aboutsummaryrefslogtreecommitdiff
path: root/doc/release-notes/release-notes-0.9.1.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/release-notes/release-notes-0.9.1.md')
-rw-r--r--doc/release-notes/release-notes-0.9.1.md53
1 files changed, 53 insertions, 0 deletions
diff --git a/doc/release-notes/release-notes-0.9.1.md b/doc/release-notes/release-notes-0.9.1.md
new file mode 100644
index 0000000000..0552053d27
--- /dev/null
+++ b/doc/release-notes/release-notes-0.9.1.md
@@ -0,0 +1,53 @@
+Bitcoin Core version 0.9.1 is now available from:
+
+ https://bitcoin.org/bin/0.9.1/
+
+This is a security update. It is recommended to upgrade to this release
+as soon as possible.
+
+It is especially important to upgrade if you currently have version
+0.9.0 installed and are using the graphical interface OR you are using
+bitcoind from any pre-0.9.1 version, and have enabled SSL for RPC and
+have configured allowip to allow rpc connections from potentially
+hostile hosts.
+
+Please report bugs using the issue tracker at github:
+
+ https://github.com/bitcoin/bitcoin/issues
+
+How to Upgrade
+--------------
+
+If you are running an older version, shut it down. Wait until it has completely
+shut down (which might take a few minutes for older versions), then run the
+installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or
+bitcoind/bitcoin-qt (on Linux).
+
+If you are upgrading from version 0.7.2 or earlier, the first time you run
+0.9.1 your blockchain files will be re-indexed, which will take anywhere from
+30 minutes to several hours, depending on the speed of your machine.
+
+0.9.1 Release notes
+=======================
+
+No code changes were made between 0.9.0 and 0.9.1. Only the dependencies were changed.
+
+- Upgrade OpenSSL to 1.0.1g. This release fixes the following vulnerabilities which can
+ affect the Bitcoin Core software:
+
+ - CVE-2014-0160 ("heartbleed")
+ A missing bounds check in the handling of the TLS heartbeat extension can
+ be used to reveal up to 64k of memory to a connected client or server.
+
+ - CVE-2014-0076
+ The Montgomery ladder implementation in OpenSSL does not ensure that
+ certain swap operations have a constant-time behavior, which makes it
+ easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache
+ side-channel attack.
+
+- Add statically built executables to Linux build
+
+Credits
+--------
+
+Credits go to the OpenSSL team for fixing the vulnerabilities quickly.