Access, Collection and Execution node operators please upgrade to v0.31.21

vishal · October 13, 2023, 4:32pm

Hello Access, Collection and Execution node operators,

Please upgrade your Access, Collection and Execution node to v0.31.21 (alternatively, v0.31.21-without-netgo)

Do not delete the data folder

The v0.31.21 release addresses the CVE: cve-website for the HTTP/2 protocol. This release includes changes to the gRPC server to address the vulnerability on the Access, Collection, and Execution nodes.

Due to Go standard library dependencies, the REST & gRPC-web servers on Access Nodes cannot be patched at this time. Hence, if you are running an access node, we additionally recommend that you leverage an up-to-date proxy to protect the REST & gRPC-web servers from this vulnerability.

We will have a fully patched solution in the upcoming network upgrade (spork) on November 8th.

Thank you,
Flow Foundation

Topic	Replies	Views
Access and Execution node operator upgrade to v0.33.14 Node Operations	186	April 2, 2024
[Action needed] Access node operator please upgrade to v0.29.7 Node Operations	331	January 25, 2023
Please upgrade your Access, Collection and Consensus Flow node(s) to docker tag v0.33.7 Node Operations	259	February 7, 2024
[Action needed] Collection node operators please upgrade to v0.33.36 Node Operations	129	June 19, 2024
Access Node ACTION REQUIRED: Upgrade to v0.24.4-an-grpc-fix Node Operations	411	February 11, 2022

Access, Collection and Execution node operators please upgrade to v0.31.21

Related topics