This release contains a fix for ISA-2025-001.
This version addresses a security vulnerability in IBC-go's deserialisation of acknowledgements and we strongly encourage everyone in the affected versions to update their chain immediately. This patch is not state-breaking, so chains can upgrade in a rolling manner. This does not have to be a co-ordinated upgrade. However, validators should upgrade as soon as possible when the release is made available. If the vulnerability is exploited before 2/3 is patched, the chain will halt.
Full Changelog: v8.6.1...v8.7.0
To learn more about ibc-go versioning, please read our RELEASES.md.
IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.50.9 and ibc-go v8.5.1, please follow:
- The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.
- The migration from ibc-go v1 to v2.
- The migration from ibc-go v2 to v3.
- The migration from ibc-go v3 to v4.
- The migration from ibc-go v4 to v5.
- The migration from ibc-go v5 to v6.
- The migration from ibc-go v6 to v7.
- The migration from ibc-go v7 to v7.1.
- The migration from ibc-go v7.2 to v7.3.
- The migration from ibc-go v7 to v8.
- The migration from ibc-go v8 to v8.1.