Weekly Edition for Thursday, Sep 9



project release date
ledgerjs v6.6.0
  • Fix an issue with ERC20 info when using EIP 1559 transactions (#654) thanks @FrederikBolding
  • Upgraded libraries (patch bump)
    • ethers 5.4.4 -> 5.4.6
    • axios 0.21.1 -> 0.21.3
  • Upgraded our building libraries (typescript, eslint)
BTC Pay Server v1.2.3
This release fixes three XSS vulnerabilities. Those vulnerabilities only impacts shared BTCPay instances. Special thanks to Ajmal "@b3ef" Aboobacker and Abdul "@b1nslashsh" muhaimin for finding them who contacted us through @huntrdev. See 1, 2 and 3.

Bug fixes:

  • Use CSP to prevent future XSS attacks. (#2856, #2863) @NicolasDorier
  • Fix XSS vulnerabilities in summernote, the rich text editor (#2859) @dennisreimann
  • The page could crash if the user clicks too many time on Notificate 'Mark as Seen' @NicolasDorier
  • Fix plugins page crashing @Kukks
  • Fix page crash of the perk editor in the crowdfund settings when the title is not set @dennisreimann
  • Do not generate payment methods when 0 amount invoice (#2776)
  • When using the BTCPay Vault, some hardware wallet types were considered unknown @NicolasDorier


type rfc # title date status
bip bip-0380 [BIPs 380-386] Output Script Descriptors 2021-09-04 Merged
bip bip-0350 bip-0350: fix links for reference implementations 2021-09-09 Merged
bolt X Keysend bLIP 2021-09-08 Update
bolt X anchors: follow up changes after initial zero fee anchors merge 2021-09-05 Update
bolt transactions BOLT 3: add a missing Otherwise, don't SHOULD "be". 2021-09-03 Merged
slip slip-0039 SLIP-0039: can we omit Gt, g and t in the format of the shares? 2021-09-05 Closed
slip X add Fantom 2021-09-03 Merged
slip X Added moonriver 2021-09-09 Merged