Headline
CVE-2022-25642: Release v3.4.1 · byteball/obyte-gui-wallet
Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution.
- Releases
- v3.4.1
This release fixes a security vulnerability that allows remote code execution through specially crafted chat messages. Upgrading is strongly recommended for all users, especially those who have untrusted contacts or bots in the wallet chat. We’ll block the old versions from the default hub soon after the release.
Another update in this release extends the obyte: URI protocol to allow multi-asset payments. This will improve the integration of dapps with the wallet and make it easier/faster to send multi-asset payments without having to open a chat with the dapp. Adding liquidity in Oswap will become easier once the feature is integrated in oswap.
SHA256 of the Linux AppImage is posted here: https://explorer.obyte.org/#UZbzkA7loA+mGh43T8Bx7v+2R58KaIWxwxloOqkoNA0=
Binaries for other platforms are already signed in ways that are standard on the respective platforms.