v0.1.4 - May 23, 2025 - "Careful Validation of Bogus States"

Bug Fixes

• In cases where using synchronous persistence with higher latency than the
  latency to communicate with peers caused issues fixed in 0.1.2,
  ChannelManagers may have been left in a state which LDK 0.1.2 and later
  would refuse to deserialize. This has been fixed and nodes which experienced
  this issue prior to 0.1.2 should now deserialize fine (#3790).
• In some cases, when using synchronous persistence with higher latency than
  the latency to communicate with peers, when receiving an MPP payment with
  multiple parts received over the same channel, a channel could hang and not
  make progress, eventually leading to a force-closure due to timed-out HTLCs.
  This has now been fixed (#3680).

Security

0.1.4 fixes a funds-theft vulnerability in exceedingly rare cases.

• If an LDK-based node funds an anchor channel to a malicious peer, and that
  peer sets the channel reserve on the LDK-based node to zero, the LDK-node
  could overdraw its total balance upon increasing the feerate of the
  commitment transaction. If the malicious peer forwards HTLCs through the
  LDK-based node, this could leave the LDK-based node with no valid commitment
  transaction to broadcast to claim its part of the forwarded HTLC. The
  counterparty would have to forfeit their reserve value (#3796).

v0.1.3 - Apr 30, 2025 - "Routing Unicode in 2025"

Bug Fixes

• Event::InvoiceReceived is now only generated once for each Bolt12Invoice
  received matching a pending outbound payment. Previously it would be provided
  each time we received an invoice, which may happen many times if the sender
  sends redundant messages to improve success rates (#3658).
• LDK's router now more fully saturates paths which are subject to HTLC
  maximum restrictions after the first hop. In some rare cases this can result
  in finding paths when it would previously spuriously decide it cannot find
  enough diverse paths (#3707, #3755).

Security

0.1.3 fixes a denial-of-service vulnerability which cause a crash of an
LDK-based node if an attacker has access to a valid Bolt12Offer which the
LDK-based node created.

• A malicious payer which requests a BOLT 12 Invoice from an LDK-based node
  (via the Bolt12InvoiceRequest message) can cause the panic of the
  LDK-based node due to the way String::truncate handles UTF-8 codepoints.
  The codepath can only be reached once the received Botlt12InvoiceRequest
  has been authenticated to be based on a valid Bolt12Offer which the same
  LDK-based node issued (#3747, #3750).

v0.1.2 - Apr 02, 2025 - "Foolishly Edgy Cases"

API Updates

• lightning-invoice is now re-exported as lightning::bolt11_invoice
  (#3671).

Performance Improvements

• rapid-gossip-sync graph parsing is substantially faster, resolving a
  regression in 0.1 (#3581).
• NetworkGraph loading is now substantially faster and does fewer
  allocations, resulting in a 20% further improvement in rapid-gossip-sync
  loading when initializing from scratch (#3581).
• ChannelMonitors for closed channels are no longer always re-persisted
  immediately after startup, reducing on-startup I/O burden (#3619).

Bug Fixes

• BOLT 11 invoices longer than 1023 bytes long (and up to 7089 bytes) now
  properly parse (#3665).
• In some cases, when using synchronous persistence with higher latency than
  the latency to communicate with peers, when receiving an MPP payment with
  multiple parts received over the same channel, a channel could hang and not
  make progress, eventually leading to a force-closure due to timed-out HTLCs.
  This has now been fixed (#3680).
• Some rare cases with multi-hop BOLT 11 route hints or multiple redundant
  blinded paths could have led to the router creating invalid Routes were
  fixed (#3586).
• Corrected the decay logic in ProbabilisticScorer's historical buckets
  model. Note that by default historical buckets are only decayed if no new
  datapoints have been added for a channel for two weeks (#3562).
• {Channel,Onion}MessageHandler::peer_disconnected will now be called if a
  different message handler refused connection by returning an Err from its
  peer_connected method (#3580).
• If the counterparty broadcasts a revoked state with pending HTLCs, those
  will now be claimed with other outputs which we consider to not be
  vulnerable to pinning attacks if they are not yet claimable by our
  counterparty, potentially reducing our exposure to pinning attacks (#3564).

v0.1.1 - Jan 28, 2025 - "Onchain Matters"

API Updates

• A ChannelManager::send_payment_with_route was (re-)added, with semantics
  similar to ChannelManager::send_payment (rather than like the pre-0.1
  send_payent_with_route, #3534).
• RawBolt11Invoice::{to,from}_raw were added (#3549).

