-
Notifications
You must be signed in to change notification settings - Fork 0
/
RELEASE-NOTES
1713 lines (1465 loc) · 74.7 KB
/
RELEASE-NOTES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# Release 4.3.0 - (August 5, 2022)
* This version introduces a set of UI modifications that simplify the
use of Lightning. The idea is to abstract payments from the payment
layer, and to suggest solutions when a lightning payment is hindered
by liquidity issues.
- Invoice unification: on-chain and lightning invoices have been
merged into a unique type of invoice, and the GUI has a single
'create request' button. Unified invoices contain both a
lightning invoice and an onchain fallback address.
- The receive tab of the GUI can display, for each payment
request, a lightning invoice, a BIP21 URI, or an onchain
address. If the request is paid off-chain, the associated
on-chain address will be recycled in subsequent requests.
- The receive tab displays whether a payment can be received using
Lightning, given the current channel liquidity. If a payment
cannot be received, but may be received after a channel
rebalance or a submarine swap, the GUI will propose such an
operation.
- Similarly, if channels do not have enough liquidity to pay a
lightning invoice, the GUI will suggest available alternatives:
rebalance existing channels, open a new channel, perform a
submarine swap, or pay to the provided onchain fallback address.
- A single balance is shown in the GUI. A piechart reflects how
that balance is distributed (on-chain, lightning, unconfirmed,
frozen, etc).
- The semantics of the wallet balance has been modified: only
incoming transactions are considered in the 'unconfirmed' part
of the balance. Indeed, if an outgoing transaction does not get
mined, that is not going to decrease the wallet balance. Thus,
change outputs of outgoing transactions are not subtracted from
the confirmed balance. (Before this change, the arithmetic
values of both incoming and outgoing transactions were added to
the unconfirmed balance, and could potentially cancel
eachother.)
* In addition, the following new features are woth noting:
- support for the Blockstream Jade hardware wallet (#7633)
- support for LNURL-pay (LUD-06) (#7839)
- updated trampoline feature bit in invoices (#7801)
- the claim transactions of reverse swaps are not broadcast until
the parent transaction is confirmed. This can be overriden by
manually broadcasting the locakl transaction.
- the fee of submarine swap transactions can be bumped (#7724)
- better error handling for trampoline payments, which should
improve payment success rate (#7844)
- channel backups are removed automatically when the corresponding
channel is redeemed (#7513)
# Release 4.2.2 - (May 27, 2022)
* Lightning:
- watching onchain outputs: significant perf. improvements (#7781)
- enforce relative order of some msgs during chan reestablishment,
lack of which can lead to unwanted force-closures (#7830)
- fix: in case of a force-close containing incoming HTLCs, we were
redeeming all HTLCs that we know the preimage for. This might
publish the preimage of an incomplete MPP. (1a5ef554, e74e9d8e)
* Hardware wallets:
- smarter pairing during sign_transaction (238619f1)
- keepkey: fix pairing with device using a workaround (#7779)
* fix AppImage failing to run on certain systems (#7784)
* fix "Automated BIP39 recovery" not scanning change paths (#7804)
* bypass network proxy for localhost electrum server (#3126)
* security fix: remove support of "file://" URIs from BIP70 payment
requests, which could be used to trigger "open()" on arbitrary files
(see https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355)
# Release 4.2.1 - (March 26, 2022)
* Binaries:
- Windows: we are dropping support for Windows 7. (#7728)
Version 4.2.0 already unintentionally broke compatibility with
Win7 and there is no easy way to restore and maintain support.
Existing users can keep using version 4.1.5 for now, but should
consider upgrading or changing their OS.
Win8.1 still works but only Win10 is regularly tested.
- bump bundled Python version (win, mac, appimage) to 3.9.11,
(android) to 3.8.13 (1bb7ef92, #7721)
(note these include a fix to an openssl DOS-vector CVE-2022-0778)
- windows: bump pyinstaller to 4.10 and wine to 7.0 (#7721)
* Kivy GUI:
- fix "Child Pays For Parent" not working on Android (#7723)
- revert to defaulting the UI language to English (25fee6a6)
* Qt GUI:
- macOS: fix opening "Preferences" segfaulting for some (#7725)
- more resilient startup: better error-handling and fallback (#7447)
* Library:
- fix LN error/warning message-handling, and fix regression that
errors during channel-open were not properly shown in GUI (a92dede4)
- during LN chan open, do not backup wallet automatically (#7733)
- Imported wallets: fix delete_address rm-ing too many txs (#7587)
- fix potential deadlock in wallet.py (d3476b6b)
* Hardware wallets:
- ledger: add progress indicator to sign_transaction (#7516)
* fix the "--portable" flag for AppImage, and for pip installs (#7732)
# Release 4.2.0 - (March 16, 2022)
* The minimum python version was increased to 3.8 (#7661)
* Lightning:
- redesigned MPP splitting algorithm (#7202)
- trampoline: implement multi-trampoline MPP (#7623)
- implement option_shutdown_anysegwit, and allow dust limits
below 546 sat (#7542)
- implement option_channel_type (#7636)
- implement modern closing negotiation (#7586, #7680)
* improve support for "lightning:" URIs on all platforms (#7301)
* Qt GUI:
- add setting "show amounts with msat precision" (5891e039)
- add setting "add thousand separators to bitcoin amounts" (#7427)
* CLI/RPC:
- implement Unix sockets and make them the default (#7545, #7566)
- add "bumpfee" command (#7438)
* Kivy GUI:
- show network setup on first start before wallet creation (#7464)
- add "Child Pays For Parent" option (#7487)
- improved locale handling (22bb52d5, 7cb11ced, 4293d6ec)
* Hardware wallets:
- trezor: bump trezorlib to 0.13 (#7590)
- bitbox02: bump bitbox02 to 6.0, support send-to-taproot (#7693)
- ledger: support "Ledger Nano S Plus" (#7692)
* Library:
- added support for sighash types beside "ALL" (#7453)
- signmessage: also accept Trezor-type sigs for segwit addrs (#7668)
- network: make request timeout configurable (#7696)
- paytomany (onchain txout batching) now allows multiple max("!")
amounts with specified weights (#7492)
* Binary builds
- AppImage: changed base image from ubuntu 16.04 to 18.04 (5d0aa63a)
* migrated from Travis CI to Cirrus CI (#7431)
* Lots of other minor bugfixes and usability improvements.
# Release 4.1.5 - (July 19, 2021)
* Builds/binaries:
- macOS: the .dmg binary should now be reproducible
* Kivy/Android: fix paying bip70 invoices (regression) (90579ccf)
* fix: payment requests not saved if process is killed (6a049d99)
* Lightning: improve payment success when using trampoline (3a7f5373)
* add support for signet test network (#7282)
* Qt GUI:
- allow restoring from SLIP39 seeds (#6917)
- rework QR code scanning on Windows and macOS (#7365)
- support smaller window sizes, decrease minimums (#7385)
* GUIs: add "funded or unused" filter option to Addresses tab (#5823)
# Release 4.1.4 - (June 17, 2021)
* Kivy/Android: fix a regression where a non-LN wallet
could not open the settings (c49d6995)
* CLI/RPC: fix "close_wallet" command (#7348)
# Release 4.1.3 - (June 16, 2021)
* Builds/binaries:
- Android: the binaries (APKs) should now be reproducible (#7263)
- AppImage: fix some startup issues by including libxcb deps (#7198)
* Lightning:
- smarter LN pathfinding (if trampoline is disabled):
- estimate liquidity in channels using previous attempts (#7152)
- consider inflight HTLCs and try to route around them (#7292)
- bugfix: add more safety checks to avoid "batch RBF" feature
merging LN funding txs (#7298)
- remove HTLC value upper limit of ~42 mBTC (#7328)
- Kivy GUI: implement freezing LN channels (11bb39ee)
* imported wallets: when enabling the "Use change addresses" option,
change will now be sent to a random unused imported address. (#7330)
As before, by default, change is sent back to the "from address".
* seed generation: make sure newly created electrum seeds don't have
correct bip39 checksum by chance (#6001)
* other minor fixes
# Release 4.1.2 - (April 8, 2021)
* Qt GUI:
- fix some crashes when exiting (#6889)
- make sure pressing Ctrl-C always quits (c41cd4ae)
* Kivy GUI (Android):
- fix bug with scrollbar, again (#7155)
- 2fa wallets: fix making transactions (#7190)
- implement freezing addresses (#7178)
* Android: use more modern application launcher/icon (#7187)
# Release 4.1.1 - (April 2, 2021)
* fix Qt crash with the swap dialog
* fix Kivy bug with scrollbar (#7155)
* fix localization issues (#7158 #4621)
* fix python crash with swaps (#7160)
* other minor fixes
# Release 4.1.0 - Kangaroo (March 30, 2021)
This version is our second major release with support for the
Lightning Network. While our initial Lightning release was mostly
about implementing the protocol, this release brings features that are
specifically aimed at keeping Electrum lightweight and trustless,
while avoiding single points of failure. Most of the features listed
below are user-visible.
* The wallet creation wizard no longer asks for a seed type, and
creates segwit wallets with bech32 addresses. Older seed types can
still be created with the command line.
* Paid invoices (both incoming and outgoing) are automatically
removed from the send/receive lists of the GUI (one confirmation is
needed for onchain invoices). Once removed from the list, invoice
details can still be accessed from the transaction history. In Qt,
invoice lists have been renamed to 'Sending queue' and 'Receiving
queue'.
* Lightning:
- recoverable channels (see below)
- trampoline payments (see below)
- support multi-part-payment
- support upfront-shutdown-script
* Recoverable channels (option):
- Recovery data is added to the channel funding transaction using
an OP_RETURN. This makes it possible to recover a static backup
of the channel from the wallet seed. Please note that static
backups only allow users to request a force-close of the channel
with the remote node, so that funds not locked in HTLCs can be
recovered. This assumes that the remote node is still online, did
not lose its data, and accepts to force close the channel.
- This option is only available for standard wallets with an
Electrum seed. It is not available for hardware wallets, because
it requires a deterministic derivation of the nodeID. It is also
not available in watching-only wallets, for the same reason. If a
wallet can have recoverable channels but has an old nodeID, users
who want to use that feature need to close all their existing
channels, and to restore their wallet from seed.
- Channel recovery data uses 20 bytes (16 bytes of the remote
NodeID plus 4 magic bytes) and is encrypted so that only the
wallet that owns it can decrypt it. However, blockchain analysis
will be able to tell that the transaction was probably created by
Electrum.
- If the 'use recoverable channels' option is enabled, other nodes
cannot open a channel to Electrum.
- If a channel is force-closed, the information in the on-chain
backup is not sufficient to retrieve the funds in the to_local
output, in case the wallet is lost in a boating accident before
expiration of the CSV delay. For that reason, an additional
backup is presented to the user if they force-close a channel.
* Trampoline routing (option): Trampoline is a solution that allows
light clients to delegate path-finding on the Lightning Network, so
that they do not have to download the entire network
graph. Trampoline routing was originally proposed by Bastien
Teinturier and is used in the Phoenix wallet. Here is how
Trampoline works in Electrum:
- Trampoline is enabled by default, in order to prevent unwanted
download of the network gossip. If trampoline is disabled, the
gossip will be downloaded, regardless of the existence of
channels.
- Because there is no discovery mechanism for trampoline nodes, the
list of available trampolines is hardcoded in the client (it will
remain so until support for trampoline routing is announced in
gossip). 3 trampoline nodes are currently available on mainnet:
ACINQ, Electrum and Hodlister.
- If Trampoline is enabled:
- payments use trampoline routing.
- gossip is disabled.
- the wallet can only open channels with trampoline nodes.
- pre-existing channels with non-trampoline nodes are frozen for
sending.
- There are two types of trampoline payments: legacy and trampoline
end-to-end. Legacy payments are possible with any receiver, but
they offer less privacy than end-to-end trampoline
payments. Electrum decides whether to perform legacy or
end-to-end based on the features in the invoice:
- OPTION_TRAMPOLINE_ROUTING_OPT (bit 25) for Electrum
- OPTION_TRAMPOLINE_ROUTING_OPT_ECLAIR (bit 51) for Eclair/Phoenix
- When performing a legacy payment, Electrum will add a second
trampoline node to the route in order to protect the privacy of
the payer and payee. It will fall back to a single trampoline if
the two-trampoline strategy has failed for all trampolines.
(Note: two-trampoline payments are currently not possible if the
first trampoline is the ACINQ node, and is disabled for that
node.)
- Similar to Phoenix, the fee and CLTV delay are found by
trial-and-error. If there is a second trampoline in the route, we
use the same fee/CLTV for both. This trial-and-error is
temporary; the final specification should add fee information in
the failure messages, so that we will be able to better fine-tune
trampoline fees.
* Qt: The increase fee dialog now has advanced options, and offers
the choice between different RBF strategies.
* Watchtowers: The 'use_local_watchtower' feature is deprecated, and
it has been removed from the Qt GUI. The 'use_remote_watchtower'
setting has been renamed to 'use_watchtower'.
* Password unification (Android only): When the Android app is
started, the entered password is checked against all wallets in
the directory. If the test passes:
- all wallets are encrypted
- new wallets will use the unified password
- password updates are performed on all wallets
Whether the password is unified can be seen in the GUI: In the
'Settings' dialog, the description for the password setting is
'Change password for this wallet' if the password is not unified,
and becomes 'Change password' if password is unified.
* Submarine swaps are now available on kivy/android.
* Android PIN reset: If the password is unified, the PIN can be reset
by providing the password.
* Android: on-chain fees have been removed from the settings
dialog. Instead, the fee slider is shown to the user everytime an
on-chain transaction will be performed (sending a payment, opening
a channel, initiating a submarine swap)
* BIP-0350: use bech32m for witness version 1+ addresses (4315fa43).
We have supported sending to any witness version since Electrum
3.0, using BIP-0173 (bech32) addresses. BIP-0350 makes a breaking
change in address encoding, and recommends using a new encoding
(bech32m) for sending to witness version 1 and later.
* Block explorer: allow setting a custom URL in Qt GUI (#6965)
# Release 4.0.9 - (Dec 18, 2020)
* fixes a regression introduced in 4.0.8, that prevents from
paying BIP70 invoices (#6859)
* reflect frozen channels and disconnected peers in the displayed
'can send/can receive' amounts.
# Release 4.0.8 - (Dec 17, 2020)
* fix decoding BIP21 URIs with uppercase schema (d40bedb2)
* psbt: put full derivation paths into PSBT by default (c8155129)
* invoices: allow address-reuse (#6609, #6852)
* A few other minor bugfixes.
# Release 4.0.7 - (Dec 9, 2020)
* kivy: fix open channel with 'max' amount
* kivy: fix regression introduced in last release (a9fc440)
* other minor GUI fixes
* Dependencies: as part of adapting to new dnspython (#6828),
- python-ecdsa is no longer needed at all,
- cryptography is now required (min 2.6), the user can no
longer choose between cryptography and pycryptodomex
# Release 4.0.6 - (Dec 4, 2020)
* Fix 'Max' button issue for submarine swaps button (#6770)
* Fix 'Max' button in kivy (#6169)
* Various fixes for Kivy/Android install wizard
* More robust account keypath for BitBox02 (#6766)
# Release 4.0.5 - (Nov 18, 2020)
* Fix .dmg binary hanging on recently released macOS 11 Big Sur (#6461)
* Lightning:
- bugfix: during LN channel opening, if the client crashed at the
wrong moment, the channel might not get fully persisted to disk,
and would need manual console-tinkering to recover (#6656)
- Lightning is enabled by default. Electrum will not connect to
the Lightning Network until the user opens a channel. (#6639)
- smarter node recommendation (to open channels with) (#6705)
* user interface: some minor changes that aim to improve usability
* Ledger:
- fix enumerating devices with new bitcoin app (1.5.1) (b78cbcff)
- fix compat with HW.1 (200f547a)
* A few other minor bugfixes.
# Release 4.0.4 - (Oct 15, 2020)
* PSBT: fix regression in 4.0.3 where UTXO data was not included in
QR codes (#6600)
* new feature: "Cancel tx" (#6641). The Qt/kivy GUI allows cancelling
an unconfirmed RBF tx by double-spending its inputs to self.
