Author

Topic: Update your Electrum to the latest 3.3.5 version (Read 332 times)

legendary
Activity: 2576
Merit: 1655
Did they fix vulnerabilities that allowed DDoS attack?  I was reading this release notes you mentioned but didnt find answer for my question.
This was huge thing to fix and a lot people had problems because of that.
AFAIK the vulnerability was fixed post 3.3 and that's why they used it to disconnect users on versions < 3.3; the DDoS attack that was happening was made to the servers. Totally different.

Correct, if you read those releases in the link:

Quote
# Release 3.3.3 - (January 25, 2019)

 * Do not expose users to server error messages (#4968)
 * Notify users of new releases. Release announcements must be signed,
   and they are verified byElectrum using a hardcoded Bitcoin address.

 * Hardware wallet fixes (#4991, #4993, #5006)
 * Display only QR code in QRcode Window
 * Fixed code signing on MacOS
 * Randomise locktime of transactions
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
When it comes to crypto, I'm trying not to rush with software updates. I think it would be better to wait few days after release of update to be sure that there are no vulnerabilities and big bugs in newest version. Until then it's nothing wrong to use old version of software.

I see no reason to rush for this version, unlike the previous ones where you would be left unable to connect to public Electrum servers. I also do not immediately jump when a new version comes out, for various reasons. Your thinking is the same i apply to all software (not just crypto related).

When enough people upgrade and report things are working ok, usually my parent distro (Arch) would have packaged a new version for me to update into. At this very moment its still on 3.3.4, but there is no need to rush things, I'll wait for the package maintainer AND forum user reports.
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
When it comes to crypto, I'm trying not to rush with software updates. I think it would be better to wait few days after release of update to be sure that there are no vulnerabilities and big bugs in newest version. Until then it's nothing wrong to use old version of software.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
Also make sure you only download the update from the original site or the original GitHub repository, because hackers make use of similar looking domains to launch Phishing attacks and people download software that are exploited.

The last update also made sure that "public" servers with exploited code could not be used by default. So you will not be able to connect your client if you still used a outdated version of the client software.  Wink
legendary
Activity: 3472
Merit: 10611
Hello everyone,
Just a gently reminder to update your Electrum wallet to the latest release.

Did they fix vulnerabilities that allowed DDoS attack?  I was reading this release notes you mentioned but didnt find answer for my question.
This was huge thing to fix and a lot people had problems because of that.

that is a DDoS attack on Electrum nodes/servers not on Electrum clients. this change-long you are seeing is for Electrum client so obviously there is and never will be any mention of it there.
i think this is part of the fix: https://github.com/kyuupichan/electrumx/pull/785


p.s. don't forget checking the PGP signatures of what you download and don't just rush upgrading to newest version.
legendary
Activity: 2758
Merit: 6830
Did they fix vulnerabilities that allowed DDoS attack?  I was reading this release notes you mentioned but didnt find answer for my question.
This was huge thing to fix and a lot people had problems because of that.
AFAIK the vulnerability was fixed post 3.3 and that's why they used it to disconnect users on versions < 3.3; the DDoS attack that was happening was made to the servers. Totally different.
legendary
Activity: 2296
Merit: 1014
Hello everyone,
Just a gently reminder to update your Electrum wallet to the latest release.

Did they fix vulnerabilities that allowed DDoS attack?  I was reading this release notes you mentioned but didnt find answer for my question.
This was huge thing to fix and a lot people had problems because of that.
legendary
Activity: 2702
Merit: 4002
This is my feeling when I watch a new update to that wallet.  Cheesy

Perhaps what caught my attention in the update is these two things: "CoinGecko.com" & "Testnet warning"

I expected there to be more update regarding sync and not just.

Fix a bug in synchronizer (#5122) where client could get stuck.
   Also, show the progress of history sync in the GUI. (#5319)
hero member
Activity: 1330
Merit: 869
Could someone explain the meaning of this "seedless mode" for Trezor in the changelog and how does it work exactly?

https://wiki.trezor.io/Enterprise#Seedless_setup
legendary
Activity: 2758
Merit: 6830
Could someone explain the meaning of this "seedless mode" for Trezor in the changelog and how does it work exactly?
See this: https://btcbrainpro.wordpress.com/2019/02/14/electrum-adding-initialization-of-trezor-in-seedless-mode/

And this:
Quote
This is an option during device initialisation. When enabled, the user will never be shown the seed words, and the device even stores this fact; i.e. the user will have "proof" the mnemonic was never shown. Apparently the main use case in mind is redundant multisig setups.

There are now multiple "advanced" options when initialising a Trezor, so I hid some of them behind an "expert" button.
https://github.com/spesmilo/electrum/pull/5118
staff
Activity: 3500
Merit: 6152
Could someone explain the meaning of this "seedless mode" for Trezor in the changelog and how does it work exactly?

legendary
Activity: 2576
Merit: 1655
Hello everyone,

Just a gently reminder to update your Electrum wallet to the latest release.

https://twitter.com/ElectrumWallet/status/1126543774790893572



All the changes can be found here.

https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES
Jump to: