[Lightning-dev] Partial LND Vulnerability Disclosure, Upgrade to 0.11.x

Conner Fromknecht conner at lightning.engineering
Fri Oct 9 00:19:09 UTC 2020


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi all,

We are writing to let the Lightning community know about the existence of
vulnerabilities that affect lnd versions 0.10.x and below. The full details of
these vulnerabilities will be disclosed on October 20, 2020. The circumstances
surrounding the discovery resulted in a compressed disclosure timeline compared
to our usual timeframes. We will be publishing more details about this in the
coming weeks along with a comprehensive bug bounty program.

While we have no reason to believe these vulnerabilities have been exploited in
the wild, we strongly urge the community to upgrade to lnd 0.11.0 or above ASAP.
Please ping us on the #lnd IRC channel, the LND Slack, or at
support at lightning.engineering if you need any assistance in doing so. Upgrade
instructions can be found in our installation docs:
https://github.com/lightningnetwork/lnd/blob/master/docs/INSTALL.md#installing-lnd.

Regards,
Conner Fromknecht
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEnI1hhop8SSADsnRO59c3tn+lkscFAl9/ozwACgkQ59c3tn+l
kscVvBAAk21z6tlHPkOSwfj1lBE0pqc65A6Qa927WEjN5hdUpjjof4Xo2j+GzbnN
Uoj4HGZu+koakzoVpJ4mzN+vg086zAnv+K668hhl7bbPHsQu6FqA1ALiAyy0nH6H
1yukXxpRflq53RTIVPjrEnFVdt6FCLhkCm9LuOk0a/SUf8D4b/N6OaB1Bxupeceu
QFSCIkb9kvW/Eplwkv7PEnx/IZNGIQP9F11DaKLTAjWY5RnIxmCw/oamvlP8Mxt8
/AqlzWVtPVqvwgJLhbMziraXNVV05naHrIXvbXrOI2Q7FZjdaxF+S4EKT4feuq1w
iW7NYSS/u5N2FP3yK8YIdoX0I/nwYQQcpsfbAv2dS4Ql2Td/dyREId4NcchmaKSV
N3w1jByMPWrgUtinl5WEDDOJdUKS2PHkQ95t3s/1uYDFsPz1kXJR2x37a/1AVz/K
6zQ45wFvHEopFR49hu/CV6MUvsvn4XKzPa46Ii7puaBaNqygx0RwuwlxbxCNxPNQ
v45CaCUEq2Tj3stu7YoYGntFvrXVkxXJocn51eK6D+g0bIEXxaGlPJeTuvifKMTO
3T3ZEEbCe9UhDUT8Ja2boP2IIi8wAyExGS59k0tndQGzMSjkzWZ0fzgYyyf+y4nt
r3nTCGi5WWe4y1i2KpiYZTRrQkbrNkRf+fnVdlnTS4lcgEWFFiY=
=8t9Q
-----END PGP SIGNATURE-----


More information about the Lightning-dev mailing list