25.1 Release Notes
Bitcoin Knots version 25.1.knots20231115 is now available from:
https://bitcoinknots.org/files/25.x/25.1.knots20231115/
This release includes new features, various bug fixes and performance
improvements, as well as updated translations.
Please report bugs using the issue tracker at GitHub:
https://github.com/bitcoinknots/bitcoin/issues
To receive security and update notifications, please subscribe to:
https://bitcoinknots.org/list/announcements/join/
How to Upgrade
If you are running an older version, shut it down. Wait until it has completely
shut down (which might take a few minutes in some cases), then run the
installer (on Windows) or just copy over /Applications/Bitcoin-Qt
(on macOS)
or bitcoind
/bitcoin-qt
(on Linux).
Upgrading directly from very old versions of Bitcoin Core or Knots is
possible, but it might take some time if the data directory needs to be migrated. Old
wallet versions of Bitcoin Knots are generally supported.
Compatibility
Bitcoin Knots is supported on operating systems using the Linux kernel,
macOS 10.15+, and Windows 7 and newer. It is not recommended to use
Bitcoin Knots on unsupported systems.
Known Bugs
In various locations, including the GUI's transaction details dialog, transaction
virtual sizes may not account for an unusually high number of sigops (ie, as
determined by the -bytespersigop
policy). This could result in reporting a
lower virtual size than is actually used for mempool or mining purposes.
In the interest of time, this release does not include updated translations.
Please open an issue on GitHub if this is of particular importance to you or
anyone you know. If nobody expresses interest in localization, it may continue
to be skipped going forward.
Notable changes
Security vulnerabilities fixed
Several security issues (CVEs CVE-2023-40257, CVE-2023-40258, and CVE-2023-40259)
were identified in the extended rpcauth
wallet-restriction syntax, which is
intended to enable semi-trusted local applications using the Bitcoin Knots API to
access only specific wallets (or none at all) and not others. The full details of
these issues will be disclosed at a future time, but they have all been fixed in
this release.
P2P and network changes
-
To address a potential denial-of-service, the logic to download headers from peers
has been reworked. This is particularly relevant for nodes starting up for the
first time (or for nodes which are starting up after being offline for a long time).Whenever headers are received from a peer that have a total chainwork that is either
less than the node's-minimumchainwork
value or is sufficiently below the work at
the node's tip, a "presync" phase will begin, in which the node will download the
peer's headers and verify the cumulative work on the peer's chain, prior to storing
those headers permanently. Once that cumulative work is verified to be sufficiently high,
the headers will be redownloaded from that peer and fully validated and stored.This may result in initial headers sync taking longer for new nodes starting up for
the first time, both because the headers will be downloaded twice, and because the effect
of a peer disconnecting during the presync phase (or while the node's best headers chain has less
than-minimumchainwork
), will result in the node needing to use the headers presync mechanism
with the next peer as well (downloading the headers twice, again). (bitcoin#25717) -
Enable parallel compact block downloads to mitigate temporary stalls from a slow peer. (bitcoin#27626)
-
The rate limit on transaction relay has been doubled to 14 transactions per
second (35 tx/s for outbound connections) to better adapt to present network
conditions. (bitcoin#28592) -
Transactions of non-witness size 65 and above are now allowed by mempool
and relay policy. This is to better reflect the actual afforded protections
against CVE-2017-12842 and open up additional use-cases of smaller transaction sizes. (bitcoin#26265) -
With I2P connections, a new, transient address is used for each outbound
connection if-i2pacceptincoming=0
. (bitcoin#25355) -
A new net permission
forceinbound
(set with-whitelist=forceinbound@...
or-whitebind=forceinbound@...
) is introduced that extendsnoban
permissions.
Inbound connections from hosts protected byforceinbound
will now be more
likely to connect even ifmaxconnections
is reached and the node's inbound
slots are full. This is achieved by attempting to force the eviction of a random,
inbound, otherwise unprotected peer. RPCgetpeerinfo
will also now indicate
forced_inbound
. (bitcoin#27600) -
The
-datacarriersize
policy limit has been updated to match newer style datacarrier
transactions. (bitcoin#28408) -
An additional
-datacarriercost
option has also been added to avoid giving the "segwit
discount" to aribitrary data (and can be increased to require datacarrier transactions
to pay higher fees). -
The spam filters limiting smart contract code sizes for pre-Segwit and Segwit
"v0" scripts have been expanded to also cover Taproot. Since the sizes were
inconsistent, the lower size of 1650 which actually had a rationale has been
used as the default for this release. The size limit can be adjusted with the
new-maxscriptsize
option. If you know of any legitimate scripts that are
larger than the default, please report a bug.
New RPCs
-
A new
getprioritisedtransactions
RPC has been added. It returns a map of all fee deltas created by the
user with prioritisetransaction, indexed by txid. The map also indicates whether each transaction is
present in the mempool. -
getaddrmaninfo
has been added to view the distribution of addresses in the
new and tried table of the node's address manager across different networks
(ipv4, ipv6, onion, i2p, cjdns). The RPC returns count of addresses in new
and tried table as well as their sum for all networks. (bitcoin#27511, bitcoin#28565)
Updated RPCs
-
The
verifychain
RPC will now returnfalse
if the checks didn't fail,
but couldn't be completed at the desired depth and level. This could be due
to missing data while pruning, due to an insufficient dbcache or due to
the node being shutdown before the call could finish. (bitcoin#25574) -
sendrawtransaction
has a new, optional argument,maxburnamount
with a default value of0
.
Any transaction containing an unspendable output with a value greater thanmaxburnamount
will
not be submitted. At present, the outputs deemed unspendable are those with scripts that begin
with anOP_RETURN
code (known as 'datacarriers'), scripts that exceed the maximum script size,
and scripts that contain invalid opcodes. -
The
testmempoolaccept
RPC now returns 2 additional results within the "fees" result:
"effective-feerate" is the feerate including fees and sizes of transactions validated together if
package validation was used, and also includes any modified fees from prioritisetransaction. The
"effective-includes" result lists the wtxids of transactions whose modified fees and sizes were used
in the effective-feerate (bitcoin#26646). -
decodescript
may now infer a Miniscript descriptor under P2WSH context if it is not lacking
information. (bitcoin#27037) -
finalizepsbt
is now able to finalize a transaction with inputs spending Miniscript-compatible
P2WSH scripts. (bitcoin#24149) -
The
-deprecatedrpc=softforks
configuration option has been removed. The
RPCgetblockchaininfo
no longer returns thesoftforks
field, which was
previously deprecated in 23.0. (bitcoin#23508) Information on soft fork status is
now only available via thegetdeploymentinfo
RPC. -
The
deprecatedrpc=exclude_coinbase
configuration option has been removed.
Thereceivedby
RPCs (listreceivedbyaddress
,listreceivedbylabel
,
getreceivedbyaddress
andgetreceivedbylabel
) now always return results
accounting for received coins from coinbase outputs, without an option to
change that behaviour. Excluding coinbases was previously deprecated in 23.0.
(bitcoin#25171) -
The
deprecatedrpc=fees
configuration option has been removed. The top-level
fee fieldsfee
,modifiedfee
,ancestorfees
anddescendantfees
are no
longer returned by RPCsgetmempoolentry
,getrawmempool(verbose=true)
,
getmempoolancestors(verbose=true)
andgetmempooldescendants(verbose=true)
.
The same fee fields can be accessed through thefees
object in the result.
The top-level fee fields were previously deprecated in 23.0. (bitcoin#25204) -
The
getpeerinfo
RPC has been updated with a newpresynced_headers
field,
indicating the progress on the presync phase mentioned in the
"P2P and network changes" section above. -
RPC
disconnectnode
now accepts a subnet intoaddress
argument. (bitcoin#26576) -
The output from
getmempoolinfo
is extended to include arbf_policy
key
briefly describing the current replace-by-fee policy ("never", "optin", or
"always").
Changes to wallet related RPCs can be found in the Wallet section below.
Build System
- The
--enable-upnp-default
and--enable-natpmp-default
options
have been removed. If you want to use port mapping, you can
configure it using a .conf file, or by passing the relevant
options at runtime. (bitcoin#26896)
Updated settings
-
If the
-checkblocks
or-checklevel
options are explicitly provided by the
user, but the verification checks cannot be completed due to an insufficient
dbcache, Bitcoin Knots will now return an error at startup. (bitcoin#25574) -
Setting
-blocksonly
will now reduce the maximum mempool memory
to 5MB (users may still use-maxmempool
to override). Previously,
the default 300MB would be used, leading to unexpected memory usage
for users running with-blocksonly
expecting it to eliminate
mempool memory usage.As unused mempool memory is shared with dbcache, this also reduces
the dbcache size for users running with-blocksonly
, potentially
impacting performance. -
Setting
-maxconnections=0
will now disable-dnsseed
and-listen
(users may still set them to override).
Changes to GUI or wallet related settings can be found in the GUI or Wallet section below.
New settings
-
The
shutdownnotify
option is used to specify a command to execute synchronously
before Bitcoin Knots has begun its shutdown sequence. (bitcoin#23395) -
To assist in controlling access to the RPC "cookie" file on multiuser systems, a new
rpccookieperms
setting has been added to set the file permissions mode before
writing the access token.
Wallet
-
Added a new
next_index
field in the response inlistdescriptors
to
have the same format asimportdescriptors
(bitcoin#26194) -
RPC
listunspent
now has a new argumentinclude_immature_coinbase
to include coinbase UTXOs that don't meet the minimum spendability
depth requirement (which before were silently skipped). (bitcoin#25730) -
Rescans for descriptor wallets are now significantly faster if compact
block filters (BIP158) are available. Since those are not constructed
by default, the configuration option "-blockfilterindex=1" has to be
provided to take advantage of the optimization. This improves the
performance of the RPC callsrescanblockchain
,importdescriptors
andrestorewallet
. (bitcoin#25957) -
RPC
unloadwallet
now fails if a rescan is in progress. (bitcoin#26618) -
Wallet passphrases may now contain null characters.
Prior to this change, only characters up to the first
null character were recognized and accepted. (bitcoin#27068) -
Address Purposes strings are now restricted to the currently known values of "send",
"receive", and "refund". Wallets that have unrecognized purpose strings will have
loading warnings, and thelistlabels
RPC will raise an error if an unrecognized purpose
is requested. (bitcoin#27217) -
In the
createwallet
,loadwallet
,unloadwallet
, andrestorewallet
RPCs, the
"warning" string field is deprecated in favor of a "warnings" field that
returns a JSON array of strings to better handle multiple warning messages and
for consistency with other wallet RPCs. The "warning" field will be fully
removed from these RPCs in v26. It can be temporarily re-enabled during the
deprecation period by launching bitcoind with the configuration option
-deprecatedrpc=walletwarningfield
. (bitcoin#27279) -
Descriptor wallets can now spend coins sent to P2WSH Miniscript descriptors. (bitcoin#24149)
-
The
-walletrbf
startup option will now default totrue
. The
wallet will now default to opt-in RBF on transactions that it creates. (bitcoin#25610) -
The
replaceable
option for thecreaterawtransaction
and
createpsbt
RPCs will now default totrue
. Transactions created
with these RPCs will default to having opt-in RBF enabled. (bitcoin#25610) -
The
wsh()
output descriptor was extended with Miniscript support. You can import Miniscript
descriptors for P2WSH in a watchonly wallet to track coins, but you can't spend from them using
the Bitcoin Core wallet yet.
