June 14, 2023
Provides several minor bug fixes, as well as fixes for several low-severity security issues.
[state/kvindex]
Querying event attributes that are bigger than int64 is now enabled. We are not supporting reading floats from the db into the indexer nor parsing them into BigFloats to not introduce breaking changes in minor releases. (#771)[pubsub]
Pubsub queries are now able to parse big integers (larger than int64). Very big floats are also properly parsed into very big integers instead of being truncated to int64. (#771)
[rpc]
Remove response data from response failure logs in order to prevent large quantities of log data from being produced (#654)
[rpc/jsonrpc/client]
Low severity - Prevent RPC client credentials from being inadvertently dumped to logs (#787)[cmd/cometbft/commands/debug/kill]
Low severity - Fix unsafe int cast indebug kill
command (#793)[consensus]
Low severity - Avoid recursive call after rename to(*PeerState).MarshalJSON
(#863)[mempool/clist_mempool]
Low severity - Prevent a transaction from appearing twice in the mempool (#890: @otrack)
April 26, 2023
This release fixes several bugs, and has had to introduce one small Go
API-breaking change in the crypto/merkle
package in order to address what
could be a security issue for some users who directly and explicitly make use of
that code.
[crypto/merkle]
Do not allow verification of Merkle Proofs against empty trees (nil
root).Proof.ComputeRootHash
now panics when it encounters an error, butProof.Verify
does not panic (#558)
[consensus]
Unexpected error conditions inApplyBlock
are non-recoverable, so ignoring the error and carrying on is a bug. We replaced areturn
that disregarded the error by apanic
. (#496)[consensus]
Rename(*PeerState).ToJSON
toMarshalJSON
to fix a logging data race (#524)[light]
Fixed an edge case where a light client would panic when attempting to query a node that (1) has started from a non-zero height and (2) does not yet have any data. The light client will now, correctly, not panic and keep the node in its list of providers in the same way it would if it queried a node starting from height zero that does not yet have data (#575)
[jsonrpc/client]
Improve the error message for client errors stemming from bad HTTP responses. (cometbft/cometbft#638)
March 6, 2023
This is the first CometBFT release with ABCI 1.0, which introduces the
PrepareProposal
and ProcessProposal
methods, with the aim of expanding the
range of use cases that application developers can address. This is the first
change to ABCI towards ABCI++, and the full range of ABCI++ functionality will
only become available in the next major release with ABCI 2.0. See the
specification for more details.
In the v0.34.27 release, the CometBFT Go module is still
github.com/tendermint/tendermint
to facilitate ease of upgrading for users,
but in this release we have changed this to github.com/cometbft/cometbft
.
Please also see our upgrading guidelines for more details on upgrading from the v0.34 release series.
Also see our QA results for the v0.37 release.
We'd love your feedback on this release! Please reach out to us via one of our communication channels, such as GitHub Discussions, with any of your questions, comments and/or concerns.
See below for more details.
- The
TMHOME
environment variable was renamed toCMTHOME
, and all environment variables starting withTM_
are instead prefixed withCMT_
(#211) [p2p]
ReactorSend
,TrySend
andReceive
renamed toSendEnvelope
,TrySendEnvelope
andReceiveEnvelope
to allow metrics to be appended to messages and measure bytes sent/received. (#230)- Bump minimum Go version to 1.20 (#385)
[abci]
Make length delimiter encoding consistent (uint64
) between ABCI and P2P wire-level protocols (#5783)[abci]
Change thekey
andvalue
fields from[]byte
tostring
in theEventAttribute
type. (#6403)[abci/counter]
Delete counter example app (#6684)[abci]
RenamedEvidenceType
toMisbehaviorType
andEvidence
toMisbehavior
as a more accurate label of their contents. (#8216)[abci]
Added cli commands forPrepareProposal
andProcessProposal
. (#8656)[abci]
Added cli commands forPrepareProposal
andProcessProposal
. (#8901)[abci]
RenamedLastCommitInfo
toCommitInfo
in preparation for vote extensions. (#9122)- Change spelling from British English to American. Rename
Subscription.Cancelled()
toSubscription.Canceled()
inlibs/pubsub
(#9144) [abci]
Removes unused Response/RequestSetOption
from ABCI (#9145)[config]
Rename the fastsync section and the fast_sync key blocksync and block_sync respectively (#9259)[types]
Reduce the use of protobuf types in core logic.ConsensusParams
,BlockParams
,ValidatorParams
,EvidenceParams
,VersionParams
have become native types. They still utilize protobuf when being sent over the wire or written to disk. MovedValidateConsensusParams
inside (now native type)ConsensusParams
, and renamed it toValidateBasic
. (#9287)[abci/params]
DeduplicateConsensusParams
andBlockParams
so onlytypes
proto definitions are use. RemoveTimeIotaMs
and use a hard-coded 1 millisecond value to ensure monotonically increasing block times. RenameAppVersion
toApp
so as to not stutter. (#9287)[abci]
New ABCI methodsPrepareProposal
andProcessProposal
which give the app control over transactions proposed and allows for verification of proposed blocks. (#9301)
[consensus]
Fixed a busy loop that happened when sending of a block part failed by sleeping in case of error. (#4)[state/kvindexer]
Fixed the default behaviour of the kvindexer to index and query attributes by events in which they occur. In 0.34.25 this was mitigated by a separated RPC flag. @jmalicevic (#77)[state/kvindexer]
Resolved crashes when event values contained slashes, introduced after adding event sequences in #77. @jmalicevic (#382)[consensus]
(#386) Short-term fix for the case whenneedProofBlock
cannot find previous block meta by defaulting to the creation of a new proof block. (@adizere)- Special thanks to the Vega.xyz team, and in particular to Zohar (@ze97286), for reporting the problem and working with us to get to a fix.
[docker]
enable cross platform build using docker buildx (#9073)[consensus]
fix round number ofenterPropose
when handlingRoundStepNewRound
timeout. (#9229)[docker]
ensure Docker image uses consistent version of Go (#9462)[p2p]
prevent peers who have errored from being added topeer_set
(#9500)[blocksync]
handle the case when the sending queue is full: retry block request after a timeout (#9518)
[abci]
New ABCI methodsPrepareProposal
andProcessProposal
which give the app control over transactions proposed and allows for verification of proposed blocks. (#9301)
[e2e]
Add functionality for uncoordinated (minor) upgrades (#56)[tools/tm-signer-harness]
Remove the folder as it is unused (#136)[p2p]
ReactorSend
,TrySend
andReceive
renamed toSendEnvelope
,TrySendEnvelope
andReceiveEnvelope
to allow metrics to be appended to messages and measure bytes sent/received. (#230)[abci]
AddedAbciVersion
toRequestInfo
allowing applications to check ABCI version when connecting to CometBFT. (#5706)[cli]
add--hard
flag to rollback command (and a boolean to theRollbackState
method). This will rollback state and remove the last block. This command can be triggered multiple times. The application must also rollback state to the same height. (#9171)[crypto]
Update to use btcec v2 and the latest btcutil. (#9250)[rpc]
Addedheader
andheader_by_hash
queries to the RPC client (#9276)[proto]
Migrate fromgogo/protobuf
tocosmos/gogoproto
(#9356)[rpc]
Enable caching of RPC responses (#9650)[consensus]
Save peer LastCommit correctly to achieve 50% reduction in gossiped precommits. (#9760)
June 14, 2023
Provides several minor bug fixes, as well as fixes for several low-severity security issues.
[state/kvindex]
Querying event attributes that are bigger than int64 is now enabled. (#771)[pubsub]
Pubsub queries are now able to parse big integers (larger than int64). Very big floats are also properly parsed into very big integers instead of being truncated to int64. (#771)
[rpc]
Remove response data from response failure logs in order to prevent large quantities of log data from being produced (#654)
[rpc/jsonrpc/client]
Low severity - Prevent RPC client credentials from being inadvertently dumped to logs (#788)[cmd/cometbft/commands/debug/kill]
Low severity - Fix unsafe int cast indebug kill
command (#794)[consensus]
Low severity - Avoid recursive call after rename to(*PeerState).MarshalJSON
(#863)[mempool/clist_mempool]
Low severity - Prevent a transaction from appearing twice in the mempool (#890: @otrack)
April 26, 2023
This release fixes several bugs, and has had to introduce one small Go
API-breaking change in the crypto/merkle
package in order to address what
could be a security issue for some users who directly and explicitly make use of
that code.
