Chia Network has just released version 1.3.2 of the Chia Blockchain software to address a critical OpenSSL vulnerability that has the potential to cause outages for anyone running a node on the old version. It is very strongly suggested everyone update immediately.
The OpenSSL vulnerability was identified more than two weeks ago, and it seems Chia may have missed the fix as soon as it was available, but because the integrity of the blockchain does not depend on uncompromised SSL it likely did not put anyone at risk of data loss or systems breach.
They have a pretty good FAQ on the subject and it doesn’t seem like they have done anything new from version 1.3.1 except update the version of OpenSSL distributed with their application. Everyone reading this should stop what they are doing and go update now.
Shoutout to Keybase user Skwee for raising this issue with both me and Chia and getting action done before I even finished work to look into it. Well done, sir.
