Security Advisory for Fix in Concordium Node 4.2.3 now public

Concordium Node 4.2.3, which was released August 2nd (see previous announcement), fixed a critical security vulnerability present in all previous 4.* node versions. The bug could be triggered by certain transactions involving smart contracts and lead to either the node stopping to bake, or to crashing, depending on whether the transaction is part of a block or not.

The security advisory detailing the issue and the patch is now public.

The majority of the nodes are upgraded to the newest version 4.2.3. We urge node runners of the remaining nodes to upgrade as well.

2 Likes