices which only supported key sorting will be no longer allow multi() descriptors. The multisigs that devices use when given a sortedmulti() descriptor will now match what Bitcoin Core derives for those descriptors.
• Several fixes to device enumeration.
• installudevrules will search for the correct binaries in the PATH rather than assuming their locations.

Release Candidate 3 for HWI 2.0.0

See blog post for more details.

Features:

• New Wallet Setup UI (see #2164, #2296) @dennisreimann @dstrukt
• Greenfield: New on-chain wallet API @Kukks
• Greenfield: Ability to configure store's lightning payment methods @Kukks
• Allow an invoice to be marked invalid/complete even from the new state @Kukks
• Point of Sale and Crowdfund: Allow custom buy button text (see #2299) @dennisreimann
• Specter wallet file import (see #2252) @dennisreimann

Improvements:

• Reenabling uppercase BECH32 in QR codes (see #2110) @rockstardev
• If a store is set to internal node, use "Internal Node" as connection string rather than the actual connection string. @NicolasDorier
• Improve Policies options UX in server settings (see #2307) @dstrukt @dennisreimann
• Fix view payment request loading spinner alignment @bumbummen99
• Fix cart pay button loading spinner vertical alignment @bumbummen99
• Invoices list: Remove icon indicator for onchain (see #2240) @dennisreimann
• Login: Improve tab navigation for input fields (see #2258) @dennisreimann

Bug fixes:

• Hovering the mouse pointer on invoice logs row would make them unreadable @bolatovumar
• Remove exchange rates that lost support in Coingecko @NicolasDorier
• Get invoice in greenfield was crashing if invoiceId did not exist @NicolasDorier
• Getting a file from the storage service which did not exist would return http 500 instead of 404 @NicolasDorier
• Fix direct URL for local storage with custom root path #2318 @bolatovumar
• The pay button would not show up properly on some websites @bolatovumar
• Profile email change should check email's availability @NicolasDorier
• Fixed mysql/sqlite support @ketominer
• Checkout: Fix scan/copy tab sizes with varying content (see #2264) @dennisreimann
• Greenfield: Lightning API would return HTTP 500 if store owner did not set the connection string @dennisreimann
• Point of Sale: The custom price was not properly working (see #2248) @bolatovumar

Release Candidate 2 for HWI 2.0.0

Main changes

The channel creation fee for pay-to-open has been increased: it's still 0.1% but there is now a 1000 sat minimum. The manual confirmation dialog and asynchronous pay-to-open logic have been removed. The FTUE page regarding the channel opening cost has been updated as well as the swap-in dialog so that we can display this new fee minimum value.

Complete list of changes

• app: https://github.com/ACINQ/phoenix/compare/v1.4.7...v1.4.8

Verifying signatures

You will need gpg and our release signing key E434ED292E85643A. Note that you can get it: - from our website: https://acinq.co/pgp/padioupm.asc - from github user @pm47, a committer on eclair: https://api.github.com/users/pm47/gpg_keys

To import our signing key: $ gpg --import padioupm.asc

To verify the release file checksums and signatures: $ gpg -d SHA256SUMS.asc > SHA256SUMS.stripped $ sha256sum -c SHA256SUMS.stripped

Main changes

Improve LNURL error feedback

Errors returned by LNURL services were not properly handled and information was lost, causing confusion, especially for LNURL-withdraw.

Notify user when channel opening is rejected

If a new channel must be created to receive an incoming payment but the amount is below the channel creation threshold, a notification is displayed. Note that this is not enabled yet because changes on the peer side are also needed.

-- edit: this is now enabled.

Complete list of changes

• app: https://github.com/ACINQ/phoenix/compare/v1.4.6...v1.4.7
• core: https://github.com/ACINQ/eclair/compare/v0.4.8-android-phoenix...v0.4.9-android-phoenix

Thanks again @bitcoinuser for updating the Portuguese-Brazilian translation.

Verifying signatures

You will need gpg and our release signing key E434ED292E85643A. Note that you can get it: - from our website: https://acinq.co/pgp/padioupm.asc - from github user @pm47, a committer on eclair: https://api.github.com/users/pm47/gpg_keys

To import our signing key: $ gpg --import padioupm.asc

To verify the release file checksums and signatures: $ gpg -d SHA256SUMS.asc > SHA256SUMS.stripped $ sha256sum -c SHA256SUMS.stripped

A newer version is already available! Please don’t use this version anymore.

This is a hotfix release that fixes an issue when trading messages are resent on application startup.

Here are the release notes from v1.5.8:

Release notes

This release improves DAO charts to make it easier to drill into the DAO economics, it ships improvements for Amazon eGift Cards, adds new SEPA countries and the possibility to try out pre-release versions without the need of manual downloads and verification (see settings)...and lots of bug fixes and improvements across the board.

DAO

• Improve facts and figures

UI

• Add colored decimal places with zeros for dark mode
• Fix stale trade statistics list view when new entries arrive

Trading

• Specify Amazon eGift Card country
• Add four SEPA payment account countries: AD, SM, VA, JE
• "Cash by Mail" instructions improvements
• Fix startup error: "You must have bootstrapped before adding data to the P2P network"
• Fix NullPointerException in trader chat when trade contract is not set
• Fix NullPointerException at offer entry when trading account is switched
• Prevent erroneous logging of 'SignaturePubKey in message does not match'

Wallet

• Check wallet is available and/or unlocked when creating an offer
• Obtain the minimum withdrawal fee from mempool.space

Reliability

• New Feature: Pre-release notifications
• Fix multiple request preliminary data calls
• Fix initialization ordering issue

Privacy

• Update to Tor version v0.4.5.6

Mediation/Arbitration

• Refund agent payout to use withdrawal fee rate from settings
• Manual payout tool: prevent absurdly high fee payout
• Fix Mediator's name

Performance

• Speed up deposit and transactions view loads

Network

• Replace deprecated Bisq explorer settings
• Show popup if no filter is delivered

API

• Add api method 'stop'
• Api v1 Beta Test Guide
• Add core api method help docs
• Add apitest rolling offer simulation script
• Define gRPC api call rate constraints
• Fix method help typos
• Fix find pid on OSX

Development

• Remove unused BalanceWithConfirmationTextField
• Avoid reverse DNS lookup in BtcNodeConverterTest
• Fix log message when opening browser link

Assets

No new assets.

Verification

Url of the signing key (Christoph Atteneder): https://bisq.network/pubkey/29CDFD3B.asc Full fingerprint: CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B

Import the key: curl https://bisq.network/pubkey/29CDFD3B.asc | gpg --import GPG prints a confusion warning: "This key is not certified with a trusted signature!" - See https://serverfault.com/questions/569911/how-to-verify-an-imported-gpg-key for background information what it means.

How to verify signatures? gpg --digest-algo SHA256 --verify BINARY{.asc*,} Replace BINARY with the file you downloaded (e.g. Bisq-1.5.9.dmg)

Verify jar file inside binary: You can verify on OSX the jar file with: shasum -a256 [PATH TO BISQ APP]/Bisq.app/Contents/Java/Bisq-1.5.9.jar The output need to match the value from the Bisq-1.5.9.jar.txt file.

Known issues with installation

macOS Catalina:

Bisq can't be opened because Apple cannot check it for malicious software

This happens the first time Bisq is run on macOS Catalina. It is because a new security feature in Catalina has newer requirements of how apps are packaged. We are working on ways to address this (see #3402 and #4196 for details).

Workaround: Right click on the installed Bisq app > Click Open (warning popup shown again, but with new button available) > Click Open

Bisq would like to receive keystrokes from any application.

Discussed in issue https://github.com/bisq-network/bisq/issues/3373, you will see a permission request in the latest macOS version that Bisq wants to receive keystrokes from any application. Unfortunately that is an issue for all Java applications that are run on Catalina right now. We are investigating already how to solve this issue and will fix in one of our next updates.

Windows:

There is a known issue with Anti Virus software. We got several reports from users running into different problems. Either the AV software blocks Bisq or Tor, delete files in the data directory [2] or app directory [1]) or cause such a long delay at startup that Tor gets terminated and a file remains locked which can cause that Bisq cannot be started afterwards. To resolve that you need to restart Windows then the lock get released. We are working on solutions to fix those issues.

If you use Crypto currencies on your Windows system be aware that Windows is much more vulnerable to malware than Linux or OSX. Consider to use a dedicated non-Windows system when dealing with cryptocurrencies.

[1] Application directory (contains application installation files): C:\Users<username>\AppData\Local\Bisq

[2] Data directory (contains all Bisq data including wallet): C:\Users<username>\AppData\Roaming\Bisq\btc_mainnet\tor (you can delete everything except the hiddenservice directory)

Linux:

Hint for Debian users: If you have problems starting Bisq on Debian use: /opt/Bisq/Bisq

If your Linux distro does not support .deb files please follow this instruction: cd ~/Downloads mkdir tmp cd tmp ar x ../Bisq-64bit-1.5.9.deb sudo tar Jxvf data.tar.xz sudo cp -rp opt/Bisq /opt/ That instruction is not tested on many different distros. If you encounter problems please report it in a Github issue so we can improve it.

Credits

Thanks to everyone who directly contributed to this release:

• @chimp1984
• @ripcurlx
• @ghubstan
• @huey735
• @jakub_cz
• @jmacxx
• @sqrrm
• @stejbac
• @bisqubutor

A special thanks to our first time contributor:

• @bisqubutor: Add colored decimal places with zeros for dark mode

As well as to everyone that helped with translations on Transifex.

This release includes many bug fixes and improvements, a new API and monitoring updates. It is fully compatible with 0.5.0 (and all previous versions of eclair).

Major changes

Improved startup performance

When eclair starts up and restores channels, it makes a lot of calls to bitcoind to check the status of each channel. We improved our calling pattern to greatly reduce the number of calls made when some channels are closing. This is particularly noticeable when the mempool is quite full and you have many channels.

See #1699 for details.

Gossip sync improvements

Most of the bandwidth consumed by lightning nodes is due to gossip (syncing the network graph). When your eclair node has a lot of peers and doesn't use a sync-whitelist, you may end up syncing with many different peers and obtaining redundant information, thus wasting bandwidth. Eclair now only syncs with peers you have a channel with to reduce bandwidth usage.

Anchor outputs

This release contains a lot of changes for the upcoming anchor outputs commitment format:

• the feerate of the commitment transaction is kept low to improve off-chain channel usage
• transactions with multiple inputs and outputs are now supported
• CPFP and RBF utilities have been added to increase the feerate of commitment and htlc transactions

While you can start experimenting with this commitment format, it is still not safe to activate in production. Anchor outputs is a complex and subtle change that requires re-architecting most of our transaction broadcasting logic and utxo management. We are making steady progress towards that, but we're not there yet.

Monitoring changes

Kamon tracing has been removed in this release. It was too invasive in the codebase, generally unused and was costing some bandwidth. We've found that metrics and logs are enough to correctly monitor your eclair node.

Additional metrics to monitor transaction signing have been added. The rate of transaction signatures is a good indicator of how busy your node is.

API changes

This release adds a new path-finding API:

• findroutebetweennodes lets you inspect the network graph by looking for routes between two nodes (whereas findroute only allowed finding routes between your node and a remote node)

Head over to our API documentation for more details.

Miscellaneous improvements and bug fixes

• Correctly sort addresses in its node_announcement (#1693)
• Allow 2016 blocks before unconfirmed channels are forgotten (#1692)
• Re-emit private channel updates more frequently, improving payments to mobile wallets (#1671)
• Correctly handle channel failures in private routing hints, fixing an edge case for payments to mobile wallets (#1675)
• Drop support for initial_routing_sync: this was bandwidth-heavy and now unnecessary (#1683)
• Fix an MPP-send edge-case (#1685)
• Fix race condition between outgoing payment and peer disconnection (#1688)
• Fix race condition between update_fee and shutdown, which could lead to channels stuck in shutdown (#1661)
• Ensure transactions we publish always meet bitcoin's min_relay_fee (#1687)
• Fix an edge case where an HTLC failure was not correctly relayed upstream if revoke_and_ack had not been received (#1706)

Verifying signatures

You will need gpg and our release signing key 7A73FE77DE2C4027. Note that you can get it:

• from our website: https://acinq.co/pgp/drouinf.asc
• from github user @sstone, a committer on eclair: https://api.github.com/users/sstone/gpg_keys

To import our signing key:

sh $ gpg --import drouinf.asc

To verify the release file checksums and signatures:

sh $ gpg -d SHA256SUMS.asc > SHA256SUMS.stripped $ sha256sum -c SHA256SUMS.stripped

Building

Eclair builds are deterministic. To reproduce our builds, please use the following environment (*):

• Ubuntu 19.10
• AdoptOpenJDK 11.0.6
• Maven 3.6.3

Use the following command to generate the eclair-node package:

sh mvn clean install -DskipTests

That should generate eclair-node/target/eclair-node-0.5.1-XXXXXXX-bin.zip with sha256 checksums that match the one we provide and sign in SHA256SUMS.asc

(*) You may be able to build the exact same artefacts with other operating systems or versions of JDK 11, we have not tried everything.

Upgrading

This release is fully compatible with Eclair v0.5.0. You don't need to close your channels, just stop eclair, upgrade and restart.