* Windows binary:
- fix some issues with QR scanning by building zbar ourselves (#6593)
- when using setup exe, also install a debug binary (#6603)
* Ledger: fix "The derivation path is unusual" warnings (#6512)
(needs Bitcoin app 1.4.8+ installed on device)
* A few other minor bugfixes and usability improvements.
# Release 4.0.3 - (Sep 11, 2020)
* PSBT: restore compatibility with Bitcoin Core following CVE-2020-14199:
we now allow a PSBT input to have both UTXO and WITNESS_UTXO (#6429).
(PSBTs created since 4.0.1 already contained UTXO for segwit inputs)
* Hardware wallets:
- bitbox02: better multisig UX: implement get_soft_device_id (#6386)
- coldcard: fix "show address" for multisig (#6517)
- all: run all device communication on a dedicated thread (#6561).
This should resolve some threading issues.
* new feature: "Automated BIP39 recovery" (#6219, #6155)
When restoring from a BIP39 seed, add option to scan many known
derivation paths for history, and show them to user to choose from.
* show derivation path of keystores in Qt GUI Wallet>Information (#4700)
* fix "signtransaction" RPC command (#6502)
* Dependencies: pyaes is no longer needed (#6563)
* The tar.gz source dist now bundles make_libsecp256k1.sh, to help
users getting libsecp256k1 (#6323).
* A few other minor bugfixes and usability improvements.
# Release 4.0.2 - (July 8, 2020)
- rm old corrupted non-bip70 invoices (#6345)
- other minor fixes
# Release 4.0.1 - (July 3, 2020)
* Lightning Network support (experimental)
- Our implementation of Lightning relies on Electrum servers to
query channel states. Since servers can lie about the state of a
channel, users should either use a server that they trust, or
setup a private watchtower (see below). A watchtower is also
recommended for lightning wallets that remain offline for
extended periods of time (the default CSV 'to_self_delay' is 1
week). Please note that Electrum Personal Server (EPS) cannot be
used with lightning wallets, because channels funding addresses
are arbitrary.
- Lightning funds cannot be restored from seed. Instead, users need
to create static backups of their channels. Static backups cannot
be used to perform lightning transactions, they can only be used
to trigger a remote-force-close of a channel.
- Lightning-enabled wallet files must not be copied. Instead, a
backup of the wallet can be created from the Qt menu, and it will
contain static backups of all its channels. Backups can also be
exported for each channel (e.g. via QR code), and imported in
another wallet. Since backups are encrypted with a key derived
from the wallet's xpub, they can only be imported into another
instance of the same wallet, or a watch-only version of it. The
force-close is not triggered automatically when the backup is
imported; imported backups can live inside a wallet file.
- Lightning can be enabled in the GUI (Wallet>Information) or from
the CLI (init_lightning). Lightning is currently restricted to HD
p2wpkh wallets (including watch-only and hardware wallets). The
Qt GUI, CLI/RPC, and the kivy GUI (Android) all have LN support,
with feature-richness in that order.
- LN protocol details: dataloss_protect and static_remotekey are
required; varonion and payment_secret are implemented, MPP not yet.
Channels are not announced ('private'), forwarding is disabled.
We do not serve gossip queries, only consume them.
- Submarine swaps: the GUI integrates a service that offers
atomically exchanging on-chain and lightning bitcoins for a fee.
Electrum Technologies runs a central server for this, powered by
the Boltz backend.
- Watchtowers: Electrum can run a local watchtower (GUI setting),
or it can connect to a remote watchtower. A watchtower contains
pre-signed transactions and does not need your private keys. A
local watchtower will watch your channels whenever an Electrum
instance is running, without needing access to your wallet file.
An Electrum daemon can be configured to be used as a remote
watchtower by setting 'watchtower_address', 'watchtower_user' and
'watchtower_password'.
* Partially Signed Bitcoin Transactions (PSBT, BIP-174) are supported
(#5721). The previous Electrum partial transaction format is no
longer supported, i.e. this is an incompatible change. Users should
make sure that all instances of Electrum they use to co-sign or
offline sign, are updated together.
* Hardware wallets: several fixes in general; notable changes:
- The BitBox02 is now supported (#5993)
- Multisig support for Coldcard (#5440)
- Compatibility with latest Trezor fw (#6064, #6198, #5692)
* Dependencies (see README for install instructions):
- libsecp256k1 is now required (previously optional). python-ecdsa
remains a dependency but it is now only used for DNSSEC.
- Added: either one of pycryptodomex or cryptography is now required,
mainly due to LN (previously pycryptodomex was optional, for fast AES)
- Removed: jsonrpclib-pelix, the JSON-RPC library used for CLI/daemon
* Qt GUI: several changes, notably:
- Separation between output selection and transaction finalization.
- Coin selection moved to the Coins tab, and it affects all txns,
e.g. RBF fee-bumping, LN channel opens, submarine swaps.
- Editable tx preview dialog that allows e.g. changing the locktime,
toggling RBF, and manual coinjoins.
* HTTP PayServer: The configuration of a bitcoin-accepting website
using Electrum has been simplified and requires fewer steps (see
documentation). The Payserver supports BIP70 and Lightning payments.
* Android:
- We now build two APKs, one for ARMv7 and one for ARMv8
- The kivy GUI now supports importing BIP39 seeds
- Each wallet on kivy now can have a separate generic password,
using which the wallet files are encrypted. An optional PIN,
shared among all wallets, can be added to get prompted for spends.
