1Bitcoin Core version 0.11.1 is now available from: 2 3 <https://bitcoin.org/bin/bitcoin-core-0.11.1/> 4 5This is a new minor version release, bringing security fixes. It is recommended 6to upgrade to this version as soon as possible. 7 8Please report bugs using the issue tracker at github: 9 10 <https://github.com/bitcoin/bitcoin/issues> 11 12Upgrading and downgrading 13========================= 14 15How to Upgrade 16-------------- 17 18If you are running an older version, shut it down. Wait until it has completely 19shut down (which might take a few minutes for older versions), then run the 20installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or 21bitcoind/bitcoin-qt (on Linux). 22 23Downgrade warning 24------------------ 25 26Because release 0.10.0 and later makes use of headers-first synchronization and 27parallel block download (see further), the block files and databases are not 28backwards-compatible with pre-0.10 versions of Bitcoin Core or other software: 29 30* Blocks will be stored on disk out of order (in the order they are 31received, really), which makes it incompatible with some tools or 32other programs. Reindexing using earlier versions will also not work 33anymore as a result of this. 34 35* The block index database will now hold headers for which no block is 36stored on disk, which earlier versions won't support. 37 38If you want to be able to downgrade smoothly, make a backup of your entire data 39directory. Without this your node will need start syncing (or importing from 40bootstrap.dat) anew afterwards. It is possible that the data from a completely 41synchronised 0.10 node may be usable in older versions as-is, but this is not 42supported and may break as soon as the older version attempts to reindex. 43 44This does not affect wallet forward or backward compatibility. There are no 45known problems when downgrading from 0.11.x to 0.10.x. 46 47Notable changes 48=============== 49 50Fix buffer overflow in bundled upnp 51------------------------------------ 52 53Bundled miniupnpc was updated to 1.9.20151008. This fixes a buffer overflow in 54the XML parser during initial network discovery. 55 56Details can be found here: http://talosintel.com/reports/TALOS-2015-0035/ 57 58This applies to the distributed executables only, not when building from source or 59using distribution provided packages. 60 61Additionally, upnp has been disabled by default. This may result in a lower 62number of reachable nodes on IPv4, however this prevents future libupnpc 63vulnerabilities from being a structural risk to the network 64(see https://github.com/bitcoin/bitcoin/pull/6795). 65 66Test for LowS signatures before relaying 67----------------------------------------- 68 69Make the node require the canonical 'low-s' encoding for ECDSA signatures when 70relaying or mining. This removes a nuisance malleability vector. 71 72Consensus behavior is unchanged. 73 74If widely deployed this change would eliminate the last remaining known vector 75for nuisance malleability on SIGHASH_ALL P2PKH transactions. On the down-side 76it will block most transactions made by sufficiently out of date software. 77 78Unlike the other avenues to change txids on transactions this 79one was randomly violated by all deployed bitcoin software prior to 80its discovery. So, while other malleability vectors where made 81non-standard as soon as they were discovered, this one has remained 82permitted. Even BIP62 did not propose applying this rule to 83old version transactions, but conforming implementations have become 84much more common since BIP62 was initially written. 85 86Bitcoin Core has produced compatible signatures since a28fb70e in 87September 2013, but this didn't make it into a release until 0.9 88in March 2014; Bitcoinj has done so for a similar span of time. 89Bitcoinjs and electrum have been more recently updated. 90 91This does not replace the need for BIP62 or similar, as miners can 92still cooperate to break transactions. Nor does it replace the 93need for wallet software to handle malleability sanely[1]. This 94only eliminates the cheap and irritating DOS attack. 95 96[1] On the Malleability of Bitcoin Transactions 97Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, Łukasz Mazurek 98http://fc15.ifca.ai/preproceedings/bitcoin/paper_9.pdf 99 100Minimum relay fee default increase 101----------------------------------- 102 103The default for the `-minrelaytxfee` setting has been increased from `0.00001` 104to `0.00005`. 105 106This is necessitated by the current transaction flooding, causing 107outrageous memory usage on nodes due to the mempool ballooning. This is a 108temporary measure, bridging the time until a dynamic method for determining 109this fee is merged (which will be in 0.12). 110 111(see https://github.com/bitcoin/bitcoin/pull/6793, as well as the 0.11 112release notes, in which this value was suggested) 113 1140.11.1 Change log 115================= 116 117Detailed release notes follow. This overview includes changes that affect 118behavior, not code moves, refactors and string updates. For convenience in locating 119the code changes and accompanying discussion, both the pull request and 120git merge commit are mentioned. 121 122- #6438 `2531438` openssl: avoid config file load/race 123- #6439 `980f820` Updated URL location of netinstall for Debian 124- #6384 `8e5a969` qt: Force TLS1.0+ for SSL connections 125- #6471 `92401c2` Depends: bump to qt 5.5 126- #6224 `93b606a` Be even stricter in processing unrequested blocks 127- #6571 `100ac4e` libbitcoinconsensus: avoid a crash in multi-threaded environments 128- #6545 `649f5d9` Do not store more than 200 timedata samples. 129- #6694 `834e299` [QT] fix thin space word wrap line break issue 130- #6703 `1cd7952` Backport bugfixes to 0.11 131- #6750 `5ed8d0b` Recent rejects backport to v0.11 132- #6769 `71cc9d9` Test LowS in standardness, removes nuisance malleability vector. 133- #6789 `b4ad73f` Update miniupnpc to 1.9.20151008 134- #6785 `b4dc33e` Backport to v0.11: In (strCommand == "tx"), return if AlreadyHave() 135- #6412 `0095b9a` Test whether created sockets are select()able 136- #6795 `4dbcec0` net: Disable upnp by default 137- #6793 `e7bcc4a` Bump minrelaytxfee default 138 139Credits 140======= 141 142Thanks to everyone who directly contributed to this release: 143 144- Adam Weiss 145- Alex Morcos 146- Casey Rodarmor 147- Cory Fields 148- fanquake 149- Gregory Maxwell 150- Jonas Schnelli 151- J Ross Nicoll 152- Luke Dashjr 153- Pavel Janík 154- Pavel Vasin 155- Peter Todd 156- Pieter Wuille 157- randy-waterhouse 158- Ross Nicoll 159- Suhas Daftuar 160- tailsjoin 161- ฿tcDrak 162- Tom Harding 163- Veres Lajos 164- Wladimir J. van der Laan 165 166And those who contributed additional code review and/or security research: 167 168- timothy on IRC for reporting the issue 169- Vulnerability in miniupnp discovered by Aleksandar Nikolic of Cisco Talos 170 171As well as everyone that helped translating on [Transifex](https://www.transifex.com/projects/p/bitcoin/). 172 173