diff --git a/CHANGELOG.md b/CHANGELOG.md index 04823720c..dee0705e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,19 @@ # Changelog +*November 25, 2021* + +## v3.3.1 +This version is identical to v3.3.0, but its bundled swagger-ui was updated to a newer version +(the previous version contained a potential reflective XSS vulnerability) and a workaround +for vesting account migrations was added in the upgrade handler. + +### Bug Fixes +- [679](https://github.com/crypto-org-chain/chain-main/pull/679) workaround for vesting account migrations in the upgrade handler + +### Improvements +- [678](https://github.com/crypto-org-chain/chain-main/pull/678) swagger ui updated to 4.1.0 + + *November 10, 2021* ## v3.3.0 diff --git a/NOTICE b/NOTICE index 0f61378b2..fbab7d1eb 100644 --- a/NOTICE +++ b/NOTICE @@ -23,3 +23,8 @@ This project contains portions of code derived from the following libraries: * Copyright (c) 2016-2021 Shanghai Bianjie AI Technology Inc. * License: Apache License 2.0 * Repository: https://github.com/irisnet/irismod + +* swagger-ui + * Copyright (c) 2020-2021 SmartBear Software Inc. + * License: Apache License 2.0 + * Repository: https://github.com/swagger-api/swagger-ui diff --git a/app/app.go b/app/app.go index 1c1cf7d1d..7e9f1035c 100644 --- a/app/app.go +++ b/app/app.go @@ -459,36 +459,31 @@ func New( app.SetAnteHandler(anteHandler) app.SetEndBlocker(app.EndBlocker) - // FIXME: upgrade plan to v0.43 https://github.com/cosmos/cosmos-sdk/pull/9567/files planName := "v3.0.0" app.UpgradeKeeper.SetUpgradeHandler(planName, func(ctx sdk.Context, plan upgradetypes.Plan, _ module.VersionMap) (module.VersionMap, error) { // a new param in 1.0.0 -- set to roundup(5x 7secs) as a safe choice app.IBCKeeper.ConnectionKeeper.SetParams(ctx, ibcconnectiontypes.NewParams(uint64(40*time.Second))) - // 1st-time running in-store migrations, using 1 as fromVersion to - // avoid running InitGenesis. - fromVM := map[string]uint64{ - "auth": 1, - "bank": 1, - "capability": 1, - "crisis": 1, - "distribution": 1, - "evidence": 1, - "gov": 1, - "mint": 1, - "params": 1, - "slashing": 1, - "staking": 1, - "upgrade": 1, - "vesting": 1, - "ibc": 1, - "genutil": 1, - "transfer": 1, - "chainmain": 1, - "nft": 1, - "supply": 1, + fromVM := make(map[string]uint64) + for moduleName := range app.mm.Modules { + fromVM[moduleName] = 1 } + // delete new modules from the map, for _new_ modules as to not skip InitGenesis + delete(fromVM, authz.ModuleName) + delete(fromVM, feegrant.ModuleName) - return app.mm.RunMigrations(ctx, app.configurator, fromVM) + // make fromVM[authtypes.ModuleName] = 2 to skip the first RunMigrations for auth (because from version 2 to migration version 2 will not migrate) + fromVM[authtypes.ModuleName] = 2 + + // the first RunMigrations, which will migrate all the old modules except auth module + newVM, errM := app.mm.RunMigrations(ctx, app.configurator, fromVM) + if errM != nil { + return nil, errM + } + // now update auth version back to 1, to make the second RunMigrations includes only auth + newVM[authtypes.ModuleName] = 1 + + // RunMigrations twice is just a way to make auth module's migrates after staking + return app.mm.RunMigrations(ctx, app.configurator, newVM) }) upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk()