This is a maintenance release which mainly addresses application vulnerabilities and minor enhancements
Vulnerabilities addressed with this release:
- CSRF token based authentication, which strengthens the app against cross site attacks in the browser
- Passwords like ‘password’, ‘changeme’ or ‘moneyprintergobrrr’ must be changed before doing any operation on the app
- Angular version upgrade to 12, which will require node version to be at a minimum of 12
Minor enhancements:
- Routing fee limit cap removed on Loop Out
- Routing Fee rate will also be displayed in %age for easier understanding
Details of the issues covered with this release here
PGP Key: https://keybase.io/suheb
Download the release and signature:
wget https://github.com/Ride-The-Lightning/RTL/archive/refs/tags/v0.11.0.tar.gz
wget https://github.com/Ride-The-Lightning/RTL/releases/download/v0.11.0/v0.11.0.tar.gz.asc
Verify the release:
gpg --verify v0.11.0.tar.gz.asc v0.11.0.tar.gz
gpg: Signature made Sun 20 Jun 2021 05:41:26 PM EDT
gpg: using RSA key 3E9BD4436C288039CA827A9200C9E2BC2E45666F
gpg: Good signature from "saubyk (added uid) <39208279+saubyk@users.noreply.github.com>" [unknown]
gpg: aka "Suheb (approves) <39208279+saubyk@users.noreply.github.com>" [unknown]
gpg: aka "Suheb <39208279+saubyk@users.noreply.github.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3E9B D443 6C28 8039 CA82 7A92 00C9 E2BC 2E45 666F
Unzip and install the release:
tar -xvf v0.11.0.tar.gz
cd RTL-0.11.0
npm install --only=prod
Docker images available at https://hub.docker.com/r/shahanafarooqui/rtl/tags:
docker pull shahanafarooqui/rtl:0.11.0
docker pull shahanafarooqui/rtl:0.11.0-arm64v8
docker pull shahanafarooqui/rtl:0.11.0-arm32v7
docker pull shahanafarooqui/rtl:0.11.0-amd64