GOSSIP USERS - SECURITY ALERT: There is no 0.5.3 release of gossip. If you installed a package with version 0.5.3, you might have just been hacked by someone. The official releases are on github and nowhere else. I will follow up this alert (by replying to it) with additional information as it becomes available.
NOTE: If you compiled from source and the version says 0.5.3-unstable, this is fine. That is not a 0.5.3 release, that is the tag for commits in-between release 0.5.2 and 0.5.3. Compiled code is always much safer than a package.
Mike Dilger /
npub1ac…9p35c
2023-03-26 17:46:24
Author Public Key
npub1acg6thl5psv62405rljzkj8spesceyfz2c32udakc2ak0dmvfeyse9p35cPublished at
2023-03-26 17:46:24Event JSON
{
"id": "0000d724f10ef09f11fafdcfd41a6a90e594f83b75bdb639ffd5961389d7e004",
"pubkey": "ee11a5dff40c19a555f41fe42b48f00e618c91225622ae37b6c2bb67b76c4e49",
"created_at": 1679852784,
"kind": 1,
"tags": [
[
"client",
"gossip"
],
[
"nonce",
"6148914691236520145",
"16"
]
],
"content": "GOSSIP USERS - SECURITY ALERT: There is no 0.5.3 release of gossip. If you installed a package with version 0.5.3, you might have just been hacked by someone. The official releases are on github and nowhere else. I will follow up this alert (by replying to it) with additional information as it becomes available. \n\nNOTE: If you compiled from source and the version says 0.5.3-unstable, this is fine. That is not a 0.5.3 release, that is the tag for commits in-between release 0.5.2 and 0.5.3. Compiled code is always much safer than a package.\n",
"sig": "f1b32b0cbe28f946fc93dfc248a2e9e4a761d84891aec5858c57e3c349b689a2e85824d20eea53dd56673d329467b09291fbf5536163f81a013a1593ff0df5b5"
}