This release improves security by addressing issues raised by AI audits.
Security Fixes
- Reject PSBT inputs with non-standard sighash types before signing (redundant check to pair with Embit check, with clearer error raising)
- Warn user before signing raw hashes in message signing
- Fix ZeroDivisionError in fee calculation for zero-value output PSBTs
- Validate multisig quorum: reject m=0 and m>n in key-value wallet files
- DeflateIO enforces 100KB max decompressed size, preventing zip bomb OOM via BBQR encoding "Z" or KEF decryption
- Enforce part_total limits in pMofN (1–99) and BBQR (≥1) QR parsers, preventing OOM via unbounded part accumulation
- Validate settings.json on load: enforce max file size and reject non-object payloads, preventing OOM and type-confusion via a malicious SD card
- KEF: enforce minimum PBKDF2 iterations on unwrap
- PSBT: reject multi-key descriptors with more than one origin-less xpub, which would otherwise silently lose cosigner identity (taproot internal-key exception preserved)
- File manager: filter "."/".." and entries containing path separators from SD listings, blocking directory traversal via crafted FAT entries
- KEF decryption: in-session exponential backoff (1s, 2s, 4s … capped at 30s) on failed attempts, slowing interactive brute forcing without persisting lockout state to flash