# Gavin Andresen # 2013-09-04 01:22:54 # https://bitcointalk.org/index.php?topic=287351.msg3076439#msg3076439 Bitcoin-Qt version 0.8.4 is now available from: @p{brk} @s{(link)} @p{par} This is a maintenance release to fix a critical bug and three @p{brk} security issues; we urge all users to upgrade. @p{par} Please report bugs using the issue tracker at github: @p{brk} @s{(link)} @p{par} @p{brk} How to Upgrade @p{brk} @p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{--} @p{par} If you are running an older version, shut it down. Wait @p{brk} until it has completely shut down (which might take a few minutes for older @p{brk} versions), then run the installer (on Windows) or just copy over @p{brk} /Applications/Bitcoin-Qt (on Mac) or bitcoind/bitcoin-qt (on Linux). @p{par} If you are upgrading from version 0.7.2 or earlier, the first time you @p{brk} run 0.8.4 your blockchain files will be re-indexed, which will take @p{brk} anywhere from 30 minutes to several hours, depending on the speed of @p{brk} your machine. @p{par} 0.8.4 Release notes @p{brk} =================== @p{par} Security issues @p{brk} @p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-} @p{par} An attacker could send a series of messages that resulted in @p{brk} an integer division-by-zero error in the Bloom Filter handling @p{brk} code, causing the Bitcoin-Qt or bitcoind process to crash. @p{brk} Bloom filters were introduced with version 0.8, so versions 0.8.0 @p{brk} through 0.8.3 are vulnerable to this critical denial-of-service attack. @p{par} A constant-time algorithm is now used to check RPC password @p{brk} guess attempts; fixes @s{(link)} @p{brk} (CVE-2013-4165) @p{par} Implement a better fix for the fill-memory-with-orphan-transactions @p{brk} attack that was fixed in 0.8.3. See @p{brk} @s{(link)} @p{brk} for a description of the weaknesses of the previous fix. @p{brk} (CVE-2013-4627) @p{par} Bugs fixed @p{brk} @p{@p{--}-}@p{@p{--}-}@p{@p{--}-}- @p{par} Fix multi-block reorg transaction resurrection. @p{par} Fix non-standard disconnected transactions causing mempool orphans. @p{brk} This bug could cause nodes running with the -debug flag to crash. @p{par} OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!) @p{brk} prevent the database corruption issues many people have @p{brk} experienced on OSX. @p{par} Linux: clicking on bitcoin: links was broken if you were using @p{brk} a Gnome-based desktop. @p{par} Fix a hang-at-shutdown bug that only affects users that compile @p{brk} their own version of Bitcoin against Boost versions 1.50-1.52. @p{par} Other changes @p{brk} @p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}- @p{par} Checkpoint at block 250,000 to speed up initial block downloads @p{brk} and make the progress indicator when downloading more accurate. @p{par} @p{brk} Thanks to everybody who contributed to the 0.8.4 releases! @p{brk} @p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}@p{@p{--}-}- @p{par} Pieter Wuille @p{brk} Warren Togami @p{brk} Patrick Strateman @p{brk} pakt @p{brk} Gregory Maxwell @p{brk} Sergio Demian Lerner @p{brk} grayleonard @p{brk} Cory Fields @p{brk} Matt Corallo @p{brk} Gavin Andresen @p{brk}