This release contains security, stability, and miscellaneous fixes.
Security bug fixes
Consolidated Security Fixes for 2.0.2 (#8595)
- Restrict allowed block signature types.
Note: These security fixes are relevant to all nodes on EOSIO blockchain networks.
Stability bug fixes
- (#8526) Handle socket close before async callback - 2.0
- (#8546) Net plugin dispatch - 2.0
- (#8552) Net plugin unlinkable blocks - 2.0
- (#8560) Backport of 8056 to 2.0
- (#8561) Net plugin post - 2.0
- (#8564) Delayed production time - 2.0
Changes
Limit block production window (#8571, #8578)
The new options cpu-effort-percent and last-block-cpu-effort-percent now provide a mechanism to restrict the amount of time a producer is processing transactions for inclusion into a block. It also controls the time a producer will finalize/produce and transmit a block. Block construction now always begins at whole or half seconds for the next block.
Stricter signature parsing
Versions of EOSIO prior to v2.0.x accept keys and signatures containing extra data at the end. In EOSIO v2.0.x, the Base58 string parser performs additional sanity checks on keys and signatures to make sure they do not contain more data than necessary. These stricter checks cause nodes to reject signatures generated by some transaction signing libraries; eosjs v20 is known to generate proper signatures. For more information see issue #8534.
Other Changes
- (#8555) Drop late check - 2.0
- (#8557) Read-only with drop-late-block - 2.0
- (#8568) Timestamp watermark slot - 2.0.x
- (#8577) [release 2.0.x] Documentation patch 1 update
- (#8583) P2p read only - 2.0
- (#8589) Producer plugin log - 2.0
Deprecation notice reminder
Please refer to the Consolidated EOSIO Deprecations List for the currently active set of deprecation notices.