[crypto/merkle]
Do not allow verification of Merkle Proofs against empty trees (nil
root).Proof.ComputeRootHash
now panics when it encounters an error, butProof.Verify
does not panic (#558)
[consensus]
Unexpected error conditions inApplyBlock
are non-recoverable, so ignoring the error and carrying on is a bug. We replaced areturn
that disregarded the error by apanic
. (#496)[consensus]
Rename(*PeerState).ToJSON
toMarshalJSON
to fix a logging data race (#524)[light]
Fixed an edge case where a light client would panic when attempting to query a node that (1) has started from a non-zero height and (2) does not yet have any data. The light client will now, correctly, not panic and keep the node in its list of providers in the same way it would if it queried a node starting from height zero that does not yet have data (#575)
[crypto/sr25519]
Upgrade to [email protected] (#475)[jsonrpc/client]
Improve the error message for client errors stemming from bad HTTP responses. (cometbft/cometbft#638)
Feb 27, 2023
This is the first official release of CometBFT - a fork of Tendermint Core. This particular release is intended to be compatible with the Tendermint Core v0.34 release series.
For details as to how to upgrade to CometBFT from Tendermint Core, please see our upgrading guidelines.
If you have any questions, comments, concerns or feedback on this release, we
would love to hear from you! Please contact us via GitHub
Discussions,
Discord (in the #cometbft
channel) or
Telegram.
Special thanks to @wcsiu, @ze97286, @faddat and @JayT106 for their contributions to this release!
- Rename binary to
cometbft
and Docker image tocometbft/cometbft
(#152) - The
TMHOME
environment variable was renamed toCMTHOME
, and all environment variables starting withTM_
are instead prefixed withCMT_
(#211) - Use Go 1.19 to build CometBFT, since Go 1.18 has reached end-of-life. (#360)
[consensus]
Fixed a busy loop that happened when sending of a block part failed by sleeping in case of error. (#4)[state/kvindexer]
Resolved crashes when event values contained slashes, introduced after adding event sequences. (#383: @jmalicevic)[consensus]
Short-term fix for the case whenneedProofBlock
cannot find previous block meta by defaulting to the creation of a new proof block. (#386: @adizere)- Special thanks to the Vega.xyz team, and in particular to Zohar (@ze97286), for reporting the problem and working with us to get to a fix.
[p2p]
Correctly use non-blockingTrySendEnvelope
method when attempting to send messages, as opposed to the blockingSendEnvelope
method. It is unclear whether this has a meaningful impact on P2P performance, but this patch does correct the underlying behaviour to what it should be (tendermint/tendermint#9936)
- Replace tm-db with cometbft-db (#160)
- Bump tm-load-test to v1.3.0 to remove implicit dependency on Tendermint Core (#165)
[crypto]
Update to use btcec v2 and the latest btcutil (tendermint/tendermint#9787: @wcsiu)
[rpc]
Addmatch_event
query parameter to indicate to the RPC that it should match events within attributes, not only within a height (tendermint/tendermint#9759)
[e2e]
Add functionality for uncoordinated (minor) upgrades (#56)[tools/tm-signer-harness]
Remove the folder as it is unused (#136)- Append the commit hash to the version of CometBFT being built (#204)
[mempool/v1]
Suppress "rejected bad transaction" in priority mempool logs by reducing log level from info to debug (#314: @JayT106)[consensus]
Addconsensus_block_gossip_parts_received
andconsensus_step_duration_seconds
metrics in order to aid in investigating the impact of database compaction on consensus performance (tendermint/tendermint#9733)[state/kvindexer]
Addmatch.event
keyword to support condition evaluation based on the event the attributes belong to (tendermint/tendermint#9759)[p2p]
Reduce log spam through reducing log level of "Dialing peer" and "Added peer" messages from info to debug (tendermint/tendermint#9764: @faddat)[consensus]
Reduce bandwidth consumption of consensus votes by roughly 50% through fixing a small logic bug (tendermint/tendermint#9776)
CometBFT is a fork of Tendermint Core as of late December 2022.
Friendly reminder, we have a bug bounty program.
For changes released before the creation of CometBFT, please refer to the Tendermint Core CHANGELOG.md.