March 12, 2021 - weekly forum update

Here are your weekly Zcash updates:

Mark your calendars -

Community Shout Outs - Congrats to @brunchtime on your recent ZOMG grant and for pitching in during the MozFest presentation earlier this week. Shout out to zec.art for introducing a collection of amazing zcash-inspired work. Shout out to @honeywest for contributing 2 good community PRs that were merged this week. Shout out to @Elio for contributing a PR to remove dependence on Firebase, that was merged this week as well.

DevInfra

  • lightwalletd security update pushed out
  • Maintenance and fixes pushed for testnet seeder
  • Prometheus and Promtail bindings to tekton controller (delivers tekton specific stats like pass/fail, build duration, latency of work request)
  • Began work for Faucet replacement (broke out work, installed agent on current faucet to help baseline request loads)
  • Trial install and test of tekton IDE plugin for visualizations and builder controls

Core

  • Merged drafts of all remaining NU5 ZIPs: 216, 224, 225, and 252
  • Published a draft of the Zcash Protocol Specification reflecting changes related to the NU5 ZIPs
  • Published NU5 Proposed Features blog post
  • Progress on merging upstream (Bitcoin) locking fixes
  • Made improvements to the solution for zero-knowledgeness in Halo 2 and great security proof progress (zero-knowledgeness updates make this easier)
  • Implemented Sinsemilla primitives in librustzcash
  • NCC specification audit kick off meeting on Monday the 15th

Security

  • Redwood now interrogates lots of facets of a list of repos and stores + changes

Wallet

  • Lightwalletd DoS fixes merged and tagged
  • To avoid disruption, we’ve begun migrating our Android repos in response to JCenter’s shutdown announcement. All future releases will now go to Maven Central and previous releases will be migrated, soon.
  • iOS memo security bug patched and rolled out
  • Both platforms transitioned to updated SQLite crate that uses the Data Access API
  • iOS Logging library created “zealous-logger” to help us debug difficult issues and will make it into a future release in the near future.
6 Likes

Is there publicly available information about this?

2 Likes

I checked the commits ,

these are the pull requests that were merged and were part of the release.

most of them are for preventing DoS attacks by adding more checks/validations, guarding the Ping test interface. removing error logging ( which the clients could use ) …

3 Likes