You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ASA-2024-007 describes a vulnerability in the version of IBC used by the Agoric chain. There are no known ways to exploit this vulnerability on the Agoric chain. However, to ensure we're ready for rapid deployment of fixes, let's apply this change to the master branch of agoric-sdk.
Note: there is a new release in v6.3.x release line tagged v6.3.1 that seems to be specifically for Celestia to address some of their maintenance/testing(?) need.
Given the note above, we'll still target upgrading to v6.3.0 as suggested in ASA-2024-007
<!-- < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < ☺
v ✰ Thanks for creating a PR! ✰
☺ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -->
<!-- Most PRs should close a specific Issue. All PRs should at least
reference one or more Issues. Edit and/or delete the following lines as
appropriate (note: you don't need both `refs` and `closes` for the same
one): -->
closes: #9205
refs: #9205
## Description
This PR updates ibc-go in response to
GHSA-j496-crgh-34mx
TODO
- [x] upgrade our runbook with a note on async channel version
negotiation
### Security Considerations
This PR addresses
GHSA-j496-crgh-34mx
### Scaling Considerations
N/A
### Documentation Considerations
N/A
### Testing Considerations
Relying on our CI/CD to verify things as this is a simple dependency
version bump
### Upgrade Considerations
N/A
What is the Problem Being Solved?
ASA-2024-007 describes a vulnerability in the version of IBC used by the Agoric chain. There are no known ways to exploit this vulnerability on the Agoric chain. However, to ensure we're ready for rapid deployment of fixes, let's apply this change to the
master
branch of agoric-sdk.Description of the Design
Simple patch to bump version in https://github.com/Agoric/agoric-sdk/blob/master/golang/cosmos/go.mod
Security Considerations
This is a hardening measure
Scaling Considerations
No known impact to scaling
Test Plan
Please testing CI as well as using
/golang/cosmos/e2e_test
Upgrade Considerations
This should go out in upgrade16 regardless of whatever other Interchain Stack changes go out.
The text was updated successfully, but these errors were encountered: