Critical Wallet UPDATE!

Mining
1

Hi all. Zcash has identified and fixed a critical security flaw. Both Zcash v1.0.8-1 and the just-released ZClassic v1.0.8 have the security patch applied. PLEASE UPDATE YOUR NODE ASAP.

[Moderator Edit] Zcash v1.0.8 is vulnerable, and v1.0.8-1 has the fix. I changed the mistake above for safety to avoid confusion. The v1.0.8-1 version is tagged, but we haven’t built official binaries. We’ll post the official security disclosure once binaries are released. -Nathan

For Zcash:

clone or pull from the Master repo:

For ZClassic:

clone or pull from:

https://github.com/z-classic/zclassic/tree/v1.0.8-dev

OR use the brand new v1.0.8-1 release:

-Best
David

1 Like
2

Looks like someone has been watching the Github Repo,

The Zcash team will announce when it is ready and instructions on what steps to take. They are still merging as of 10 mins ago.

2 Likes
3
4

fyi I am building a new release of my Windows builds right now to post asap

1 Like
6

The Zclassic devs requested that I spread the word, and at that time told me Zcash was merging the patch. I looked at the Zcash repo and say a reference to the patch, so I posted the repo link.

Edit: Next time I’ll just address the ZClassic folks, if that’s what you want.

7

That is cool, I appreciate you helping out.:slight_smile: I believe the official explanation and instructions on updating are going to be posted very soon.

8

Mac version coming ? :slight_smile:

9

yes, later tonight I’ll post a build for mac, too

1 Like
10

Patched command-line binaries for Windows v1.0.8-1 at now at:
https://://zcash.dl.mercerweiss.com/zcash-win-v1.0.8-1.zip

Updated zcash4win GUI with patched zcashd, and updated command line for Mac and zcash4mac GUI later tonight

3 Likes
11

Mac 1.0.8-1 posted, see:

2 Likes
12

Hi @anon47418038, getting an interesting message after updating the binaries for zcashd to 1.0.8-1 (see screenshot below). I did overwrite the original binaries in /Applications/zcash4mac.app/Contents/Java with the ones in your package. Maybe I shouldn’t have? Anyway’s here’s the screenshot. I’ll try to zap some milliZEC to the wallet to see if it’s actually updating.

Thanks!

screenshot.png2332×987 539 KB

13

I’d go into “Add/Remove Programs” and uninstall zcash4win and download the new release (ugh, same file name, which is a limitation of Windows Installer) from https://zcash4win.com

14

Thanks however I’m running on the Mac version :slight_smile:

Anyways, I cashed out some milliZEC from my mining pool and I can see that the transaction shows up successfully. To some extent, the java client can communicate with the zcashd daemon, but it throws these errors and I can’t see my balance. I’ll keep tinkering with it.

15

oh derp…I didn’t overwrite, that might make things unhappy…I working on updating the GUI with some things and will push a new installer for zcash4mac soon.

In the meantime I’d reinstall zcash4mac, and run the zcashd in the zipfile from Terminal before launching it.

16

Thanks! I’m in no hurry, I’ll wait for the full installer until then :slight_smile:

17

thanks for waiting a bit, its late here and I gotta crash

18

I thought so too. Thanks for the immense help/contributions! Get some good rest sir!

19

Just as a side note, the method proposed by @anon47418038 (reinstall zcash4mac, kill any running zcashd process and run the process from the zip before launching the client) worked perfectly.

1 Like