This release contains security, stability, and miscellaneous fixes.
Consolidated Security Fixes for 2.0.2 (#8595)
- Restrict allowed block signature types.
Note: These security fixes are relevant to all nodes on EOSIO blockchain networks.
- (#8526) Handle socket close before async callback - 2.0
- (#8546) Net plugin dispatch - 2.0
- (#8552) Net plugin unlinkable blocks - 2.0
- (#8560) Backport of 8056 to 2.0
- (#8561) Net plugin post - 2.0
- (#8564) Delayed production time - 2.0
The new options
last-block-cpu-effort-percent now provide a mechanism to restrict the amount of time a producer is processing transactions for inclusion into a block. It also controls the time a producer will finalize/produce and transmit a block. Block construction now always begins at whole or half seconds for the next block.
Versions of EOSIO prior to v2.0.x accept keys and signatures containing extra data at the end. In EOSIO v2.0.x, the Base58 string parser performs additional sanity checks on keys and signatures to make sure they do not contain more data than necessary. These stricter checks cause nodes to reject signatures generated by some transaction signing libraries; eosjs v20 is known to generate proper signatures. For more information see issue #8534.
- (#8555) Drop late check - 2.0
- (#8557) Read-only with drop-late-block - 2.0
- (#8568) Timestamp watermark slot - 2.0.x
- (#8577) [release 2.0.x] Documentation patch 1 update
- (#8583) P2p read only - 2.0
- (#8589) Producer plugin log - 2.0
Please refer to the Consolidated EOSIO Deprecations List for the currently active set of deprecation notices.