Agoric-upgrade-13 security bulletin

:shield:Upgrade-13 Security Bulletin

This bulletin highlights security improvements in the recent Agoric upgrade, agoric-upgrade-13.

Cosmos-SDK Advisory GHSA-qfc5-6r3j-jj22

:white_check_mark: #8581: Backport x/crisis non halt

  • The advisory pertains to the x/crisis module not causing chain halt in the event of an invariant violation.
  • Our mitigation is to remove the module in anticipation of deprecation in future releases. By removing we also remove the need to address a later advisory involving the x/crisis module failing to charge ConstantFee.

For a full list of changes that include non-security fixes, see the agoric-upgrade-13 release notes.

If you need to get in touch with the Agoric security team, do not hesitate to email us at security@agoric.com. Friendly reminder that we have a bug bounty and reward vulnerabilities reported to us via HackerOne.

1 Like