* The API of several CLI/RPC commands have changed, and several new
commands have been introduced (mainly for LN).
* Distributables:
- The .tar.gz source dist is now built reproducibly.
Relatedly, we no longer distribute a .zip sdist.
- The MacOS binary now conforms to macOS 10.15; it is notarized
by Apple. This required bumping the min macOS version to 10.13.
Startup times should now be faster on 10.15. (#6128, #6225)
* Transactions:
- we now grind low R for ECDSA signatures to match bitcoind (#5820)
* Lots and lots of other minor bugfixes and improvements.
# Release 3.3.8 - (July 11, 2019)
* fix some bugs with recent bump fee (RBF) improvements (#5483, #5502)
* fix #5491: watch-only wallets could not bump fee in some cases
* appimage: URLs could not be opened on some desktop environments (#5425)
* faster tx signing for segwit inputs for really large txns (#5494)
* A few other minor bugfixes and usability improvements.
# Release 3.3.7 - (July 3, 2019)
* The AppImage Linux x86_64 binary and the Windows setup.exe
(so now all Windows binaries) are now built reproducibly.
* Bump fee (RBF) improvements:
Implemented a new fee-bump strategy that can add new inputs,
so now any tx can be fee-bumped (d0a4366). The old strategy
was to decrease the value of outputs (starting with change).
We will now try the new strategy first, and only use the old
as a fallback (needed e.g. when spending "Max").
* CoinChooser improvements:
- more likely to construct txs without change (when possible)
- less likely to construct txs with really small change (e864fa5)
- will now only spend negative effective value coins when
beneficial for privacy (cb69aa8)
* fix long-standing bug that broke wallets with >65k addresses (#5366)
* Windows binaries: we now build the PyInstaller boot loader ourselves,
as this seems to reduce anti-virus false positives (1d0f679)
* Android: (fix) BIP70 payment requests could not be paid (#5376)
* Android: allow copy-pasting partial transactions from/to clipboard
* Fix a performance regression for large wallets (c6a54f0)
* Qt: fix some high DPI issues related to text fields (37809be)
* Trezor:
- allow bypassing "too old firmware" error (#5391)
- use only the Bridge to scan devices if it is available (#5420)
* hw wallets: (known issue) on Win10-1903, some hw devices
(that also have U2F functionality) can only be detected with
Administrator privileges. (see #5420 and #5437)
A workaround is to run as Admin, or for Trezor to install the Bridge.
* Several other minor bugfixes and usability improvements.
# Release 3.3.6 - (May 16, 2019)
* qt: fix crash during 2FA wallet creation (#5334)
* fix synchronizer not to keep resubscribing to addresses of
already closed wallets (e415c0d9)
* fix removing addresses/keys from imported wallets (#4481)
* kivy: fix crash when aborting 2FA wallet creation (#5333)
* kivy: fix rare crash when changing exchange rate settings (#5329)
* A few other minor bugfixes and usability improvements.
# Release 3.3.5 - (May 9, 2019)
* The logging system has been overhauled (#5296).
Logs can now also optionally be written to disk, disabled by default.
* Fix a bug in synchronizer (#5122) where client could get stuck.
Also, show the progress of history sync in the GUI. (#5319)
* fix Revealer in Windows and MacOS binaries (#5027)
* fiat rate providers:
- added CoinGecko.com and CoinCap.io
- BitcoinAverage now only provides historical exchange rates for
paying customers. Changed default provider to CoinGecko.com (#5188)
* hardware wallets:
- Ledger: Nano X is now recognized (#5140)
- KeepKey:
- device was not getting detected using Windows binary (#5165)
- support firmware 6.0.0+ (#5205)
- Trezor: implemented "seedless" mode (#5118)
* Coin Control in Qt: implemented freezing individual UTXOs
in addition to freezing addresses (#5152)
* TrustedCoin (2FA wallets):
- better error messages (#5184)
- longer signing timeout (#5221)
* Kivy:
- fix bug with local transactions (#5156)
- allow selecting fiat rate providers without historical data (#5162)
* fix CPFP: the fees already paid by the parent were not included in
the calculation, so it always overestimated (#5244)
* Testnet: there is now a warning when the client is started in
testnet mode as there were a number of reports of users getting
scammed through social engineering (#5295)
* CoinChooser: performance of creating transactions has been improved
significantly for large wallets. (d56917f4)
* Importing/sweeping WIF keys: stricter checks (#4638, #5290)
* Electrum protocol: the client's "user agent" has been changed from
"3.3.5" to "electrum/3.3.5". Other libraries connecting to servers
can consider not "spoofing" to be Electrum. (#5246)
* Several other minor bugfixes and usability improvements.
# Release 3.3.4 - (February 13, 2019)
* AppImage: we now also distribute self-contained binaries for x86_64
Linux in the form of an AppImage (#5042). The Python interpreter,
PyQt5, libsecp256k1, PyCryptodomex, zbar, hidapi/libusb (including
hardware wallet libraries) are all bundled. Note that users of
hw wallets still need to set udev rules themselves.
* hw wallets: fix a regression during transaction signing that prompts
the user too many times for confirmations (commit 2729909)
* transactions now set nVersion to 2, to mimic Bitcoin Core
* fix Qt bug that made all hw wallets unusable on Windows 8.1 (#4960)
* fix bugs in wallet creation wizard that resulted in corrupted
wallets being created in rare cases (#5082, #5057)
* fix compatibility with Qt 5.12 (#5109)
# Release 3.3.3 - (January 25, 2019)
* Do not expose users to server error messages (#4968)
* Notify users of new releases. Release announcements must be signed,
and they are verified byElectrum using a hardcoded Bitcoin address.
