This patch release introduces quality of life fixes. A big performance improvement is how and when block builders trigger building of the next block; it is now optimized to run as soon as possible which can allow the EL to collect and fill more txs in the block.
It is now strongly recommended for payload building ELs using bera-reth to run the reth node command with the --engine.always-process-payload-attributes-on-canonical-head flag. This ensures liveness in rare edge case network conditions. More details about this flag can be found here.
Update Priority
This table provides priorities for which classes of users should update particular components.
| User Class | General |
|---|---|
| Payload Builders | Strongly recommended |
| Non-Payload Builders | Recommended |
All Changes
- chore(release): update public signing key (#2999)
- upgrade go to v1.25.5 to address vulnerability from go stdlib (#2998)
- fix: resolve JWT authentication race condition on validator restart (#2937)
- Restrict premined-deposits directory permissions to owner-only (#2995)
- fix: spec file validation now supports embedded structs (#2830)
- Limit jwt file permissions (#2990)
- chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#2986)
- chore(deps): bump github.com/kurtosis-tech/kurtosis/api/golang from 1.12.1 to 1.13.2 (#2985)
- chore(deps): bump github.com/opencontainers/runc from 1.1.14 to 1.2.8 in the go_modules group across 1 directory (#2978)
- chore(deps): bump golang.org/x/sync from 0.17.0 to 0.18.0 (#2983)
- chore: update genesis file for prague4 (#2980)
- chore(deps): bump github.com/kurtosis-tech/kurtosis/api/golang from 1.11.2 to 1.12.1 (#2974)
- feat: prague3 genesis file (#2977)
- fix: flaky tests by using thread-safe SyncBuffer + refactor test cleanup (#2972)
- chore(deps): bump to latest bera-geth release (#2973)
- chore(deps): bump github.com/consensys/gnark-crypto from 0.18.0 to 0.18.1 in the go_modules group across 1 directory (#2971)
- refactor: remove obsolete // +build tag (#2962)
- chore(security): fix shell injection security issue (#2954)
- upgrade go to v1.25.3 to address vulnerability from go stdlib (#2970)
- perf(blockchain): optimize tail FCU call (#2939)
- [2/n] test(payload-building): Simulated tests to uncover optimistic building edge cases (#2963)
- [1/n] chore(blockchain): dropped
enable_optimistic_payload_buildsflag (#2944) - chore(deps): bump github.com/kurtosis-tech/kurtosis/api/golang from 1.11.1 to 1.11.2 (#2957)
- chore(stateDB): renamed
statedb.Copy(#2958) - chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0 (#2950)
- chore(deps): bump github.com/go-playground/validator/v10 from 10.27.0 to 10.28.0 (#2946)
Binaries
| System | Architecture | Binary | PGP Signature |
|---|---|---|---|
| amd64 | beacond-v1.3.4-linux-amd64 | Signature | |
| arm64 | beacond-v1.3.4-linux-arm64 | Signature | |
| arm64 | beacond-v1.3.4-darwin-arm64 | Signature | |
| System | Option | - | Resource |
| Docker | berachain/beacon-kit |
Verifying signatures
Use gpg to verify the signature on these binary archives. This is important to make sure that the content you've downloaded is legitimate. gpg can be installed with most package managers. For example:
brew install gpgon macapt install gpgon Ubuntu/Debian
Once gpg is installed, import our public key into its database and verify:
- Download signing public key from here.
- Run
gpg --import berachain_release.asc - Verify with
gpg --verify {signature}.sig {binary}.tar.gz - This message is expected:
WARNING: This key is not certified with a trusted signature! - To resolve the warning, trust the key by signing with your own keypair.
gpg --lsign-key <keyid>