aboutsummaryrefslogtreecommitdiff
path: root/doc/release-notes/release-notes-0.4.1.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/release-notes/release-notes-0.4.1.md')
-rw-r--r--doc/release-notes/release-notes-0.4.1.md38
1 files changed, 38 insertions, 0 deletions
diff --git a/doc/release-notes/release-notes-0.4.1.md b/doc/release-notes/release-notes-0.4.1.md
new file mode 100644
index 0000000000..ac471a8d7f
--- /dev/null
+++ b/doc/release-notes/release-notes-0.4.1.md
@@ -0,0 +1,38 @@
+Bitcoin version 0.4.1 is now available for download at:
+http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.4.1/
+
+This is a bugfix only release based on 0.4.0.
+
+Please report bugs by replying to this forum thread.
+
+MAJOR BUG FIX (CVE-2011-4447)
+
+The wallet encryption feature introduced in Bitcoin version 0.4.0 did not sufficiently secure the private keys. An attacker who
+managed to get a copy of your encrypted wallet.dat file might be able to recover some or all of the unencrypted keys and steal the
+associated coins.
+
+If you have a previously encrypted wallet.dat, the first time you run wxbitcoin or bitcoind the wallet will be rewritten, Bitcoin will
+shut down, and you will be prompted to restart it to run with the new, properly encrypted file.
+
+If you had a previously encrypted wallet.dat that might have been copied or stolen (for example, you backed it up to a public
+location) you should send all of your bitcoins to yourself using a new bitcoin address and stop using any previously generated addresses.
+
+Wallets encrypted with this version of Bitcoin are written properly.
+
+Technical note: the encrypted wallet's 'keypool' will be regenerated the first time you request a new bitcoin address; to be certain that the
+new private keys are properly backed up you should:
+
+1. Run Bitcoin and let it rewrite the wallet.dat file
+
+2. Run it again, then ask it for a new bitcoin address.
+wxBitcoin: new address visible on main window
+bitcoind: run the 'walletpassphrase' RPC command to unlock the wallet, then run the 'getnewaddress' RPC command.
+
+3. If your encrypted wallet.dat may have been copied or stolen, send all of your bitcoins to the new bitcoin address.
+
+4. Shut down Bitcoin, then backup the wallet.dat file.
+IMPORTANT: be sure to request a new bitcoin address before backing up, so that the 'keypool' is regenerated and backed up.
+
+"Security in depth" is always a good idea, so choosing a secure location for the backup and/or encrypting the backup before uploading it is recommended. And as in previous releases, if your machine is infected by malware there are several ways an attacker might steal your bitcoins.
+
+Thanks to Alan Reiner (etotheipi) for finding and reporting this bug.
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-09 15:13:04 +0000