* Hardware wallet fixes (#4991, #4993, #5006)
* Display only QR code in QRcode Window
* Fixed code signing on MacOS
* Randomise locktime of transactions
# Release 3.3.2 - (December 21, 2018)
* Fix Qt history export bug
* Improve network timeouts
* Prepend server transaction_broadcast error messages with
explanatory message. Render error messages as plain text.
# Release 3.3.1 - (December 20, 2018)
* Qt: Fix invoices tab crash (#4941)
* Android: Minor GUI improvements
# Release 3.3.0 - Hodler's Edition (December 19, 2018)
* The network layer has been rewritten using asyncio and aiorpcx.
In addition to easier maintenance, this makes the client
more robust against misbehaving servers.
* The minimum python version was increased to 3.6
* The blockchain headers and fork handling logic has been generalized.
Clients by default now follow chain based on most work, not length.
* New wallet creation defaults to native segwit (bech32).
* Segwit 2FA: TrustedCoin now supports native segwit p2wsh
two-factor wallets.
* RBF batching (opt-in): If the wallet has an unconfirmed RBF
transaction, new payments will be added to that transaction,
instead of creating new transactions.
* MacOS: support QR code scanner in binaries.
* Android APK:
- build using Google NDK instead of Crystax NDK
- target API 28
- do not use external storage (previously for block headers)
* hardware wallets:
- Coldcard now supports spending from p2wpkh-p2sh,
fixed p2pkh signing for fw 1.1.0
- Archos Safe-T mini: fix #4726 signing issue
- KeepKey: full segwit support
- Trezor: refactoring and compat with python-trezor 0.11
- Digital BitBox: support firmware v5.0.0
* fix bitcoin URI handling when app already running (#4796)
* Qt listings rewritten:
the History tab now uses QAbstractItemModel, the other tabs use
QStandardItemModel. Performance should be better for large wallets.
* Several other minor bugfixes and usability improvements.
# Release 3.2.4 - (December 30, 2018)
* backport anti-phishing measures from master
# Release 3.2.3 - (September 3, 2018)
* hardware wallet: the Safe-T mini from Archos is now supported.
* hardware wallet: the Coldcard from Coinkite is now supported.
* BIP39 seeds: if a seed extension (aka passphrase) contained
multiple consecutive whitespaces or leading/trailing whitespaces
then the derived addresses were not following spec. This has been
fixed, and affected should move their coins. The wizard will show a
warning in this case. (#4566)
* Revealer: the PRNG used has been changed (#4649)
* fix Linux distributables: 'typing' was not bundled, needed for python 3.4
* fix #4626: fix spending from segwit multisig wallets involving a Trezor
cosigner when using a custom derivation path
* fix #4491: on Android, if user had set "uBTC" as base unit, app crashed
* fix #4497: on Android, paying bip70 invoices from cold start did not work
* Several other minor bugfixes and usability improvements.
# Release 3.2.2 - (July 2nd, 2018)
* Fix DNS resolution on Windows
* Fix websocket bug in daemon
# Release 3.2.1 - (July 1st, 2018)
* fix Windows binaries: due to build process changes, the locale files
were not included; the language could not be changed from English
* fix Linux distributables: wordlists were not included (#4475)
# Release 3.2.0 - Satoshi's Vision (June 30, 2018)
* If present, libsecp256k1 is used to speed up elliptic curve
operations. The library is bundled in the Windows, MacOS, and
Android binaries. On Linux, it needs to be installed separately.
* Two-factor authentication is available on Android. Note that this
will only provide additional security if one time passwords are
generated on a separate device.
* Semi-automated crash reporting is implemented for Android.
* Transactions that are dropped from the mempool are kept in the
wallet as 'local', and can be rebroadcast. Previously these
transactions were deleted from the wallet.
* The scriptSig and witness part of transaction inputs are no longer
parsed, unless actually needed. The wallet will no longer display
'from' addresses corresponding to transaction inputs, except for
its own inputs.
* The partial transaction format has been incompatibly changed. This
was needed as for partial transactions the scriptSig/witness has to
be parsed, but for signed transactions we did not want to do the
parsing. Users should make sure that all instances of Electrum
they use to co-sign or offline sign, are updated together.
* Signing of partial transactions created with online imported
addresses wallets now supports significantly more
setups. Previously only online p2pkh address + offline WIF was
supported. Now the following setups are all supported:
- online {p2pkh, p2wpkh-p2sh, p2wpkh} address + offline WIF,
- online {p2pkh, p2wpkh-p2sh, p2wpkh} address + offline seed/xprv,
- online {p2sh, p2wsh-p2sh, p2wsh}-multisig address + offline seeds/xprvs
(potentially distributed among several different machines)
Note that for the online address + offline HD secret case, you need
the offline wallet to recognize the address (i.e. within gap
limit). Having an xpub on the online machine is still the
recommended setup, as this allows the online machine to generate
new addresses on demand.
* Segwit multisig for bip39 and hardware wallets is now enabled.
(both p2wsh-p2sh and native p2wsh)
* Ledger: offline signing for segwit inputs (#3302) This has already
worked for Trezor and Digital Bitbox. Offline segwit signing can be
combined with online imported addresses wallets.
