From cfc757dc5043fb2758c47c146d2912fd010c1a45 Mon Sep 17 00:00:00 2001 From: Julien Robert Date: Thu, 8 Jun 2023 11:23:26 +0200 Subject: [PATCH] chore: prepare v0.47.3 (2/2) (#16444) --- CHANGELOG.md | 3 +- RELEASE_NOTES.md | 1 + UPGRADING.md | 121 ----------------------------------------------- 3 files changed, 3 insertions(+), 122 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bab7f0ec79d9..151bb2345f08 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -37,7 +37,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ ## [Unreleased] -## [v0.47.3](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.3) - 2023-06-05 +## [v0.47.3](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.3) - 2023-06-08 ### Features @@ -62,6 +62,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ ### Bug Fixes +* Fix [barberry](https://forum.cosmos.network/t/cosmos-sdk-security-advisory-barberry/10825) security vulnerability. * (server) [#16395](https://github.com/cosmos/cosmos-sdk/pull/16395) Do not override some Comet config is purposely set differently in `InterceptConfigsPreRunHandler`. * (store) [#16449](https://github.com/cosmos/cosmos-sdk/pull/16449) Fix StateSync Restore by excluding memory store. * (cli) [#16312](https://github.com/cosmos/cosmos-sdk/pull/16312) Allow any addresses in `client.ValidatePromptAddress`. diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 4b596e98070c..598981682552 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -7,6 +7,7 @@ Missed the v0.47.0 announcement? Read it [here](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.0). For this third patch release of the `v0.47.x` line, some of the notable changes include: +* The [barberry](https://forum.cosmos.network/t/cosmos-sdk-security-advisory-barberry/10825) security vulnerability is resolved. All chains using Cosmos SDK `<= v0.47.2` are advised to upgrade to `v0.47.3` **immediately**. A chain is safe as soon as **33%+1** of the voting power has upgraded. Coordinate with your validators to upgrade as soon as possible. * A command to be able to bootstrap comet from a local snapshot with [` comet bootstrap-state`](https://docs.cosmos.network/v0.47/run-node/run-node#local-state-sync). * Commands to manage snapshots: Add `snapshot.Cmd(appCreator)` to your chain root command for using them. * The default logger is now `cosmossdk.io/log`, which supports coloring 🟥🟩🟪🟦 and filtering again. diff --git a/UPGRADING.md b/UPGRADING.md index db7994f36fbb..2401b6543432 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -293,124 +293,3 @@ This means chain developers need to validate the `classID` and `nftID` of an NFT Ledger support has been generalized to enable use of different apps and keytypes that use `secp256k1`. The Ledger interface remains the same, but it can now be provided through the Keyring `Options`, allowing higher-level chains to connect to different Ledger apps or use custom implementations. In addition, higher-level chains can provide custom key implementations around the Ledger public key, to enable greater flexibility with address generation and signing. This is not a breaking change, as all values will default to use the standard Cosmos app implementation unless specified otherwise. - -## [v0.46.x](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.46.0) - -### Go API Changes - -The `replace google.golang.org/grpc` directive can be removed from the `go.mod`, it is no more required to block the version. - -A few packages that were deprecated in the previous version are now removed. - -For instance, the REST API, deprecated in v0.45, is now removed. If you have not migrated yet, please follow the [instructions](https://docs.cosmos.network/v0.45/migrations/rest.html). - -To improve clarity of the API, some renaming and improvements has been done: - -| Package | Previous | Current | -| --------- | ---------------------------------- | ------------------------------------ | -| `simapp` | `encodingConfig.Marshaler` | `encodingConfig.Codec` | -| `simapp` | `FundAccount`, `FundModuleAccount` | Functions moved to `x/bank/testutil` | -| `types` | `AccAddressFromHex` | `AccAddressFromHexUnsafe` | -| `x/auth` | `MempoolFeeDecorator` | Use `DeductFeeDecorator` instead | -| `x/bank` | `AddressFromBalancesStore` | `AddressAndDenomFromBalancesStore` | -| `x/gov` | `keeper.DeleteDeposits` | `keeper.DeleteAndBurnDeposits` | -| `x/gov` | `keeper.RefundDeposits` | `keeper.RefundAndDeleteDeposits` | -| `x/{mod}` | package `legacy` | package `migrations` | - -For the exhaustive list of API renaming, please refer to the [CHANGELOG](https://github.com/cosmos/cosmos-sdk/blob/main/CHANGELOG.md). - -#### new packages - -Additionally, new packages have been introduced in order to further split the codebase. Aliases are available for a new API breaking migration, but it is encouraged to migrate to this new packages: - -* `errors` should replace `types/errors` when registering errors or wrapping SDK errors. -* `math` contains the `Int` or `Uint` types that are used in the SDK. -* `x/nft` an NFT base module. -* `x/group` a group module allowing to create DAOs, multisig and policies. Greatly composes with `x/authz`. - -#### `x/authz` - -* `authz.NewMsgGrant` `expiration` is now a pointer. When `nil` is used, then no expiration will be set (grant won't expire). -* `authz.NewGrant` takes a new argument: block time, to correctly validate expire time. - -### Keyring - -The keyring has been refactored in v0.46. - -* The `Unsafe*` interfaces have been removed from the keyring package. Please use interface casting if you wish to access those unsafe functions. -* The keys' implementation has been refactored to be serialized as proto. -* `keyring.NewInMemory` and `keyring.New` takes now a `codec.Codec`. -* Take `keyring.Record` instead of `Info` as first argument in: - * `MkConsKeyOutput` - * `MkValKeyOutput` - * `MkAccKeyOutput` -* Rename: - * `SavePubKey` to `SaveOfflineKey` and remove the `algo` argument. - * `NewMultiInfo`, `NewLedgerInfo` to `NewLegacyMultiInfo`, `newLegacyLedgerInfo` respectively. - * `NewOfflineInfo` to `newLegacyOfflineInfo` and move it to `migration_test.go`. - -### PostHandler - -A `postHandler` is like an `antehandler`, but is run _after_ the `runMsgs` execution. It is in the same store branch that `runMsgs`, meaning that both `runMsgs` and `postHandler`. This allows to run a custom logic after the execution of the messages. - -### IAVL - -v0.19.0 IAVL introduces a new "fast" index. This index represents the latest state of the -IAVL laid out in a format that preserves data locality by key. As a result, it allows for faster queries and iterations -since data can now be read in lexicographical order that is frequent for Cosmos-SDK chains. - -The first time the chain is started after the upgrade, the aforementioned index is created. The creation process -might take time and depends on the size of the latest state of the chain. For example, Osmosis takes around 15 minutes to rebuild the index. - -While the index is being created, node operators can observe the following in the logs: -"Upgrading IAVL storage for faster queries + execution on the live state. This may take a while". The store -key is appended to the message. The message is printed for every module that has a non-transient store. -As a result, it gives a good indication of the progress of the upgrade. - -There is also downgrade and re-upgrade protection. If a node operator chooses to downgrade to IAVL pre-fast index, and then upgrade again, the index is rebuilt from scratch. This implementation detail should not be relevant in most cases. It was added as a safeguard against operator -mistakes. - -### Modules - -#### `x/params` - -* The `x/params` module has been depreacted in favour of each module housing and providing way to modify their parameters. Each module that has parameters that are changable during runtime have an authority, the authority can be a module or user account. The Cosmos SDK team recommends migrating modules away from using the param module. An example of how this could look like can be found [here](https://github.com/cosmos/cosmos-sdk/pull/12363). -* The Param module will be maintained until April 18, 2023. At this point the module will reach end of life and be removed from the Cosmos SDK. - -#### `x/gov` - -The `gov` module has been greatly improved. The previous API has been moved to `v1beta1` while the new implementation is called `v1`. - -In order to submit a proposal with `submit-proposal` you now need to pass a `proposal.json` file. -You can still use the old way by using `submit-legacy-proposal`. This is not recommended. -More information can be found in the gov module [client documentation](https://docs.cosmos.network/v0.46/modules/gov/07_client.html). - -#### `x/staking` - -The `staking module` added a new message type to cancel unbonding delegations. Users that have unbonded by accident or wish to cancel a undelegation can now specify the amount and valdiator they would like to cancel the unbond from - -### Protobuf - -The `third_party/proto` folder that existed in [previous version](https://github.com/cosmos/cosmos-sdk/tree/v0.45.3/third_party/proto) now does not contains directly the [proto files](https://github.com/cosmos/cosmos-sdk/tree/release/v0.46.x/third_party/proto). - -Instead, the SDK uses [`buf`](https://buf.build). Clients should have their own [`buf.yaml`](https://docs.buf.build/configuration/v1/buf-yaml) with `buf.build/cosmos/cosmos-sdk` as dependency, in order to avoid having to copy paste these files. - -The protos can as well be downloaded using `buf export buf.build/cosmos/cosmos-sdk:8cb30a2c4de74dc9bd8d260b1e75e176 --output `. - -Cosmos message protobufs should be extended with `cosmos.msg.v1.signer`: - -```protobuf -message MsgSetWithdrawAddress { - option (cosmos.msg.v1.signer) = "delegator_address"; ++ - - option (gogoproto.equal) = false; - option (gogoproto.goproto_getters) = false; - - string delegator_address = 1 [(cosmos_proto.scalar) = "cosmos.AddressString"]; - string withdraw_address = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; -} -``` - - - -When clients interract with a node they are required to set a codec in in the grpc.Dial. More information can be found in this [doc](https://docs.cosmos.network/v0.46/run-node/interact-node.html#programmatically-via-go).