This is a recommended release that introduces critical observer reliability improvements and a new Redis-based rate limiting system. The release significantly improves observer stability under load through reduced sample rates, optimized timeouts, and better concurrency management. Additionally, it introduces a complete rate limiting solution with token bucket algorithm and IP allowlist support for enhanced DDoS protection.
Key Features
🛡️ Rate Limiter
Complete Redis/Valkey-based rate limiting system with:
- Token bucket algorithm with configurable limits per IP and resource
- IP allowlist support with CIDR block matching
- Lua scripts for atomic Redis operations
- Support for both cluster and non-cluster Redis deployments
📊 Observer Reliability Improvements
- Reduced default offset observation sample rate from 5% to 1%
- Added quick chunk validation to skip expensive operations
- Optimized timeout configurations (7 seconds) for reliable assessments
- Reduced concurrent connections and serialized ownership checks
🔒 Security Updates
- Updated dependencies to address security vulnerabilities
- Resolved critical elliptic ECDSA and secp256k1 private key extraction vulnerabilities
📈 Enhanced Metrics
- Comprehensive Prometheus metrics for observer performance
- Gateway assessment tracking with pass/fail status
- AR.IO node release version as global label
Docker Images
This release uses the following specific image SHAs:
- Core:
7038d77ef5a32af219a0c7c57af8cca78b46d720 - Envoy:
159d6467108122a3413c5ab45150d334dc9fb78f - Clickhouse Auto-Import:
4512361f3d6bdc0d8a44dd83eb796fd88804a384 - Litestream:
be121fc0ae24a9eb7cdb2b92d01f047039b5f5e8 - Observer:
a50f88a58735b17a73818f6e1b9d1b2207f0a176(pinned) - AO CU:
08436a88233f0247f3eb35979dd55163fd51a153(pinned)
For complete details, see CHANGELOG.md.