New Release: 2.0.3

This release is intended to address security issues in libraries used by Zcash and other outstanding tickets that were in our Spring cleaning sprints.

Notable Changes in this Release

[CVE-2019-6250] Update libzmq version

A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. This update addresses the vulnerability when ZeroMQ is enabled, which is not enabled by default.

Bitcoin 0.12 Performance Improvements

This change makes sigcache faster, more efficient, and larger. It also reduces the number of database lookups when processing new transactions.

Summary of the Changes Included in this Release

  1. Update ZMQ to 4.3.1 (#3789)
  2. Fix Tx expiring soon test (#3784)
  3. ZMQ: add flag to publish all checked blocks (#3737)
  4. wallet: Skip transactions with no shielded data in CWallet::SetBestChain() (#3711)
  5. Update z_mergetoaddress documentation (#3699)
  6. Allow user to ask server to save the Sprout R1CS to a file during startup (#3691)
  7. On shutdown, wait for miner threads to exit (join them) (#3647)
  8. Update for Mac OS local rpc-tests
  9. Bitcoin 0.12 performance improvements (#3263)

For a more complete list of changes, please see the 2.0.3 milestone.

For information on specific Sapling RPC parameter changes, please see the Network Upgrade Developer guide.