This release contains security updates and miscellaneous fixes.
Consolidated Security Updates for v2.0.12 (#10264)
- Apply three-strikes rule to all transaction failures
- Apply unconditional subjective CPU check along with some additional logging
- Provide options to enable subjective CPU billing for P2P and API transactions ,and provide an option to disable it for individual accounts
This release expands upon the subjective CPU billing introduced in (v2.0.10). Subjective billing (disabled by default) can now be applied to transactions that come in from either P2P connections, API requests, or both. By setting
false both P2P and API transactions will have subjective CPU billing applied. Using
disable-subjective-api-billing will allow subjective CPU billing to be enabled/disabled for P2P transactions or API transactions respectively. Another option ,
disable-subjective-account-billing = <account>, is used to selectively disable subjective CPU billing for certain accounts while applying subjective CPU billing to all other accounts.
cleos get account is enhanced to report
subjective cpu bandwidth, which contains used subjective CPU billing in microseconds for a particular account on a given node.
Note: These security updates are relevant to all nodes on EOSIO blockchain networks.
- (#10155) [2.0.x] Improve timeouts occurring on Anka builds.
- (#10171) Wlb/ctest generalization for parameter tests 2.0.x
- (#10233) Support Running Version Tests on Fresh OS Installs
- (#10244) migrate boost downloads from BinTray to JFrog Artifactory - 2.0
- (#10250) Rel 2.0.x: Subjective CPU billing cleos enhancement and adding subjective_cpu_bill to /v1/chain/get_account result
- (#10186) Add EOSIO 2.0.11 release notes to dev portal - 2.0