* Added Revealer plugin. ( https://revealer.cc ) Revealer is a seed
phrase back-up solution. It allows you to create a cold, analog,
multi-factor backup of your wallet seeds, or of any arbitrary
secret. The Revealer utilizes a transparent plastic visual one time
pad.
* Fractional fee rates: the Qt GUI now displays fee rates with 0.1
sat/byte precision, and also allows this same resolution in the
Send tab.
* Hardware wallets: a "show address" button is now displayed in the
Receive tab of the Qt GUI. (#4316)
* Trezor One: implemented advanced/matrix recovery (#4329)
* Qt/Kivy: added "sat" as optional base unit.
* Kivy GUI: significant performance improvements when displaying
history and address list of large wallets; and transaction dialog
of large transactions.
* Windows: use dnspython to resolve dns instead of socket.getaddrinfo
(#4422)
* Importing minikeys: use uncompressed pubkey instead of compressed
(#4384)
* SPV proofs: check inner nodes not to be valid transactions (#4436)
* Qt GUI: there is now an optional "dark" theme (#4461)
* Several other minor bugfixes and usability improvements.
# Release 3.1.3 - (April 16, 2018)
* Qt GUI: seed word auto-complete during restore
* Android: fix some crashes
* performance improvements (wallet, and Qt GUI)
* hardware wallets: show debug message during device scan
* Digital Bitbox: enabled BIP84 (p2wpkh) wallet creation
* add regtest support (via --regtest flag)
* other minor bugfixes and usability improvements
# Release 3.1.2 - (March 28, 2018)
* Kivy/android: request PIN on startup
* Improve OSX build process
* Fix various bugs with hardware wallets
* Other minor bugfixes
# Release 3.1.1 - (March 12, 2018)
* fix #4031: Trezor T support
* partial fix #4060: proxy and hardware wallet can't be used together
* fix #4039: can't set address labels
* fix crash related to coinbase transactions
* MacOS: use internal graphics card
* fix openalias related crashes
* speed-up capital gains calculations
* hw wallet encryption: re-prompt for passphrase if incorrect
* other minor fixes.
# Release 3.1.0 - (March 5, 2018)
* Memory-pool based fee estimation. Dynamic fees can target a desired
depth in the memory pool. This feature is optional, and ETA-based
estimates from Bitcoin Core are still available. Note that miners
could exploit this feature, if they conspired and filled the memory
pool with expensive transactions that never get mined. However,
since the Electrum client already trusts an Electrum server with
fee estimates, activating this feature does not introduce any new
vulnerability. In addition, the client uses a hard threshold to
protect itself from servers sending excessive fee estimates. In
practice, ETA-based estimates have resulted in sticky fees, and
caused many users to overpay for transactions. Advanced users tend
to visit (and trust) websites that display memory-pool data in
order to set their fees.
* Capital gains: For each outgoing transaction, the difference
between the acquisition and liquidation prices of outgoing coins is
displayed in the wallet history. By default, historical exchange
rates are used to compute acquisition and liquidation prices. These
values can also be entered manually, in order to match the actual
price realized by the user. The order of liquidation of coins is
the natural order defined by the blockchain; this results in
capital gain values that are invariant to changes in the set of
addresses that are in the wallet. Any other ordering strategy (such
as FIFO, LIFO) would result in capital gain values that depend on
the presence of other addresses in the wallet.
* Local transactions: Transactions can be saved in the wallet without
being broadcast. The inputs of local transactions are considered as
spent, and their change outputs can be re-used in subsequent
transactions. This can be combined with cold storage, in order to
create several transactions before broadcasting them. Outgoing
transactions that have been removed from the memory pool are also
saved in the wallet, and can be broadcast again.
* Checkpoints: The initial download of a headers file was replaced
with hardcoded checkpoints. The wallet uses one checkpoint per
retargeting period. The headers for a retargeting period are
downloaded only if transactions need to be verified in this period.
* The 'privacy' and 'priority' coin selection policies have been
merged into one. Previously, the 'privacy' policy has been unusable
because it was was not prioritizing confirmed coins. The new policy
is similar to 'privacy', except that it de-prioritizes addresses
that have unconfirmed coins.
* The 'Send' tab of the Qt GUI displays how transaction fees are
computed from transaction size.
* The wallet history can be filtered by time interval.
* Replace-by-fee is enabled by default. Note that this might cause
some issues with wallets that do not display RBF transactions until
they are confirmed.
* Watching-only wallets and hardware wallets can be encrypted.
* Semi-automated crash reporting
* The SSL checkbox option was removed from the GUI.
* The Trezor T hardware wallet is now supported.
* BIP84: native segwit p2wpkh scripts for bip39 seeds and hardware
wallets can now be created when specifying a BIP84 derivation
path. This is usable with Trezor and Ledger.
* Windows: the binaries now include ZBar, and QR code scanning should work.
* The Wallet Import Format (WIF) for private keys that was extended in 3.0
is changed. Keys in the previous format can be imported, compatibility
is maintained. Newly exported keys will be serialized as
"script_type:original_wif_format_key".
* BIP32 master keys for testnet once again have different version bytes than
on mainnet. For the mainnet prefixes {x,y,Y,z,Z}|{pub,prv}, the
corresponding testnet prefixes are {t,u,U,v,V}|{pub,prv}.
More details and exact version bytes are specified at:
https://github.com/spesmilo/electrum-docs/blob/master/xpub_version_bytes.rst
Note that due to this change, testnet wallet files created with previous
versions of Electrum must be considered broken, and they need to be
recreated from seed words.
* A new version of the Electrum protocol is required by the client
(version 1.2). Servers using older versions of the protocol will
not be displayed in the GUI.
# Release 3.0.6 :
* Fix transaction parsing bug #3788
# Release 3.0.5 : (Security update)
This is a follow-up to the 3.0.4 release, which did not completely fix
issue #3374. Users should upgrade to 3.0.5.
* The JSONRPC interface is password protected
* JSONRPC commands are disabled if the GUI is running, except 'ping',
which is used to determine if a GUI is already running
# Release 3.0.4 : (Security update)
* Fix a vulnerability caused by Cross-Origin Resource Sharing (CORS)
in the JSONRPC interface. Previous versions of Electrum are
vulnerable to port scanning and deanonimization attacks from
malicious websites. Wallets that are not password-protected are
vulnerable to theft.
* Bundle QR scanner with Android app
* Minor bug fixes
# Release 3.0.3
* Qt GUI: sweeping now uses the Send tab, allowing fees to be set
* Windows: if using the installer binary, there is now a separate shortcut
for "Electrum Testnet"
* Digital Bitbox: added support for p2sh-segwit
* OS notifications for incoming transactions
* better transaction size estimation:
- fees for segwit txns were somewhat underestimated (#3347)
- some multisig txns were underestimated
- handle uncompressed pubkeys
* fix #3321: testnet for Windows binaries
* fix #3264: Ledger/dbb signing on some platforms
* fix #3407: KeepKey sending to p2sh output
* other minor fixes and usability improvements
# Release 3.0.2
* Android: replace requests tab with address tab, with access to
private keys
* sweeping minikeys: search for both compressed and uncompressed
pubkeys
* fix wizard crash when attempting to reset Google Authenticator
* fix #3248: fix Ledger+segwit signing
* fix #3262: fix SSL payment request signing
* other minor fixes.
# Release 3.0.1
* minor bug and usability fixes
# Release 3.0 - Uncanny Valley (November 1st, 2017)
* The project was migrated to Python3 and Qt5. Python2 is no longer
supported. If you cloned the source repository, you will need to
run "python3 setup.py install" in order to install the new
dependencies.
* Segwit support:
- Native segwit scripts are supported using a new type of
seed. The version number for segwit seeds is 0x100. The install
wizard will not create segwit seeds by default; users must
opt-in with the segwit option.
- Native segwit scripts are represented using bech32 addresses,
following BIP173. Please note that BIP173 is still in draft
status, and that other wallets/websites may not support
it. Thus, you should keep a non-segwit wallet in order to be
able to receive bitcoins during the transition period. If BIP173
ends up being rejected or substantially modified, your wallet
may have to be restored from seed. This will not affect funds
sent to bech32 addresses, and it will not affect the capacity of
Electrum to spend these funds.
- Segwit scripts embedded in p2sh are supported with hardware
wallets or bip39 seeds. To create a segwit-in-p2sh wallet,
trezor/ledger users will need to enter a BIP49 derivation path.
- The BIP32 master keys of segwit wallets are serialized using new
version numbers. The new version numbers encode the script type,
and they result in the following prefixes:
* xpub/xprv : p2pkh or p2sh
* ypub/yprv : p2wpkh-in-p2sh
* Ypub/Yprv : p2wsh-in-p2sh
* zpub/zprv : p2wpkh
* Zpub/Zprv : p2wsh
These values are identical for mainnet and testnet; tpub/tprv
prefixes are no longer used in testnet wallets.
- The Wallet Import Format (WIF) is similarly extended for segwit
scripts. After a base58-encoded key is decoded to binary, its
first byte encodes the script type:
* 128 + 0: p2pkh
* 128 + 1: p2wpkh
* 128 + 2: p2wpkh-in-p2sh
* 128 + 5: p2sh
* 128 + 6: p2wsh
* 128 + 7: p2wsh-in-p2sh
The distinction between p2sh and p2pkh in private key means that
it is not possible to import a p2sh private key and associate it
to a p2pkh address.
* A new version of the Electrum protocol is required by the client
(version 1.1). Servers using older versions of the protocol will
not be displayed in the GUI.
* By default, transactions are time-locked to the height of the
current block. Other values of locktime may be passed using the
command line.
# Release 2.9.4 (security update)
* Backport security fixes from 3.0.5 after vulnerability was
discovered in JSONRPC interface.
# Release 2.9.3
* fix configuration file issue #2719
* fix ledger signing of non-RBF transactions
* disable 'spend confirmed only' option by default
# Release 2.9.2
* force headers download if headers file is corrupted
* add websocket to windows builds
# Release 2.9.1
* fix initial headers download
* validate contacts on import
* command-line option for locktime
# Release 2.9 - Independence (July 27th, 2017)
* Multiple Chain Validation: Electrum will download and validate
block headers sent by servers that may follow different branches
of a fork in the Bitcoin blockchain. Instead of a linear sequence,
block headers are organized in a tree structure. Branching points
are located efficiently using binary search. The purpose of MCV is
to detect and handle blockchain forks that are invisible to the
classical SPV model.
* The desired branch of a blockchain fork can be selected using the
network dialog. Branches are identified by the hash and height of
the diverging block. Coin splitting is possible using RBF
transaction (a tutorial will be added).
* Multibit support: If the user enters a BIP39 seed (or uses a
hardware wallet), the full derivation path is configurable in the
install wizard.
* Option to send only confirmed coins
* Qt GUI:
- Network dialog uses tabs and gets updated by network events.
- The gui tabs use icons
* Kivy GUI: