Horizon v1.13.0 + SEP-10 (aka the Authentication Protocol) 3.0 for Wallets

29 views
Skip to first unread message

Justin

unread,
Dec 14, 2020, 4:26:35 PM12/14/20
to Stellar Developers
Hello Developers,

Today, we released Horizon v1.13.0.  Download it and read the full release notes here:
https://github.com/stellar/go/releases/tag/horizon-v1.13.0

This version has some performance improvements, and continues to lay the groundwork for the leaner "captive core" version of Horizon, which will make running Stellar infrastructure a lot easier, and should be production-ready in the not-too-distant future.  As always, we urge you to do the smart thing and keep your software up to date!  

Note: if you upgrade to this version from a < v1.10.0 version of Horizon, it will trigger state rebuild. During this process (which can take several minutes) Horizon will not ingest new ledgers.  Stay calm!

Also, an important note for those of you who have wallets with client-side SEP-10 implementations: please upgrade your SDKs (and their usage) to support SEP-10 3.0.  All the main Stellar SDKs have been upgraded, so this should be a pretty easy thing to do at this point.  You can find links to them here:
https://developers.stellar.org/docs/software-and-sdks/#sdks

SEP-10 3.0 adds an important security check: it verifies that an anchor's TOML home domain is specified within the challenge transaction’s first Manage Data operation.

As you may recall, we made a similar announcement Nov. 18th, but quickly realized some anchors had not upgraded to SEP-10 2.0, the oldest version still compatible with SEP-10 3.0. For the last few weeks we’ve worked directly with these anchors to get them upgraded.  They're good to go now.

Clients can now upgrade their SDKs and be compatible with an anchor's SEP-10 service as long as the client uses the correct home domain value when verifying challenges. Again, the correct home domain value is the host portion of the URL used to fetch the anchor's TOML file.

Thanks for your diligence (and patience) as we make changes to the authentication protocol. We're getting close!  We have one other related change to make, SEP-10 3.1, and will notify you when SDK support for this change is released.  

If you have any questions, please let us know!

Reply all
Reply to author
Forward
0 new messages