From 4bd9b1c13bd66bd2a3cfa794cf2303c337b5d36c Mon Sep 17 00:00:00 2001 From: chloehjung15 <73510449+chloehjung15@users.noreply.github.com> Date: Tue, 8 Aug 2023 07:14:47 +1200 Subject: [PATCH] Update lnbits to 0.10.9 (#718) Co-authored-by: nmfretz --- lnbits/docker-compose.yml | 2 +- lnbits/umbrel-app.yml | 40 +++++++++++---------------------------- 2 files changed, 12 insertions(+), 30 deletions(-) diff --git a/lnbits/docker-compose.yml b/lnbits/docker-compose.yml index 047ca88..cc7646a 100644 --- a/lnbits/docker-compose.yml +++ b/lnbits/docker-compose.yml @@ -8,7 +8,7 @@ services: PROXY_AUTH_ADD: "false" web: - image: lnbitsdocker/lnbits-legend:0.10.6@sha256:a11aaa6d2b211db4c1ec2cafb7c35057ef45bcf4b98fb3bbf23c5635a0304aff + image: lnbitsdocker/lnbits-legend:0.10.9@sha256:ec4d6055e1de1b340c66bb6b473635ade1e95b57a69e0cb6effe21af310385d6 init: true restart: on-failure stop_grace_period: 1m diff --git a/lnbits/umbrel-app.yml b/lnbits/umbrel-app.yml index a363725..f5403b4 100644 --- a/lnbits/umbrel-app.yml +++ b/lnbits/umbrel-app.yml @@ -2,7 +2,7 @@ manifestVersion: 1 id: lnbits category: bitcoin name: LNbits -version: "0.10.6" +version: "0.10.9" tagline: Multi-user wallet management system description: >- LNbits is a simple multi-user and account system for Lightning @@ -41,44 +41,26 @@ path: "" defaultUsername: "" deterministicPassword: true releaseNotes: >- - 🚨 Critical Security Update: This update addresses a critical security vulnerability in LNbits. Please update as soon as possible. + In this release, we introduce a whole suite of new security features to harden your LNbits instance. Our goal is to make these features + accessible and keep every instance as safe as possible to protect user funds from possible security breaches. - 🔧 Extension Management Changes: - - - New and existing users should follow these steps to install extensions: - - - 1. Copy your unique LNbits password from the LNbits' app store page on your Umbrel: 'umbrel.local/app-store/lnbits'. - - 2. Access the Super Admin page of LNbits at 'umbrel.local:3007/uuidv4/'. Replace '' with the password you copied before. - - 3. You can now install and uninstall extensions from this page. - + You will find a new Security panel in your Manage Server AdminUI that you can access as the super user. All features are opt-in and are also accessible via the LNbits API. - 🔄 Extension Restoration for Existing Users: + The Security panel has six components: - - If an extension was previously installed, it won't show up after the update. + - Server logs 📝 - - Reinstall the extension from the Super Admin page to restore its enabled state and data. + - IP blocker 🚫 + - Rate limiter 🐌 - 🔓 Extension Enabling/Disabling: + - Security notifications 🔔 - - - Once installed, any user can enable/disable extensions from their user page. + - Killswitch 🪓 - - Existing LNbits users that are updating their app may need to hard refresh their browser on the extensions page in order to enable/disable extensions. - - - 👥 Granting Admin Access: - - - - From the Super Admin page, you can make other users admins. - - - Admins can install extensions without visiting the Super Admin page. + - Watchdog 🐕 (coming soon) 📄 Full Release Notes and detailed information is available at: https://github.com/lnbits/lnbits/releases