github Consensys/teku 21.12.2
v21.12.2

latest releases: 24.10.3, 24.10.2, 24.10.1...
2 years ago

This is an important security update. All users are strongly recommended to update as soon as possible.

Additional security vulnerabilities were found in log4j in the newly released 2.15.0 which details are not yet available for.
As a result we cannot yet confirm if Teku is vulnerable to them. This release of Teku upgrades to log4j 2.16.0 which is safe
against these new vulnerabilities and completely disables JDNI which is the underlying technology used in this category of attack.

As as result we strongly encourage all users to update as soon as possible to 21.12.2 even if you have previously updated to 21.12.1.

Downloads

  • Available as 21.12.2 on Dockerhub
  • Download the binary distribution:
    • tar.gz (
      sha256: 1ae37c495dd5127ea6591fd223324fdf457b1ff114611a94bcc5cb97a3270a7d)
    • zip (
      sha256: 0c8adbc974b2238f721fe9231ef17291c6203034f10514d581f1eb4421046f5e)

Additions and Improvements

  • Updated CLI options ensuring unmatched options aren't confused as parameters.

Bug Fixes

  • Updated to log4j 2.16.0.
  • Fix multiarch JDK17 variant docker image to bundle Java 17 instead of Java 16

Upcoming Breaking Changes

  • Support for the Pyrmont testnet will be removed in an upcoming release. The Prater testnet should be used instead.
  • The /teku/v1/beacon/states/:state_id endpoint has been deprecated in favor of the standard API /eth/v1/debug/beacon/states/:state_id which now returns the state as SSZ when the Accept: application/octet-stream header is specified on the request.
  • The /eth/v1/debug/beacon/states/:state_id endpoint has been deprecated in favor of the v2 Altair endpoint /eth/v2/debug/beacon/states/:state_id
  • The /eth/v1/beacon/blocks/:block_id endpoint has been deprecated in favor of the v2 Altair endpoint /eth/v2/beacon/blocks/:block_id
  • The /eth/v1/validator/blocks/:slot endpoint has been deprecated in favor of the v2 Altair endpoint /eth/v2/validator/blocks/:slot
  • The commandline option --validators-performance-tracking-enabled has been deprecated in favour of --validators-performance-tracking-mode

Don't miss a new teku release

NewReleases is sending notifications on new releases.