rippled Version 1.0.1
https://ripple.com/dev-blog/rippled-version-1-0-1/
Ripple has released rippled version 1.0.1, which includes fixes for issues identified by Ripple engineers and reported by external security researchers. These issues, when exploited, could cause a rippled instance to restart or, in some circumstances, stop executing.
Ripple已发布rippled的1.0.1版本,其中修复了包括Ripple工程师及外部安全研究人员报告的问题。这些问题在被利用时可能导致rippled实例重启,或是在某些情况下停止运行。
While these issues can result in a denial of service attack, none affect the integrity of the XRP Ledger and no user funds, including XRP, are at risk.
虽然这些问题可能导致DoS攻击,但却不会影响XRP总账网络的完整性以,也不会对包括XRP在内的用户的资金造成风险。
Action Required
应采取的行动
If you operate a rippled server, then you should upgrade to rippled version 1.0.1 as soon as possible.
如果用户运行rippled服务器,应尽快更新rippled至1.0.1版本。
Impact of Not Upgrading
不升级的影响
If you operate a rippled server, but do not upgrade to version 1.0.1 as soon as possible, then your server may experience restarts or outages.
如果用户运行rippled服务器,但是没有尽快更新到1.0.1版本,则服务器可能出现重启或中断服务的情况。
Upgrading
升级
For instructions on updating rippled on supported platforms, see Updating rippled.
The SHA-256 for the RPM is: 4bfa27b0e1e1979f2bc042edb9dd11ae4119dac6be087813dadcc67572877189
The SHA-256 for the source RPM is: 60279abc65476b0a96ddedcd23338ce1c6fb5481ab94fe8b8c856448044e3ebe
For other platforms, please compile v1.0.1 from source. See the rippled source tree for instructions by platform. For instructions building rippled from source on Ubuntu Linux, see Install rippled on Ubuntu.
The first log entry should be the change setting the version:
commit 8429dd67e60ba360da591bfa905b58a35638fda1
Author: Nik Bougalis <nikb@bougalis.net>
Date: Mon Jun 4 16:36:22 2018 -0700
Set version to 1.0.1
Network Update
网络更新
The Ripple operations team plans to deploy version 1.0.1 to all rippled servers under its operational control, including private clusters, starting at 3:00 PM PST on Thursday, 2018-06-14. The deployment is expected to complete within 5 hours. The network should continue to operate during deployment and no outage is expected.
Ripple运营团队计划部署1.0.1版本到其控制下的所有rippled服务器,包括私有集群。时间自2018-06-14星期四,3:00 PM PST开始。预计需要5个小时完成部署。在部署期间网络将持续保持可用且不会出现中断的情形。
Other Information
其他信息
Acknowledgements
致谢
Ripple thanks Guido Vranken for discovering and responsibly disclosing an off-by-one error in the base64 decoder logic when handling malformed input.
Bug Bounties and Responsible Disclosures
Ripple welcomes reviews of the rippled codebase and urges reviewers to responsibly disclose any issues that they may find. For more on Ripple’s Bug Bounty program, please visit https://ripple.com/bug-bounty/.
Boost Compatibility
Boost兼容性
When compiling rippled from source, you must use a compatible version of the Boost library. Ripple recommends Boost 1.64.0 for all platforms.
从源代码编译rippled时,用户必须使用兼容版本的Boost库。Ripple推荐在所有平台都使用Boost 1.64.0版本。
Other compatible versions differ by platform. Boost 1.58.0 is compatible on Linux but not on Windows. On macOS, Boost 1.58.0 is not compatible with the Clang compiler version 4.0+.
其他兼容版本因平台而异。Boost 1.58.0版本在Linux上兼容而在Windows上不兼容。在MacOS系统中,Boost 1.58.0版本与Clang编译器4.0+版本不兼容。
Learn, ask questions, and discuss
学习,提问和讨论
Related documentation is available in the XRP Ledger Developer Portal, including detailed reference information, tutorials, and web tools.
Other resources:
The Ripple Forum
The Ripple Dev Blog
Ripple Technical Services: support@ripple.com
XRP Chat
Upcoming Features
即将推出的新特性
The previously introduced fix1543, fix1571 and fix1623 Amendments in XRP Ledger version 1.0.0 are now open for voting. Ripple expects these amendments to become enabled on Tuesday, 2018-06-19.
在先前XRP总账版本1.0.0中引入的fix1543, fix1571和fix1623修正案现在已开放投票。Ripple预计这些修正案将于2018-06-19星期二启用。
An upcoming version of rippled will switch to using the Boost.Beast library instead of the Beast library from the rippled source code. As part of this change, the minimum supported version of Boost will change to be a version incorporating Boost.Beast.
即将推出的rippled版本将切换为使用Boost.Beast库,以取代rippled源码中的Beast库。作为更改的一部分,Boost的最低支持版本将更改为包含Boost.Beast的版本。
Ripple does not expect to enable the SHAMapV2, Tickets, or OwnerPaysFee Amendments before the next release of rippled. These Amendments have been disabled in the source code so rippled version 1.0.1 will not show them as available. Ripple plans to re-introduce some or all of these amendments in a future version of rippled.
Ripple不希望在下一个rippled版本发布之前启用SHAMapV2, Tickets,或OwnerPaysFee修正案。这些修正案已在源码中禁用,因此rippled的1.0.1版本不会显示他们为可用状态。Ripple计划在未来的版本中重新引入部分或全部这些修正案。
1.0.1 Change Log
Bug Fixes
Improve JSON exception handling
改进JSON异常处理。
Fix a corner case when decoding base64: Under some corner cases, the base64 decoder would not allocate enough memory, which could result in spurious errors.
修复一个极端情况下的base64解码问题:在某些极端情况下,base64解码器可能无法分配足够内存,进而导致虚假错误。