<div dir="ltr"><div>Bitcoin Core version 0.9.1 is now available from:</div><div><br></div><div> <a href="https://bitcoin.org/bin/0.9.1/">https://bitcoin.org/bin/0.9.1/</a></div><div><br></div><div>This is a security update. It is recommended to upgrade to this release</div>
<div>as soon as possible.</div><div><br></div><div>It is especially important to upgrade if you currently have version</div><div>0.9.0 installed and are using the graphical interface OR you are using</div><div>bitcoind from any pre-0.9.1 version, and have enabled SSL for RPC and</div>
<div>have configured allowip to allow rpc connections from potentially</div><div>hostile hosts.</div><div><br></div><div>Please report bugs using the issue tracker at github:</div><div><br></div><div> <a href="https://github.com/bitcoin/bitcoin/issues">https://github.com/bitcoin/bitcoin/issues</a></div>
<div><br></div><div>How to Upgrade</div><div>--------------</div><div><br></div><div>If you are running an older version, shut it down. Wait until it has completely</div><div>shut down (which might take a few minutes for older versions), then run the</div>
<div>installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or</div><div>bitcoind/bitcoin-qt (on Linux).</div><div><br></div><div>If you are upgrading from version 0.7.2 or earlier, the first time you run</div>
<div>0.9.1 your blockchain files will be re-indexed, which will take anywhere from </div><div>30 minutes to several hours, depending on the speed of your machine.</div><div><br></div><div>0.9.1 Release notes</div><div>=======================</div>
<div><br></div><div>No code changes were made between 0.9.0 and 0.9.1. Only the dependencies were changed.</div><div><br></div><div>- Upgrade OpenSSL to 1.0.1g. This release fixes the following vulnerabilities which can</div>
<div> affect the Bitcoin Core software:</div><div><br></div><div> - CVE-2014-0160 ("heartbleed")</div><div> A missing bounds check in the handling of the TLS heartbeat extension can</div><div> be used to reveal up to 64k of memory to a connected client or server.</div>
<div><br></div><div> - CVE-2014-0076</div><div> The Montgomery ladder implementation in OpenSSL does not ensure that</div><div> certain swap operations have a constant-time behavior, which makes it</div><div> easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache</div>
<div> side-channel attack.</div><div><br></div><div>- Add statically built executables to Linux build</div><div><br></div><div>Credits</div><div>--------</div><div><br></div><div>Credits go to the OpenSSL team for fixing the vulnerabilities quickly.</div>
<div><br></div>
</div>