반응형

[2021-02-12]

 

github.com/trexminer/T-Rex/releases/tag/0.19.11

 

Release T-Rex 0.19.11 · trexminer/T-Rex

IMPORTANT NOTE: This release mainly is a security patch for a vulnerability caused by binding miner API to 0.0.0.0 IP address by default thus exposing it to the outside world and allowing to perfor...

github.com

IMPORTANT NOTE: This release mainly is a security patch for a vulnerability caused by binding miner API to 0.0.0.0 IP address by default thus exposing it to the outside world and allowing to perform various attacks. So, we strongly recommend updating to this version OR specifying --api-bind-http 127.0.0.1:4067 --api-bind-telnet 127.0.0.1:4068 as additional miner arguments in your bat/sh script to prevent these attacks. If you need to access the API or the Web UI from another device in your local network, you can bind the API to 0.0.0.0:4067 in which case it is recommended to disallow any config modifications with --api-read-only flag or set up your firewall in a way that prevents unauthorised access to the API. Security features like API password may be added in future releases. If you're running one of the Linux based mining operating systems like HiveOS, mmpOS and so on, you're very likely not affected as they bind T-Rex API servers to 127.0.0.1 by default.

Bug fixes:

  • (API) Bind API servers to 127.0.0.1 by default to prevent unauthorised access to the API
  • (API) Miner pause functionality is broken (regression)

 

 

반응형

'Mining > Software' 카테고리의 다른 글

nanominer v3.2.2  (0) 2021.02.13
lolMiner 1.24a  (0) 2021.02.13
Team Red Miner 0.8.1  (0) 2021.02.10
lolMiner 1.23 (linux) 1.21(Windows)  (0) 2021.02.10
T-Rex 0.19.10  (0) 2021.02.07

+ Recent posts