diff --git a/CHANGELOG.md b/CHANGELOG.md index 3028545b4eee..9681d234a31a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -37,11 +37,13 @@ Ref: https://keepachangelog.com/en/1.0.0/ ## [Unreleased] +## [v0.45.14](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.45.14) - 2023-02-16 + ### Features * [#14583](https://github.com/cosmos/cosmos-sdk/pull/14583) Add support for Core API. -## v0.45.13 - 2023-02-09 +## [v0.45.13](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.45.13) - 2023-02-09 ### Improvements @@ -51,7 +53,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * (store) [#14798](https://github.com/cosmos/cosmos-sdk/pull/14798) Copy btree to avoid the problem of modify while iteration. -## v0.45.12 - 2023-01-23 +## [v0.45.12](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.45.12) - 2023-01-23 ### Improvements @@ -74,7 +76,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * (store) [#13516](https://github.com/cosmos/cosmos-sdk/pull/13516) Fix state listener that was observing writes at wrong time. * (store) [#12945](https://github.com/cosmos/cosmos-sdk/pull/12945) Fix nil end semantics in store/cachekv/iterator when iterating a dirty cache. -## v0.45.11 - 2022-11-09 +## [v0.45.11](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.45.11) - 2022-11-09 ### Improvements @@ -94,7 +96,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * [#13673](https://github.com/cosmos/cosmos-sdk/pull/13673) The `GetFromFields` function now takes `Context` as an argument and removes `genOnly`. -## v0.45.10 - 2022-10-24 +## [v0.45.10](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.45.10) - 2022-10-24 ### Features @@ -112,7 +114,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * [#13564](https://github.com/cosmos/cosmos-sdk/pull/13564) - Fix `make proto-gen`. * (server) [#13610](https://github.com/cosmos/cosmos-sdk/pull/13610) Read the pruning-keep-every field again. -## v0.45.9 - 2022-10-14 +## [v0.45.9](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.45.9) - 2022-10-14 ATTENTION: @@ -152,7 +154,7 @@ replace github.com/confio/ics23/go => github.com/cosmos/cosmos-sdk/ics23/go v0.8 Reverted #12437 due to API breaking changes. -## v0.45.8 - 2022-08-25 +## [v0.45.8](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.45.8) - 2022-08-25 ### Improvements @@ -167,7 +169,7 @@ Reverted #12437 due to API breaking changes. * [#13046](https://github.com/cosmos/cosmos-sdk/pull/13046) Fix missing return statement in BaseApp.Query. -## v0.45.7 - 2022-08-04 +## [v0.45.7](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.45.7) - 2022-08-04 ### Features diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 3b367ba1e5d8..d0e943bff686 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,6 +1,6 @@ -# Cosmos SDK v0.45.13 Release Notes +# Cosmos SDK v0.45.14 Release Notes -This release introduces one bug fix, namely [#14798](https://github.com/cosmos/cosmos-sdk/pull/14798) and a bump to Tendermint v0.34.26, as per its [security advisory](https://github.com/informalsystems/tendermint/security/advisories/GHSA-cpqw-5g6w-h8rr). +This release fixes a possible way to DoS a node. **NOTE**: Add or update the following replace in the `go.mod` of your application: @@ -11,13 +11,4 @@ replace github.com/tendermint/tendermint => github.com/informalsystems/tendermin Please see the [CHANGELOG](https://github.com/cosmos/cosmos-sdk/blob/release/v0.45.x/CHANGELOG.md) for an exhaustive list of changes. -**Full Commit History**: https://github.com/cosmos/cosmos-sdk/compare/v0.45.12...v0.45.13 - -**NOTE:** The changes mentioned in `v0.45.9` are **no longer required**. The following replace directive can be removed from the chains. - -```go -# Can be deleted from go.mod -replace github.com/confio/ics23/go => github.com/cosmos/cosmos-sdk/ics23/go v0.8.0 -``` - -Instead, `github.com/confio/ics23/go` must be **bumped to `v0.9.0`**. +**Full Commit History**: https://github.com/cosmos/cosmos-sdk/compare/v0.45.13...v0.45.14 diff --git a/baseapp/abci.go b/baseapp/abci.go index 985e4ae3b385..3b866e4f01e3 100644 --- a/baseapp/abci.go +++ b/baseapp/abci.go @@ -435,6 +435,10 @@ func (app *BaseApp) Query(req abci.RequestQuery) (res abci.ResponseQuery) { req.Height = app.LastBlockHeight() } + if req.Path == "/cosmos.tx.v1beta1.Service/BroadcastTx" { + return sdkerrors.QueryResultWithDebug(sdkerrors.Wrapf(sdkerrors.ErrInvalidRequest, "can't route a broadcast tx message"), app.trace) + } + // handle gRPC routes first rather than calling splitPath because '/' characters // are used as part of gRPC paths if grpcHandler := app.grpcQueryRouter.Route(req.Path); grpcHandler != nil {