Changelog

• 923ca26f Set version to 0.5.1-SNAPSHOT (#1651)
• b75f6c36 Fix duplicate commit id in awseb bundle (#1650)
• 5f9d0d91 Relax cltv-expiry-delta requirement when selecting a channel to relay (#1655)
• dd8975ae Make ChannelVersion methods public (#1656)
• 7343283f Add test for duplicate temporary channel id (#1660)
• 629c2e69 Fix rare race conditions in integration tests (#1653)
• b477d179 Update build instructions for front (#1658)
• e369ba9a More aggressively re-emit private channel updates (#1671)
• d40b321d Blockchain watchdogs use unique actor name (#1667)
• 9c4ab7d9 Fix HTLC fulfill race condition in integration spec (#1666)
• 81f15aab Refactor and improve some channel tests (#1654)
• 54ca2922 Remove kamon tracing (#1662)
• 34e901db Clarify default relay fee change (#1673)
• c75d9143 Fix failing reconnection tests (#1678)
• 0127ace4 Remote failure updating routing hint (#1675)
• ac054a2b Only sync with channel peers (#1587)
• d0531883 Truncate hex strings in front logs (#1679)
• 49023625 Refactor channel test helpers (#1682)
• f241ef93 Remove support for initialroutingsync (#1683)
• 63d972bd Fix a few typos (#1684)
• 5d3958dd Fix MPP path-finding edge case (#1685)
• 15c1837d Add tx signing metrics (#1659)
• 72179de0 PaymentLifecycle handle disconnected peers (#1688)
• fdeb3ce7 Correctly set gossip sync_complete (#1668)
• 36e8c056 Shutdown and UpdateFee should not be intertwined (#1661)
• 2a359c6a Publish txs with min-relay-fee met (#1687)
• 82e5b596 Sort addresses in node announcement (#1693)
• 3a94a804 Reject unreasonable remote dust limit (#1694)
• fdb57b43 Find route between nodes (#1695)
• 9618a6a7 Add a maximum fee threshold for anchor outputs (#1672)
• ab89851c Relax single tx input requirements (#1677)
• 08351508 Update funding timeout fundee (#1692)
• d9c0b862 Refactor bitcoin clients (#1697)
• 5163749a [eclair-cli] Use multiplatform escape sequence
• fa759f1e Fix PaymentLifecycle warning (#1703)
• c1bf9bd1 Optimize watching for spending txs (#1699)
• d02b900a Fix annoying compiler warning (#1704)
• a3c477e3 Address all intellij warnings for Channel.scala (#1705)
• bf2a35f7 Relay partially failed htlcs when closing (#1706)
• 5d662fc3 Set anchor output feerates when force-closing (#1702)
• 8065d0bb Add a serializer for DoSync (#1708)
• 8d4da2fa Improve channel state tests (#1709)
• 26468862 fixup! Improve channel state tests (#1709) (#1712)
• 34796691 Disable jdbc instrumentation by default (#1713)
• 98bb7be7 Set version to 0.5.1 (#1707)

Thanks to our new contributors, @tompro and @ariskk!

New

• Offline Signing and Cold Storage

Allows a BlueWallet app on any mobile phone to sign transactions offline. Using PSBTs and Airgapped Animated QR codes to transmit information on the dark.

• Long press on Transaction Row to get shortcuts
• Tap and hold to Share QRCode image
• QR code scanner to wallet/broadcast screen
• Apple Watch Price Complication
• Copying Block Explorer Link
• If unable to connect to server, show alert

Fixed

• Wallet delete would cause crash
• Browser crash when accessing wallet
• Widgets were not showing on drawer
• Screen titles language
• QRCode save alert description
• QRCode size on large devices
• Transactions/details screen graceful error handling
• Electrum protocol graceful error handling
• Better bitcoinscript error handling
• Fee selection in darkmode

Languages updates

• Arabic, Russian, Greek, Polish, Japanese, Portuguese, Portuguese Brazilian, Swedish, Thai, Finnish, Persian, Dutch, German, French and Chinese.

A special shout out to @bitkarrot and @et_sam from the Hong Kong Bitcoin Association on the Chinese translation work.

Download

A newer version is already available! Please don’t use this version anymore.

This is a follow-up release that obtains the minimum withdrawal fee from mempool.space to avoid transactions being rejected by the bitcoin network for having too low a fee.

Here are the release notes from v1.5.7:

Release notes

This release improves DAO charts to make it easier to drill into the DAO economics, it ships improvements for Amazon eGift Cards, adds new SEPA countries and the possibility to try out pre-release versions without the need of manual downloads and verification (see settings)...and lots of bug fixes and improvements across the board.

DAO

• Improve facts and figures

UI

• Add colored decimal places with zeros for dark mode
• Fix stale trade statistics list view when new entries arrive

Trading

• Specify Amazon eGift Card country
• Add four SEPA payment account countries: AD, SM, VA, JE
• "Cash by Mail" instructions improvements
• Fix startup error: "You must have bootstrapped before adding data to the P2P network"
• Fix NullPointerException in trader chat when trade contract is not set
• Fix NullPointerException at offer entry when trading account is switched
• Prevent erroneous logging of 'SignaturePubKey in message does not match'

Wallet

• Check wallet is available and/or unlocked when creating an offer
• Increase min withdrawal tx fee to 15 sats/vB

Reliability

• New Feature: Pre-release notifications
• Fix multiple request preliminary data calls
• Fix initialization ordering issue

Privacy

• Update to Tor version v0.4.5.6

Mediation/Arbitration

• Refund agent payout to use withdrawal fee rate from settings
• Manual payout tool: prevent absurdly high fee payout
• Fix Mediator's name

Performance

• Speed up deposit and transactions view loads

Network

• Replace deprecated Bisq explorer settings
• Show popup if no filter is delivered

API

• Add api method 'stop'
• Api v1 Beta Test Guide
• Add core api method help docs
• Add apitest rolling offer simulation script
• Define gRPC api call rate constraints
• Fix method help typos
• Fix find pid on OSX

Development

• Remove unused BalanceWithConfirmationTextField
• Avoid reverse DNS lookup in BtcNodeConverterTest
• Fix log message when opening browser link

Assets

No new assets.

Verification

Url of the signing key (Christoph Atteneder): https://bisq.network/pubkey/29CDFD3B.asc Full fingerprint: CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B

Import the key: curl https://bisq.network/pubkey/29CDFD3B.asc | gpg --import GPG prints a confusion warning: "This key is not certified with a trusted signature!" - See https://serverfault.com/questions/569911/how-to-verify-an-imported-gpg-key for background information what it means.

How to verify signatures? gpg --digest-algo SHA256 --verify BINARY{.asc*,} Replace BINARY with the file you downloaded (e.g. Bisq-1.5.8.dmg)

Verify jar file inside binary: You can verify on OSX the jar file with: shasum -a256 [PATH TO BISQ APP]/Bisq.app/Contents/Java/Bisq-1.5.8.jar The output need to match the value from the Bisq-1.5.8.jar.txt file.

Known issues with installation

macOS Catalina:

Bisq can't be opened because Apple cannot check it for malicious software

This happens the first time Bisq is run on macOS Catalina. It is because a new security feature in Catalina has newer requirements of how apps are packaged. We are working on ways to address this (see #3402 and #4196 for details).

Workaround: Right click on the installed Bisq app > Click Open (warning popup shown again, but with new button available) > Click Open

Bisq would like to receive keystrokes from any application.

Discussed in issue https://github.com/bisq-network/bisq/issues/3373, you will see a permission request in the latest macOS version that Bisq wants to receive keystrokes from any application. Unfortunately that is an issue for all Java applications that are run on Catalina right now. We are investigating already how to solve this issue and will fix in one of our next updates.

Windows:

There is a known issue with Anti Virus software. We got several reports from users running into different problems. Either the AV software blocks Bisq or Tor, delete files in the data directory [2] or app directory [1]) or cause such a long delay at startup that Tor gets terminated and a file remains locked which can cause that Bisq cannot be started afterwards. To resolve that you need to restart Windows then the lock get released. We are working on solutions to fix those issues.

If you use Crypto currencies on your Windows system be aware that Windows is much more vulnerable to malware than Linux or OSX. Consider to use a dedicated non-Windows system when dealing with cryptocurrencies.

[1] Application directory (contains application installation files): C:\Users<username>\AppData\Local\Bisq

[2] Data directory (contains all Bisq data including wallet): C:\Users<username>\AppData\Roaming\Bisq\btc_mainnet\tor (you can delete everything except the hiddenservice directory)

Linux:

Hint for Debian users: If you have problems starting Bisq on Debian use: /opt/Bisq/Bisq

If your Linux distro does not support .deb files please follow this instruction: cd ~/Downloads mkdir tmp cd tmp ar x ../Bisq-64bit-1.5.8.deb sudo tar Jxvf data.tar.xz sudo cp -rp opt/Bisq /opt/ That instruction is not tested on many different distros. If you encounter problems please report it in a Github issue so we can improve it.

Credits

Thanks to everyone who directly contributed to this release:

• @chimp1984
• @ripcurlx
• @ghubstan
• @huey735
• @jakub_cz
• @jmacxx
• @sqrrm
• @stejbac
• @bisqubutor

A special thanks to our first time contributor:

• @bisqubutor: Add colored decimal places with zeros for dark mode

As well as to everyone that helped with translations on Transifex.

This update includes minor bug fixes for improved stability and security of your Umbrel.

If you face any difficulties while updating, please message us on Telegram: https://t.me/getumbrel

Diff: https://github.com/getumbrel/umbrel/compare/v0.3.6...v0.3.7

Umbrel v0.3.6 brings some performance improvements to the Mempool app, updates LND to v0.12.1, and includes some other small bug fixes.

If you face any difficulties while updating, please message us on Telegram: https://t.me/getumbrel

Diff: https://github.com/getumbrel/umbrel/compare/v0.3.5...v0.3.6

A newer version is already available! Please don’t use this version anymore.

Release notes

This release improves DAO charts to make it easier to drill into the DAO economics, it ships improvements for Amazon eGift Cards, adds new SEPA countries and the possibility to try out pre-release versions without the need of manual downloads and verification (see settings)...and lots of bug fixes and improvements across the board.

DAO

• Improve facts and figures

UI

• Add colored decimal places with zeros for dark mode
• Fix stale trade statistics list view when new entries arrive

Trading

• Specify Amazon eGift Card country
• Add four SEPA payment account countries: AD, SM, VA, JE
• "Cash by Mail" instructions improvements
• Fix startup error: "You must have bootstrapped before adding data to the P2P network"
• Fix NullPointerException in trader chat when trade contract is not set
• Fix NullPointerException at offer entry when trading account is switched
• Prevent erroneous logging of 'SignaturePubKey in message does not match'

Wallet

• Check wallet is available and/or unlocked when creating an offer
• Increase min withdrawal tx fee to 15 sats/vB

Reliability

• New Feature: Pre-release notifications
• Fix multiple request preliminary data calls
• Fix initialization ordering issue

Privacy

• Update to Tor version v0.4.5.6

Mediation/Arbitration

• Refund agent payout to use withdrawal fee rate from settings
• Manual payout tool: prevent absurdly high fee payout
• Fix Mediator's name

Performance

• Speed up deposit and transactions view loads

Network

• Replace deprecated Bisq explorer settings
• Show popup if no filter is delivered

API

• Add api method 'stop'
• Api v1 Beta Test Guide
• Add core api method help docs
• Add apitest rolling offer simulation script
• Define gRPC api call rate constraints
• Fix method help typos
• Fix find pid on OSX

Development

• Remove unused BalanceWithConfirmationTextField
• Avoid reverse DNS lookup in BtcNodeConverterTest
• Fix log message when opening browser link

Assets

No new assets.

Verification

Url of the signing key (Christoph Atteneder): https://bisq.network/pubkey/29CDFD3B.asc Full fingerprint: CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B

Import the key: curl https://bisq.network/pubkey/29CDFD3B.asc | gpg --import GPG prints a confusion warning: "This key is not certified with a trusted signature!" - See https://serverfault.com/questions/569911/how-to-verify-an-imported-gpg-key for background information what it means.

How to verify signatures? gpg --digest-algo SHA256 --verify BINARY{.asc*,} Replace BINARY with the file you downloaded (e.g. Bisq-1.5.7.dmg)

Verify jar file inside binary: You can verify on OSX the jar file with: shasum -a256 [PATH TO BISQ APP]/Bisq.app/Contents/Java/Bisq-1.5.7.jar The output need to match the value from the Bisq-1.5.7.jar.txt file.

Known issues with installation

macOS Catalina:

Bisq can't be opened because Apple cannot check it for malicious software

This happens the first time Bisq is run on macOS Catalina. It is because a new security feature in Catalina has newer requirements of how apps are packaged. We are working on ways to address this (see #3402 and #4196 for details).

Workaround: Right click on the installed Bisq app > Click Open (warning popup shown again, but with new button available) > Click Open

Bisq would like to receive keystrokes from any application.

Discussed in issue https://github.com/bisq-network/bisq/issues/3373, you will see a permission request in the latest macOS version that Bisq wants to receive keystrokes from any application. Unfortunately that is an issue for all Java applications that are run on Catalina right now. We are investigating already how to solve this issue and will fix in one of our next updates.

Windows:

There is a known issue with Anti Virus software. We got several reports from users running into different problems. Either the AV software blocks Bisq or Tor, delete files in the data directory [2] or app directory [1]) or cause such a long delay at startup that Tor gets terminated and a file remains locked which can cause that Bisq cannot be started afterwards. To resolve that you need to restart Windows then the lock get released. We are working on solutions to fix those issues.

If you use Crypto currencies on your Windows system be aware that Windows is much more vulnerable to malware than Linux or OSX. Consider to use a dedicated non-Windows system when dealing with cryptocurrencies.

[1] Application directory (contains application installation files): C:\Users<username>\AppData\Local\Bisq

[2] Data directory (contains all Bisq data including wallet): C:\Users<username>\AppData\Roaming\Bisq\btc_mainnet\tor (you can delete everything except the hiddenservice directory)

Linux:

Hint for Debian users: If you have problems starting Bisq on Debian use: /opt/Bisq/Bisq

If your Linux distro does not support .deb files please follow this instruction: cd ~/Downloads mkdir tmp cd tmp ar x ../Bisq-64bit-1.5.7.deb sudo tar Jxvf data.tar.xz sudo cp -rp opt/Bisq /opt/ That instruction is not tested on many different distros. If you encounter problems please report it in a Github issue so we can improve it.

Credits

Thanks to everyone who directly contributed to this release:

• @chimp1984
• @ripcurlx
• @ghubstan
• @huey735
• @jakub_cz
• @jmacxx
• @sqrrm
• @stejbac
• @bisqubutor

A special thanks to our first time contributor:

• @bisqubutor: Add colored decimal places with zeros for dark mode

As well as to everyone that helped with translations on Transifex.

Database Migrations

There are no database migrations in v0.12.1-beta.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://keybase.io/bitconner/pgp_keys.asc | gpg --import curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.12.1-beta.sig and manifest-v0.12.1-beta.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.12.1-beta.sig manifest-v0.12.1-beta.txt

You should see the following if the verification was successful:

gpg: Signature made Mon Feb 22 19:23:11 2021 PST gpg: using RSA key 9C8D61868A7C492003B2744EE7D737B67FA592C7 gpg: Good signature from "Conner Fromknecht <conner@lightning.engineering>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimeStamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.12.1-beta.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands: ots verify manifest-roasbeef-v0.12.1-beta.sig.ots ots verify manifest-v0.12.1-beta.txt.ots

Alternatively, the open timestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved. The release binaries are compiled with go1.15.7, which is required by verifiers to arrive at the same ones. They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, routerrpc, and watchtowerrpc. Note that these are already included in the release script, so they do not need to be provided.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.12.1-beta gpg: Signature made Mon Feb 22 17:11:56 2021 PST gpg: using RSA key 9C8D61868A7C492003B2744EE7D737B67FA592C7 gpg: Good signature from "Conner Fromknecht <conner@lightning.engineering>" [ultimate]

Verifying the Docker Images

To verify the lnd and lncli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

shell $ docker run --rm --entrypoint="" lightninglabs/lnd:v0.12.1-beta /verify-install.sh v0.12.1-beta $ OK=$? $ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done $ docker run lightninglabs/lnd [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming that vendor.tar.gz and lnd-source-v0.12.1-beta.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz tar -xvzf lnd-source-v0.12.1-beta.tar.gz GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.12.1-beta" ./cmd/lnd GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.12.1-beta" ./cmd/lncli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

Spec Compatibility

• 0.12.1-beta fixes a recently discovered edge-case in the spec surrounding retransmission of RevokeAndAck and CommitSig that can lead to channel force closures if they are not retransmitted in the same order upon reconnection. This version now persists this extra state required to determine the correct transmission order, in accordance with the new spec requirements. This eliminates a potential vector for channel desynchronization on restart once both sides of the channel have updated and a successful state transition is performed.
• Prior to this version, lnd may have incorrectly attempted an MPP payment even if the receiver's NodeAnnouncement or invoice did not set the MPP feature bit. This was caused by a bug that incorrectly assumed support for payment_secrets implied support for MPP. A fix has been applied that limits the maximum number of splits to 1 when the receiver doesn't support MPP.

Gossip Propagation Improvements

This release reverts the removal of the premature channel update cache that was removed in 0.12.0-beta. Absence of the cache was seen to cause issues with channel update propagation, so the change is reverted to restore the pre-0.12.0-beta behavior and stability. The current plan is to reschedule the cache's removal for 0.13 after performing more extensive investigation.

In addition, the gossip throttling adding in v0.12.0 has been refactored to be less aggressive with respect to non-keepalive channel updates, i.e. channel updates that differ in more than just the timestamp. Previously lnd would drop all but the first such update that it received over the course of a block, which has reportedly been too restrictive and resulted in degraded propagation of routine channel updates.

The new throttling logic now employs a directional token bucket rate limiter, the same approach used by lnd to rate-limit gossip requests from sync peers. Each token bucket is configured to drop non-keepalive updates arriving faster that once per minute, yet permitting bursts of up 10 updates. This improves on the previous approach in a few ways: - Updates are now limited with respect to a consistent time source, i.e. seconds, rather than block height. This makes it easier to reason about when channel updates might get dropped as an average user, and places a deterministic bound on the next time a normal user can reliably update their channel again. - The rate limits are now applied directionally, so that one end of the channel cannot cause their counterparty's channel updates to be dropped. This has the effect of making the penalization more precise, and better targets individuals that exhibit abusive behavior. - By factoring in bursts, it provides enough tolerance for cases where policy changes that may occur in quick succession, e.g. disable followed by reenable, or modifying a channel policy immediately after open.

No Gossip Mode

This release includes support for a no-graph sync mode which can be enabled by setting numgraphsyncpeers=0. In prior versions, running lnd in this configuration would still trigger an initial historical sync with the first connected peer on each restart. The behavior was modified under the assumption that users who have already configured lnd to not receive gossip updates probably don't want to sync the graph at all.

This mode is especially helpful to wallet developers that choose to outsource pathfinding via their own service, or purely forwarding nodes that never need to perform pathfinding.

Pinned Gossip Syncers

Typically lnd performs this historical channel reconciliation periodically, rotating between the set of all active peers, and attempting to keep numgraphsyncpeers (defaults to 3) in a state where they are receiving new gossip messages. Due to the eventually consistent properties of this algorithm (and the gossip protocol in general), there are some cases that lead to long delays in a node receiving newer updates. Notably, if a node has many peers, then it may be a while before the sync rotation algorithm queries a given peer for newer updates.

To provide more control, a new configuration option has been added allowing users to pin their nodes into an ActiveSync with particular nodes. Each time a connection is established with a pinned syncer, lnd will first perform a historical channel reconciliation, followed by a request for the pinned syncer to forward all new gossip messages. Doing so allows users to keep their routing table tightly synchronized with nodes in their list of configured, pinned syncers. Users can add one or more pinned syncers via: gossip.pinned-syncers=<pubkey1> gossip.pinned-syncers=<pubkey2> This can be especially useful for services that run multiple, well-connected lnd nodes, and want their own nodes to maintain similar views of the channel graph. Users can also use gossip.pinned-syncers in combination with numgraphsyncpeers=0 to only sync from a specific peer.

RPC Changes

• lnd 0.12.1-beta now exposes the HTLC attempt_id on response from TrackPayment. Internally, lnd uses attempt_id as a unique identifier for each HTLC it sends out, and to provide a total ordering on all HTLC sent by the daemon. This identifier can be used by developers to better reflect progress of a payment, making it easier to extract per-HTLC state deltas rather than displaying the full payment state every time.
  • Adds a new MaxShardSizeMsat argument to SendPayment, allowing users to cap the maximum value of any MPP shard sent out by lnd. Users can now set this from lncli via either the max_shard_size_sat or max_shard_size_msat field.

Deterministic Build / Release Verification

• The signature verification script was fixed to no longer fail if a public key of a signature is missing and @halseth's signing public keys were added.
• The golang version 1.15.7 is now used for compilation across all build processes.
• The release process has been modified to clean any generated mobile stubs before packaging/verifying the release. Without doing so, users would arrive at a different vendor.tar.gz depending on whether or not they had previously run make mobile due to small differences in the imports present in the project.
• Fixed an issue that allowed GOVERSION of the release toolchain to be spuriously updated to newer releases of go. This was hit unexpectedly in the v0.12.1-beta.rc2 release cycle where the release binaries were built with go1.15.8, which had been released earlier in the week, rather than go1.15.7 which is pinned in our release/verify docker containers. As a result, building the release locally did not match the binaries uploaded by github to the release. We resolved this by _exactly pinning the GO_VERSION used to compile the release binaries.
• Allows users to pass custom paths for lnd or lncli when verifying binaries.
• Switches the signing on the release manfest to use detached signatures rather than clear signing the manifest.
• The release verification script now requires 5 of the 7 developer signatures on the manifest before attempting to verify the hashes of lnd or lncli.
• The release verification script now selects either sha256sum or shasum to increase portability and fix the docker verify-install.sh command.
• Fixed an issue that would cause make docker-release to pull in the go version of the host machine, rather than the go version pinned inside the docker container.

Developer Toolchain

• Some of the GitHub Action scripts were replaced by vendored scripts to prevent secret extraction through malicious code.
• The build process was enhanced with a make imports command that organizes all golang import statements.
• The protobuf definitions are now compiled using docker to avoid needing to install a set of binaries and libraries with exact pinned versions. The instructions on how to format the proto files with MacOS were added as well.

Bug Fixes

• Fixes a bug that can result in a panic when generating hodl invoices for private channels. An itest has also been added for generating hodl invoices using private channels to provide more complete coverage of this area going forward.
• Fixes a resource utilization issue cause by too many concurrent block fetches from the backend that would cause the rpc interface to hang.
• Squashes a bug that results in a startup error when the daemon exits while in the middle of processing graph updates for its own channels.
• Creates a fast-path for persisting locally-created gossip messages rather than waiting to be batched with remote graph updates. This reduces the likelihood of partially-writes for local graph updates, which was partially patched in https://github.com/lightningnetwork/lnd/pull/4958.
• The development docker files were fixed by adding an extra listener to make sure the beginner tutorial can be followed without running into errors.
• Fixes an error message returned when attempting to bind a REST listener on a public interface without authentication, such that it returns the relevant configuration flag (no-rest-tls).
• Fixes an issue with IPv6 address resolution when using tor.active such that lnd will fall back to the system resolver.
• Fixes an issue with IP alias resolution such that lnd will fall back to the system resolver.
• Fixes a bug where SCB file paths weren't properly expanded when in the home directory.
• Fixes some itest flakes caused by stray logs that were not in the error whitelist.
• Resolves some htlcswitch unit test flakes that would trigger if the test ran longer than expected.

Full Changelog

• https://github.com/lightningnetwork/lnd/pull/4958 - netann: ignore unknown channel update on startup
• https://github.com/lightningnetwork/lnd/pull/4962 - scripts: add halseth key to verify script
• https://github.com/lightningnetwork/lnd/pull/4938 - docker: add an extra listener for localhost
• https://github.com/lightningnetwork/lnd/pull/4944 - docs: Add clang-format instructions for mac
• https://github.com/lightningnetwork/lnd/pull/4956 - lnrpc: add htlc attempt id
• https://github.com/lightningnetwork/lnd/pull/4952 - Github: use vendored actions for steps with sensitive info
• https://github.com/lightningnetwork/lnd/pull/4963 - scripts: don't fail signature verification on missing public key
• https://github.com/lightningnetwork/lnd/pull/2162 - Makefile: define make imports
• https://github.com/lightningnetwork/lnd/pull/4911 - lnrpc/mobile: use docker to compile/format protos
• https://github.com/lightningnetwork/lnd/pull/4974 - Fix typo in restorechanbackup command description
• https://github.com/lightningnetwork/lnd/pull/4902 - lntest/channels: introduce subpackage to deduplicate structs
• https://github.com/lightningnetwork/lnd/pull/4978 - invoices+rpc: add missing channel graph to the AddInvoiceConfig
• https://github.com/lightningnetwork/lnd/pull/4934 - discovery: pinned syncers
• https://github.com/lightningnetwork/lnd/pull/4924 - routerrpc,routing: limit max parts if the invoice doesn't declare MPP support
• https://github.com/lightningnetwork/lnd/pull/4961 - build: update CI builds to use go 1.15.7
• https://github.com/lightningnetwork/lnd/pull/4979 - routing: add new TestPaymentAddrOnlyNoSplit test case
• https://github.com/lightningnetwork/lnd/pull/4915 - multi: store bool to determine retransmission ordering
• https://github.com/lightningnetwork/lnd/pull/4981 - docs: correct sign command
• https://github.com/lightningnetwork/lnd/pull/4983 - make: clean mobile stubs before building release
• https://github.com/lightningnetwork/lnd/pull/4993 - fix: correct no-rest-tls parameter in error message
• https://github.com/lightningnetwork/lnd/pull/5003 - Revert: https://github.com/lightningnetwork/lnd/pull/4895 to store premature channel updates
• https://github.com/lightningnetwork/lnd/pull/4996 - itest: add coverage for hold invoices with hop hints
• https://github.com/lightningnetwork/lnd/pull/4945 - discovery: no graph sync
• https://github.com/lightningnetwork/lnd/pull/4964 - channeldb+routing+gossiper: add local updates to graph immediately
• https://github.com/lightningnetwork/lnd/pull/5006 - discovery: use token bucket based rate limiting to throttle gossip
• https://github.com/lightningnetwork/lnd/pull/4988 - add isIPv6Host helper to force v6 addrs through system resolver
• https://github.com/lightningnetwork/lnd/pull/5007 - lncfg: add IPv6 resolution bypass & account for local hostname aliases
• https://github.com/lightningnetwork/lnd/pull/5013 - github/workflows: pin exact docker release
• https://github.com/lightningnetwork/lnd/pull/5021 - scripts: allow verification of custom binary
• https://github.com/lightningnetwork/lnd/pull/5020 - config: clean and expand backup file path
• https://github.com/lightningnetwork/lnd/pull/5019 - release: create and verify detached signatures, fix hashing command on MacOS
• https://github.com/lightningnetwork/lnd/pull/5023 - scripts/verify-install: require 5-of-7 signatures before accepting
• https://github.com/lightningnetwork/lnd/pull/5016 - lntest: update error whitelist
• https://github.com/lightningnetwork/lnd/pull/5026 - htlcswitch: init mockFeeEstimator in other ChannelLinkConfigs
• https://github.com/lightningnetwork/lnd/pull/5017 - routing: if MaxShardAmt is set, then use that as a ceiling for our splits (does not change default to 16 for MaxParts)
  • https://github.com/lightningnetwork/lnd/pull/5037 - release: fix golang version issue in docker-release and shasum issue in verification script
  • https://github.com/lightningnetwork/lnd/pull/5043 - routing: dial back max concurrent block fetches

Contributors (Alphabetical Order)

Andras Banki-Horvath Carla Kirk-Cohen Conner Fromknecht Eugene Siegel Jake Sylvestre Johan T. Halseth Joost Jager Juan Pablo Civile Olaoluwa Osuntokun Oliver Gugger rockstardev Umar Bolatov Vlad Stan Wilmer Paulino

v1.2.2 (Hotfix release for Send transaction error)

Binaries

There are two types of binaries:

Specter Desktop

It's a windowed GUI application with Specter server included. Supported platforms: Windows, MacOS, Linux (x86_64)

Note on Linux: you need to set up udev rules (included in the archive). Check out readme.

Note on macOS: The current build supports only macOS Catalina (10.15) or higher. If you'd like to run Specter on an older macOS version, you can install Specter from Pip.

specterd

It's a command-line program that only runs Specter server. Supported platforms: Windows, MacOS, Linux (x86_64)

Signatures and hashes

sha256.signed.txt file contains sha256 hashes of all binary files and signed with @stepansnigirev's GPG key. You can get the public key from here: https://stepansnigirev.com/ss-specter-release.asc. It is also available via keys.gnupg.net or keys.openpgp.org. Fingerprint of the key is 6F16 E354 F833 93D6 E52E C25F 36ED 357A B24B 915F, short id: 36ed357ab24b915f

Release notes

• Bugfix: Hot fix for: Transactions sending/ signing failure
• Bugfix: Hot fix for Tor connections
• Bugfix: a minor bug that always shows address as used #927 (jleo84)
• Bugfix: cypress-tests #961 (Kim Neunert)
• Bugfix: Fix key initial format in wallet info #925 (benk10)
• Bugfix: Use the request session API for authentification #958 (Jürgen Hötzel)
• Chore: Bump cryptography from 3.2 to 3.3.2 #943 (dependabot[bot])
• Chore: enable dev-restart-login #960 (Kim Neunert)
• Chore: fix release-notes #928 (Kim Neunert)
• Docs: Typos #941 (Max Hillebrand)
• Feature: Add failed wallets popup #952 (benk10)
• Feature: Freeze UTXO and select UTXO for new transaction from the UTXO tab #956 (benk10)
• Feature: Use descriptor wallet for Bitcoin Core >= v0.21.0 #737 (Sjors Provoost)
• UIUX: Add reason for why device is disabled in new wallet screen #932 (benk10)
• UIUX: pass result of createpsbt call back to calculateEstimatedFee #945 (djpnewton)
• UIUX: Preserve form status when creating a transaction #938 (djpnewton)

v1.2.1 (Hotfix release for Tor connections)

Binaries

There are two types of binaries:

Specter Desktop

It's a windowed GUI application with Specter server included. Supported platforms: Windows, MacOS, Linux (x86_64)

Note on Linux: you need to set up udev rules (included in the archive). Check out readme.

Note on macOS: The current build supports only macOS Catalina (10.15) or higher. If you'd like to run Specter on an older macOS version, you can install Specter from Pip.

specterd

It's a command-line program that only runs Specter server. Supported platforms: Windows, MacOS, Linux (x86_64)

Signatures and hashes

sha256.signed.txt file contains sha256 hashes of all binary files and signed with @stepansnigirev's GPG key. You can get the public key from here: https://stepansnigirev.com/ss-specter-release.asc. It is also available via keys.gnupg.net or keys.openpgp.org. Fingerprint of the key is 6F16 E354 F833 93D6 E52E C25F 36ED 357A B24B 915F, short id: 36ed357ab24b915f

Release notes

• Bugfix: Hot fix for Tor connections
• Bugfix: a minor bug that always shows address as used #927 (jleo84)
• Bugfix: cypress-tests #961 (Kim Neunert)
• Bugfix: Fix key initial format in wallet info #925 (benk10)
• Bugfix: Use the request session API for authentification #958 (Jürgen Hötzel)
• Chore: Bump cryptography from 3.2 to 3.3.2 #943 (dependabot[bot])
• Chore: enable dev-restart-login #960 (Kim Neunert)
• Chore: fix release-notes #928 (Kim Neunert)
• Docs: Typos #941 (Max Hillebrand)
• Feature: Add failed wallets popup #952 (benk10)
• Feature: Freeze UTXO and select UTXO for new transaction from the UTXO tab #956 (benk10)
• Feature: Use descriptor wallet for Bitcoin Core >= v0.21.0 #737 (Sjors Provoost)
• UIUX: Add reason for why device is disabled in new wallet screen #932 (benk10)
• UIUX: pass result of createpsbt call back to calculateEstimatedFee #945 (djpnewton)
• UIUX: Preserve form status when creating a transaction #938 (djpnewton)

Binaries

There are two types of binaries:

Specter Desktop

It's a windowed GUI application with Specter server included. Supported platforms: Windows, MacOS, Linux (x86_64)

Note on Linux: you need to set up udev rules (included in the archive). Check out readme.

Note on macOS: The current build supports only macOS Catalina (10.15) or higher. If you'd like to run Specter on an older macOS version, you can install Specter from Pip.

specterd

It's a command-line program that only runs Specter server. Supported platforms: Windows, MacOS, Linux (x86_64)

Signatures and hashes

sha256.signed.txt file contains sha256 hashes of all binary files and signed with @stepansnigirev's GPG key. You can get the public key from here: https://stepansnigirev.com/ss-specter-release.asc. It is also available via keys.gnupg.net or keys.openpgp.org. Fingerprint of the key is 6F16 E354 F833 93D6 E52E C25F 36ED 357A B24B 915F, short id: 36ed357ab24b915f

Release notes

• Bugfix: a minor bug that always shows address as used #927 (jleo84)
• Bugfix: cypress-tests #961 (Kim Neunert)
• Bugfix: Fix key initial format in wallet info #925 (benk10)
• Bugfix: Use the request session API for authentification #958 (Jürgen Hötzel)
• Chore: Bump cryptography from 3.2 to 3.3.2 #943 (dependabot[bot])
• Chore: enable dev-restart-login #960 (Kim Neunert)
• Chore: fix release-notes #928 (Kim Neunert)
• Docs: Typos #941 (Max Hillebrand)
• Feature: Add failed wallets popup #952 (benk10)
• Feature: Freeze UTXO and select UTXO for new transaction from the UTXO tab #956 (benk10)
• Feature: Use descriptor wallet for Bitcoin Core >= v0.21.0 #737 (Sjors Provoost)
• UIUX: Add reason for why device is disabled in new wallet screen #932 (benk10)
• UIUX: pass result of createpsbt call back to calculateEstimatedFee #945 (djpnewton)
• UIUX: Preserve form status when creating a transaction #938 (djpnewton)

Umbrel v0.3.5 fixes some bugs that were preventing the sending of transactions and causing Umbrel to hang on the "Loading LND..." message.

If your update gets stuck for some reason, please message us on Telegram: https://t.me/getumbrel

Diff: https://github.com/getumbrel/umbrel/compare/v0.3.4...v0.3.5

This is a patch release that optimizes memory usage for embedded devices like Raspberry Pi

Notes: * The disk cache now has its own folder, so mv cache*.json ./cache/ before restart to migrate

Changes: * Optimize memory usage when writing disk cache (#342) * Reduce backend maximum heap size setting to 2G (#345) * Enable mempool clear protection on all backends (#335) * Make mempool clear protection timeout configurable (#343) * Minor tweaks to About page text, links (#350) * Logo design update (#349) by @pedromvpg * Fix style on block hover (#347) by @Czino and @Eric-Machinas

This is a pre-release. Use this with caution!

A newer version is already available! Please don’t use this version anymore.

This is a hotfix that fixes a startup issue with limit offers.

Here are the release notes from v1.5.5:

Release notes

ATTENTION: This release changes the trade protocol.

DO NOT specify trade ID or any other value in the 'reason for payment' field. LEAVE IT BLANK.

If it is mandatory for your payment service add a dash character ('-') or coordinate with your counterparty over trader chat to agree on a reason for payment.

This change reduces the chances that certain payment accounts get flagged. Please see https://github.com/bisq-network/bisq/issues/2869 for more details on this change.

This release introduces the option to create limit offers to be able to deactivate an offer if a certain price limit is reached. It also introduces cash-by-mail as a new payment method. In addition to multiple minor UI changes, we squashed lots of bugs and improved reliability and performance of the app across the board.

DAO

• Add CSV export to BSQ transaction view
• Move BSQ price in USD at first row
• Add indication of last GH CR issue
• Fix request amount bounds in ReimbursementValidator

UI

• Add toggle for displaying volume in trade statistics chart in USD
• Add toggle for hiding not takable offers
• Add a 'payment method details' screen
• Improve trade fee display at create and take offer screens and popups
• Disable CPU-intensive animations
• Improve popup text in case a local node is detected
• Keep main navigation items left aligned
• Reword "trade started" popup messages per suggestion
• Update translations and fix a broken German translation
• Show stacktrace in error popup at view exceptions
• Fix missing apostrophe in Withdrawal view
• Remove redundant popup when cancelling an offer

Trading

• Change rule for 'reason for payment' field to not use trade ID but leave it empty
• Deactivate open offer if trigger price is reached
• Add payment method "Cash by mail"
• Change trade period for TransferWise from 1 day to 4 days
• Add option to hide non supported payment methods
• Select show-all currencies if TransferWise is selected

Wallet

• Show a confirmation of successfully sending BTC or BSQ from wallet
• Improve path text on wallet info screen
• Fix broken -ignoreLocalBtcNode startup option

Reliability

• Persist and republish mailbox messages
• Request only non-seed nodes if no seed nodes are available
• Access concrete data stores
• Improve offer publishing
• Improve getBlocks request handling
• Improve CleanupMailboxMessages
• Fix premature disconnections from seeds

Mediation/Arbitration

• Add mediators keybase usernames

Performance

• Persist failed attempts of decrypting mailbox messages
• Cache signature verification results
• Cache results in account witness domain

Network

• Add 4 old v2 seed nodes
• Add option to prevent periodic shutdown for seed nodes
• Add filter support on network level
• Improve cleanup tor dir at seeds
• Avoid resync from genesis in case of dao state issues
• Update inventory code

API

• Add new api methods 'getmyoffers' and 'getmyoffer'
• Add new api method 'sendbtc'
• Add new api method 'gettransaction'
• Add optional txFeeRate parameter to api 'sendbsq'
• Support tx memo field for btc withdrawals from api
• Add protection tools
• Integrate new protection tools into api's offer & trade services
• Prevent excessive api calls
• Use posix-style CLI opts, provide method help
• Add api trade simulation scripts
• Pass hash to bitcoind blocknotify script
• Stub out support for OpenOffer's triggerPrice in api
• Use Bisq's UserThread.executor in gRPC server

Development

• Remove awt dependencies except for webcam library
• Update installation script

Assets

No new assets.

Verification

Url of the signing key (Christoph Atteneder): https://bisq.network/pubkey/29CDFD3B.asc Full fingerprint: CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B

Import the key: curl https://bisq.network/pubkey/29CDFD3B.asc | gpg --import GPG prints a confusion warning: "This key is not certified with a trusted signature!" - See https://serverfault.com/questions/569911/how-to-verify-an-imported-gpg-key for background information what it means.

How to verify signatures? gpg --digest-algo SHA256 --verify BINARY{.asc*,} Replace BINARY with the file you downloaded (e.g. Bisq-1.5.6.dmg)

Verify jar file inside binary: You can verify on OSX the jar file with: shasum -a256 [PATH TO BISQ APP]/Bisq.app/Contents/Java/Bisq-1.5.6.jar The output need to match the value from the Bisq-1.5.6.jar.txt file.

Known issues with installation

macOS Catalina:

Bisq can't be opened because Apple cannot check it for malicious software

This happens the first time Bisq is run on macOS Catalina. It is because a new security feature in Catalina has newer requirements of how apps are packaged. We are working on ways to address this (see #3402 and #4196 for details).

Workaround: Right click on the installed Bisq app > Click Open (warning popup shown again, but with new button available) > Click Open

Bisq would like to receive keystrokes from any application.

Discussed in issue https://github.com/bisq-network/bisq/issues/3373, you will see a permission request in the latest macOS version that Bisq wants to receive keystrokes from any application. Unfortunately that is an issue for all Java applications that are run on Catalina right now. We are investigating already how to solve this issue and will fix in one of our next updates.

Windows:

There is a known issue with Anti Virus software. We got several reports from users running into different problems. Either the AV software blocks Bisq or Tor, delete files in the data directory [2] or app directory [1]) or cause such a long delay at startup that Tor gets terminated and a file remains locked which can cause that Bisq cannot be started afterwards. To resolve that you need to restart Windows then the lock get released. We are working on solutions to fix those issues.

If you use Crypto currencies on your Windows system be aware that Windows is much more vulnerable to malware than Linux or OSX. Consider to use a dedicated non-Windows system when dealing with cryptocurrencies.

[1] Application directory (contains application installation files): C:\Users<username>\AppData\Local\Bisq

[2] Data directory (contains all Bisq data including wallet): C:\Users<username>\AppData\Roaming\Bisq\btc_mainnet\tor (you can delete everything except the hiddenservice directory)

Linux:

Hint for Debian users: If you have problems starting Bisq on Debian use: /opt/Bisq/Bisq

If your Linux distro does not support .deb files please follow this instruction: cd ~/Downloads mkdir tmp cd tmp ar x ../Bisq-64bit-1.5.6.deb sudo tar Jxvf data.tar.xz sudo cp -rp opt/Bisq /opt/ That instruction is not tested on many different distros. If you encounter problems please report it in a Github issue so we can improve it.

Credits

Thanks to everyone who directly contributed to this release:

• @chimp1984
• @ripcurlx
• @ghubstan
• @jakub_cz
• @jmacxx
• @m52go
• @sqrrm
• @stejbac

A special thanks to our first time contributors:

• @81dr: Update installation script

As well as to everyone that helped with translations on Transifex.

Summary

This silent release contains an updated Tor client that has the fix for the DDoS vulnerability. Users who encountered Tor connection problems should update their Wasabi.

• Tor client update (Tor 0.4.4.7), fixed the DDos vulnerability.
• Best effort node connection strategy, more stable peer connections. This will also solve the v2 onion service deprecation problem.
• Bitcoin Knots v0.21.0

Newbie Guide

While setting up Wasabi is straightforward, even a Linux wizard with the longest beard can get stuck on the most basic tasks. Consider taking a look at the Installation Instructions guide.

Advanced Guide

If you want to build Wasabi from source code or update the source code check out these instructions.

From version 1.1.3 Wasabi also introduces reproducible builds: Deterministic Build Guide

Build with .NET Core 3.1.403-win-x64.

FAQ

• Frequently asked questions here.
• Requirements? x64, Linux, >Win10, >macOS 10.13.

Release Notes

• Tor update https://github.com/zkSNACKs/WalletWasabi/pull/5144
• New connection strategy https://github.com/zkSNACKs/WalletWasabi/pull/5024
• Knots update https://github.com/zkSNACKs/WalletWasabi/pull/5216
• More log messages https://github.com/zkSNACKs/WalletWasabi/pull/4965

Umbrel v0.3.4 fixes a minor bug in v0.3.3 that was causing the update process to fail for some users.

Here's what new in Umbrel v0.3.3:

Umbrel v0.3.3 is here with 3 brand new apps in the Umbrel App Store — Samourai Server (Dojo + Whirlpool), Mempool, LNbits — a totally redesigned wallet connector, Lightning Pool, Bitcoin Core v0.21.0, and more.

If your update gets stuck for some reason, please message us on Telegram: https://t.me/getumbrel"

Diff: https://github.com/getumbrel/umbrel/compare/v0.3.3...v0.3.4

Umbrel v0.3.3 is here with 3 brand new apps in the Umbrel App Store — Samourai Server (Dojo + Whirlpool), Mempool, LNbits — a totally redesigned wallet connector, Lightning Pool, Bitcoin Core v0.21.0, and more.

If your update gets stuck for some reason, please message us on Telegram: https://t.me/getumbrel

Diff: https://github.com/getumbrel/umbrel/compare/v0.3.2...v0.3.3