v3.1.1

This is a bugfix release that fixes a bug introduced in 3.1.0. The bug leaves the amount field editable on desktop clients and crashes mobile clients when clicking a payment link or scanning a payment QR code. Now the bug is fixed.

SHA256 hash of the linux AppImage is bebf1a1fb540bcbc941d6efbc4be913f4ba82c71ccfe9b02eca26d5f02f30231, binaries for other platforms are already signed in ways that are standard on the respective platforms.

v3.1.0

This is a mandatory upgrade for all full nodes.

• Autonomous Agents upgraded to support Oscript 2.0. The change will get activated at MCI 5494000 which is expected around July 1st.
• Added the ability to hide contracts (subwallets)
• Multiple bugfixes and small improvements

SHA256 hash of the linux AppImage is eeabbd4fbb1a4a2a1d50f2d5e523c53e43fa2f247f7b87e767e92904a13f16fe, binaries for other platforms are already signed in ways that are standard on the respective platforms.

v3.0.3

This update fixes a security vulnerability (again discovered and reported to us by security researcher pearl) and several bugs.

The update is mandatory for all GUI wallets.

• Restored full backup which previously didn't include rocksdb folder. If you have a backup created on desktop versions 3.0.0 to 3.0.2, that backup is broken, please create a new one after upgrading.
• Fixed a bug that prevented accepting of some contracts, in particular Freebe contracts didn't work.
• Fixed a bug that prevented replacement of more than one Order Provider at a time when prompted by a suggestion from a hub.
• Linux wallet is now distributed as AppImage, which allows it to run on greater number of Linux distributions. Previously, the wallet didn't start on some Linux distributions. Linux wallet also uses a newer version of NWJS now. Please backup (by making a copy of your ~/.config/byteball folder while the wallet is not running) before upgrading, just in case.

SHA256 hash of the linux AppImage is ee8ddba9bec2b0355237304140431a253fdc6b6999c30ff8809db2167f96ec7a, binaries for other platforms are already signed in ways that are standard on the respective platforms.

v3.0.2

This is another security update that fixes several serious vulnerabilities (again discovered and reported to us by security researcher pearl).

The update is mandatory for all nodes.

Other bugfixes and improvements in this release:

• Fixed a bug that crashed the wallet when trying to view bots or smart contract definition
• Fixed a bug that crashed wallets on Windows if username contains non-latin characters
• Restored the display of dollar amounts when sending funds, it was lost in the previous release due to merge error
• Mac app is now notarized by Apple which allows it to be installed on macOS Catalina
• Other minor bugfixes

SHA256 hash of the linux archive is 2eae5903a5502ec492543f631cebf9f1c432f5fc35577720558fb468074c738e, binaries for other platforms are already signed in ways that are standard on the respective platforms.

v3.0.1

This is a security update that fixes two serious vulnerabilities discovered and reported to us by security researcher pearl:

• text messages in chat were incorrectly handled which allowed attackers to execute arbitrary code on victim's wallet. An attacker could supply arbitrary code in angularjs {{}} expressions and the victim's wallet would evaluate it. The attack vector could be used to steal the private keys. The vulnerability existed in all versions of Obyte wallet since the first release in 2016. However, to exploit the vulnerability, an attacker needs to first trick the victim to pair with the attacker's wallet or chatbot. Users who had their wallets protected with a good password and seed words deleted were better protected against such an attack. We have no reports of this vulnerability being actually exploited. The fix makes sure that user input is always treated as text and never evaluated.
• restore from full backup function allowed file paths with directory traversal (../) characters in backup archive, which could enable an attacker to overwrite important user files, such as .bashrc. on Linux. The vulnerability existed in all versions of Obyte wallet since restore from full backup was introduced in mid 2017. However, to exploit the vulnerability, an attacker needs to first trick the victim to restore from a maliciously crafted backup file. We have no reports of this vulnerability being actually exploited. The fix checks for directory traversal characters in file paths in the backup archive and ignores such files.

Since the two vulnerabilities are now publicly disclosed and each can be used to inflict serious damage to Obyte users who are not aware of them yet, the hub at obyte.org will refuse connections from non-upgraded wallets to keep them safe. All known operators of other hubs have been notified and recommended to apply the same policy.

Only GUI wallets are affected by the vulnerabilities and the upgrade is mandatory for them, headless nodes (wallets, hubs, relays) are not affected.

SHA256 hash of the linux archive is a45ea2593862cf4fadd0a53b69584d13edef1fa142baee6befd8ae97e0a4de1f, binaries for other platforms are already signed in ways that are standard on the respective platforms.

v3.0.0

Activates Autonomous Agents on mainnet after having them tested on testnet for 7 months.

Autonomous Agents are programs that run on the ledger and work with money and data in a predictable way nobody can intervene with.

Read more about AAs: Introducing Autonomous Agents

And about this release: Autonomous Agents On Mainnet: Ready For Takeoff

AAs are set to activate at MCI 5,210,000 which is expected at the end of February. Since this is a protocol upgrade and therefore a breaking change, all nodes, including light nodes, need to upgrade.

For full nodes, the upgrade will take a very long time since the update also includes moving part of the data from SQLite database to a much faster RocksDB database. The conversion of data will be done when you launch the wallet for the first time after the upgrade and it will take several hours (in our experience, from 3 hours on a dedicated server to 39 hours on a VPS), so please plan accordingly. RocksDB database will take additional 15 GB of disk space, please check that you have enough free disk space before the upgrade. Create a backup before upgrading.

For light nodes, the upgrade will be much faster since their database is usually small, but light nodes with long transaction history can still experience a noticeable delay during the first start, especially mobile ones on older hardware.

v2.8.0

• Witnesses are now shown with their names and a URL to learn more information about them and make an informed choice.
• Dollar amounts are now displayed when sending coins. It works for Bytes and other tokens for which exchange rates are available.
• Badges are now displayed on history tab when new payments are received.
• Arabic translation added, other translations improved.
• Fixed a bug that prevented the app from starting on Android 4.4.

sha256 hash of the linux zip is a8e35ee0b2cbc518637f6cc8710ad2e71b75996d004f37a58b1f5dfa8d502f20.

v2.7.2

• Fixed crashes of full wallets under some circumstances.
• Added backup reminder that pops up once the total balance exceeds $10 and urges you to create a backup.
• On Android, the app now displays where the backup was saved and allows to immediately share it to your other device or cloud storage (e.g. via Dropbox, email, Telegram, etc).
• Fixed a bug in message signing function when the message didn't contain any address.
• Fixed a bug in message signing function iOS wallet, the signed message was incorrect.
• Fixed sending of textcoins via WhatsApp on Android.

v2.7.0

• Updated branding from Byteball to Obyte
• Added ability to create and sign classic (prosaic, not smart) contracts. The contracts are optionally linked to real-name attested identities, like the classic contracts. Contract texts are saved privately in the wallets of the parties, their hashes are signed by both parties and posted to the DAG. Full story https://medium.com/obyte/introducing-prosaic-contracts-5d3564638a20
• Added ability to specify a list of trusted real name attestors. Received private profiles attested by trusted or untrusted attestors are visually indicated as such.
• Added ability to quickly search and sort contacts and bots
• Added an option to mute push notifications for individual correspondents (bots).
• Added an option to spend unconfirmed funds received from third parties, previously only unconfirmed change could be spent
• Human readable display of contracts now displays the peer's name rather than just "peer". It matters most in contracts with more than one peer, such as ORider.
• On smart contract composition pages, added more helpful placeholders and links to instructions on wiki
• When binding a condition to a payment, allowed to set conditions where oracle-posted data is more or less than the specified value, previously only exact equality was supported
• Sign-a-message feature now allows to sign with any address which is a member of the wallet, not just the last address
• Lists of addresses in multisig wallets are now synced among cosigner devices, which helps to automatically recover from loss of sync
• Extended the byteball: (obyte:) URI protocol to allow posting data (data feeds, attestations, polls, ...) by clicking a link on a website
• Added ability to claim several assets stored on a single textcoin address
• On iPhone X and other top-notchy iPhones, the app now occupies the entire screen
• Updated initial sync, full wallets no longer require large amounts of memory (and no longer run out of memory) when starting the initial sync or when syncing after a long period of being offline.
• The wallet now shows dollar value of some assets traded on the Exchange Bot, such as Future token
• Fixed a bug in Windows wallets which prevented it from opening byteball: links on websites.
• Fixed a bug that prevented multi-sig wallets from signing transactions in private currencies (such as blackbytes)
• Fixed a bug that caused some Android wallets to hang when restoring from backup
• Fixed a bug that crashed the wallet when requesting a custom asset payment with byteball: link and not having that particular asset in currently selected wallet
• Fixed a bug that prevented sign-a-message feature from working in multisig wallets
• Latest Tor Browser with Tor 0.3.5.x broke the socks5 passwordless handshake https://trac.torproject.org/projects/tor/ticket/29175, now it is fixed
• Fixed a bug that sometimes caused Android 4.4 devices to crash when trying to restore from full backup
• New languages: Srpski, Filipino, Vietnamese, Yoruba
• Multiple minor bugfixes and improvements

v2.6.0t

Same as 2.6.0 but for testnet