Looking for Parity Ethereum client? Get it here.

New Parity Ethereum update fixes several vulnerabilities

Image Parity Technologies
Powering the decentralised web
February 13, 2019 in Parity Ethereum, Releases, Security

Update 15/2/2019: It has come to our attention that the scope of the fixed Parity Ethereum vulnerability is wider than we originally thought, and it could be exploited from a regular node-to-node connection without RPC access. While the previously released 2.2.10-stable and 2.3.3-beta protect against this wider scope, the wider scope means that everyone who runs Parity Ethereum, not just those who serve JSON-RPC publicly, should update as soon as possible. Download the update here.

The 2.2.10-stable and 2.3.3-beta releases protect Parity Ethereum nodes from potentially being able to be crashed by a targeted attack. Thanks everyone for updating and keeping the network protected.

Thanks to the security researchers from SRLabs for their vigilance.

Original post:

Last week we released a Parity Ethereum update that protects nodes from being crashed by a specially-crafted RPC request. Since then we, in collaboration with external researchers, have been carefully exploring any potential for similar issues.

Today we released a new update that is the result of that research, 2.2.10-stable and 2.3.3-beta, which fixes many similar RPC attack vectors. Download the update here.

As with the previous update, only Parity Ethereum nodes that serve JSON-RPC as a public service should be affected. The default setting for Parity Ethereum nodes is to not serve JSON-RPC, but nonetheless we encourage everyone running Parity Ethereum nodes to update.

If you’re a security researcher and want to contribute to the safety and security of the Parity codebase, please see our Bug Bounty program.

Want to build the future of the web? We're hiring

More recent stories

October 02, 2019

Parity Signer v3.0 Beta is here!

Read More
September 16, 2019

Preparing for Istanbul: New Parity Ethereum release

Read More

Join the discussion: