Author: Conner Fromknecht 2020-10-10 00:32:47
Published on: 2020-10-10T00:32:47+00:00
Conner Fromknecht, a part of the Lightning Network team has notified the community about vulnerabilities in lnd versions 0.10.x and below. The full details of these vulnerabilities will be disclosed on October 20, 2020. While there is no reason to believe that these vulnerabilities have been exploited so far, the community is strongly urged to upgrade to lnd 0.11.0 or above as soon as possible. In case of any assistance, users can ping on the #lnd IRC channel, LND Slack, or at support@lightning.engineering.Conner also advised the users to verify the gpg signature before upgrading. He warned the users to be sure that the support email is formatted correctly. For example, the archive replaces "@" with "at", and apparently Google Groups trims "support" to "sup...". If users encounter any issues while upgrading, they should double-check the plaintext matches verbatim with what was sent on lightning-dev. Upgrade instructions for lnd can be found in their installation docs.The Lightning Network team will be publishing more details about this in the coming weeks along with a comprehensive bug bounty program. These vulnerabilities are being given priority because of the compressed disclosure timeline compared to their usual timeframes.
Updated on: 2023-06-03T02:24:59.404652+00:00