You can find more about Miniscript on the reference website. (bitcoin#24148) -
The
tr()
output descriptor now supports multisig scripts through themulti_a()
and
sortedmulti_a()
functions. (bitcoin#24043) -
The
importdescriptors
RPC can now be used to import BIP 93 (codex32) seeds. (bitcoin#27351) -
To help prevent fingerprinting transactions created by the Bitcoin Core wallet, change output
amounts are now randomized. (bitcoin#24494) -
The
listsinceblock
,listtransactions
andgettransaction
output now contain a new
parent_descs
field for every "receive" entry. (bitcoin#25504) -
A new optional
include_change
parameter was added to thelistsinceblock
command. (bitcoin#25504) -
RPC
importaddress
now supports watch-only descriptor wallets. -
RPC
walletprocesspsbt
return object now includes fieldhex
(if the transaction
is complete) containing the serialized transaction suitable for RPCsendrawtransaction
. (bitcoin#28414) -
The result of RPC
getaddressinfo
adds anisactive
key which can be used to determine if
the address is derived from the currently active wallet seed. (bitcoin#27216) -
RPC
getreceivedbylabel
now returns an error, "Label not found
in wallet" (-4), if the label is not in the address book. (bitcoin#25122)
Migrating Legacy Wallets to Descriptor Wallets
An experimental RPC migratewallet
has been added to migrate Legacy (non-descriptor) wallets to
Descriptor wallets. More information about the migration process is available in the
documentation.
GUI changes
-
The "Mask values" is a persistent option now. (gui#701)
-
The "Mask values" option affects the "Transaction" view now, in addition to the
"Overview" one. (gui#708) -
A new menu item to restore a wallet from a backup file has been added (gui#471).
-
Configuration changes made in the bitcoin GUI (such as the pruning setting,
proxy settings, UPNP preferences) are now saved to<datadir>/settings.json
file rather than to the Qt settings backend (windows registry or unix desktop
config files), so these settings will now apply to bitcoind, instead of being
ignored. (bitcoin#15936, gui#602) -
Also, the interaction between GUI settings and
bitcoin.conf
settings is
simplified. Settings frombitcoin.conf
are now displayed normally in the GUI
settings dialog, instead of in a separate warning message ("Options set in this
dialog are overridden by the configuration file: -setting=value"). And these
settings can now be edited becausesettings.json
values take precedence over
bitcoin.conf
values. (bitcoin#15936)
REST
-
A new
/rest/deploymentinfo
endpoint has been added for fetching various
state info regarding deployments of consensus changes. (bitcoin#25412) -
The
/headers/
and/blockfilterheaders/
endpoints have been updated to use
a query parameter instead of path parameter to specify the result count. The
count parameter is now optional, and defaults to 5 for both endpoints. The old
endpoints are still functional, and have no documented behaviour change.For
/headers
, use
GET /rest/headers/<BLOCK-HASH>.<bin|hex|json>?count=<COUNT=5>
instead of
GET /rest/headers/<COUNT>/<BLOCK-HASH>.<bin|hex|json>
(deprecated)For
/blockfilterheaders/
, use
GET /rest/blockfilterheaders/<FILTERTYPE>/<BLOCK-HASH>.<bin|hex|json>?count=<COUNT=5>
instead of
GET /rest/blockfilterheaders/<FILTERTYPE>/<COUNT>/<BLOCK-HASH>.<bin|hex|json>
(deprecated)
Binary verification
- The binary verification script has been updated. In previous releases it
would verify that the binaries had been signed with a single "release key".
In this release and moving forward it will verify that the binaries are
signed by a threshold of trusted keys. For more details and
examples, see:
https://github.com/bitcoin/bitcoin/blob/master/contrib/verify-binaries/README.md
(bitcoin#27358)
Low-level changes
RPC
-
The JSON-RPC server now rejects requests where a parameter is specified multiple
times with the same name, instead of silently overwriting earlier parameter values
with later ones. (bitcoin#26628) -
RPC
listsinceblock
now accepts an optionallabel
argument
to fetch incoming transactions having the specified label. (bitcoin#25934) -
Previously
setban
,addpeeraddress
,walletcreatefundedpsbt
, methods
allowed non-boolean and non-null values to be passed as boolean parameters.
Any string, number, array, or object value that was passed would be treated
as false. After this change, passing any value excepttrue
,false
, or
null
now triggers a JSON value is not of expected type error. (bitcoin#26213) -
The
deriveaddresses
,getdescriptorinfo
,importdescriptors
andscantxoutset
commands now
accept Miniscript expression within awsh()
descriptor. (bitcoin#24148) -
The
getaddressinfo
,decodescript
,listdescriptors
andlistunspent
commands may now output
a Miniscript descriptor inside awsh()
where awsh(raw())
descriptor was previously returned. (bitcoin#24148)