Bug Fixes

• HTLCs which were forwarded where the inbound edge times out within the next
  three blocks will have the inbound HTLC failed backwards irrespective of the
  status of the outbound HTLC. This avoids the peer force-closing the channel
  (and claiming the inbound edge HTLC on-chain) even if we have not yet managed
  to claim the outbound edge on chain (#3556).
• On restart, replay of Event::SpendableOutputs could have caused
  OutputSweeper to generate double-spending transactions, making it unable to
  claim any delayed claims. This was resolved by retaining old claims for more
  than four weeks after they are claimed on-chain to detect replays (#3559).
• Fixed the additional feerate we will pay each time we RBF on-chain claims to
  match the Bitcoin Core policy (1 sat/vB) instead of 16 sats/vB (#3457).
• Fixed a cased where a custom Router which returns an invalid Route,
  provided to ChannelManager, can result in an outbound payment remaining
  pending forever despite no HTLCs being pending (#3531).

Security

0.1.1 fixes a denial-of-service vulnerability allowing channel counterparties to
cause force-closure of unrelated channels.

• If a malicious channel counterparty force-closes a channel, broadcasting a
  revoked commitment transaction while the channel at closure time included
  multiple non-dust forwarded outbound HTLCs with identical payment hashes and
  amounts, failure to fail the HTLCs backwards could cause the channels on
  which we recieved the corresponding inbound HTLCs to be force-closed. Note
  that we'll receive, at a minimum, the malicious counterparty's reserve value
  when they broadcast the stale commitment (#3556). Thanks to Matt Morehouse for
  reporting this issue.

v0.1

0.1 - Jan 15, 2025 - "Human Readable Version Numbers"

The LDK 0.1 release represents an important milestone for the LDK project. While
there are certainly many important features which are still being built, the LDK
project has come a long way, and the LDK project is happy with the quality of
the features included in this release. Thus, the project will begin doing patch
releases to fix bugs in prior versions as new features continue to ship in new
minor versions.

API Updates

• The lightning-liquidity crate has been moved into the rust-lightning
  git tree, enabling support for both sides of the LSPS channel open
  negotiation protocols (#3436).
• Since its last alpha release, lightning-liquidity has also gained support
  for acting as an LSPS1 client (#3436).
• This release includes support for BIP 353 Human Readable Names resolution.
  With the dnssec feature enabled, simply call ChannelManager's
  pay_for_offer_from_human_readable_name with a list of lightning nodes that
  have the dns_resolver feature flag set (e.g. those running LDK with the
  new lightning_dns_resolver::OMDomainResolver set up to resolve DNS queries
  for others) and a Human Readable Name (#3346, #3179, #3283).
• Asynchronous ChannelMonitorUpdate persistence (i.e. the use of
  ChannelMonitorUpdateStatus::InProgress) is now considered beta-quality.
  There are no known issues with it, though the likelihood of unknown issues
  is high (#3414).
• ChannelManager's send_payment_with_route and send_spontaneous_payment
  were removed. Use send_payment and send_spontaneous_payment_with_retry
  (now renamed send_spontaneous_payment) instead (#3430).
• ChannelMonitors no longer need to be re-persisted after deserializing the
  ChannelManager before beginning normal operation. As such,
  ChannelManagerReadArgs::channel_monitors no longer requires mutable
  references (#3322). See the Backwards Compatibility section for more info.
• Additional information is now stored in ChannelMonitorUpdates which may
  increase the average size of ChannelMonitorUpdates when claiming inbound
  payments substantially. The expected maximum size of ChannelMonitorUpdates
  shouldn't change materially (#3322).
• Redundant Event::PaymentClaimeds will be generated more frequently on
  startup compared to previous versions.
  Event::PaymentClaim{able,ed}::payment_id has been added to allow for more
  robust handling of redundant events on payments with duplicate
  PaymentHashes (#3303, #3322).
• ChannelMonitorUpdate::update_ids no longer have a magic value (of
  u64::MAX) for updates after a channel has been closed. They are now
  always monotonically increasing (#3355).
• The MSRV of lightning-transaction-sync has been increased to rustc 1.75 due
  to its HTTP client dependencies (#3528).
• The default ProbabilisticScoringFeeParameters values now recommend specific
  ratios between different penalties, and default penalties now allow for
  higher fees in order to reduce payment latency (#3495).
• On-chain state resolution now more aggressively batches claims into single
  transactions, reducing on-chain fee costs when resolving multiple HTLCs for a
  single channel force-closure. This also reduces the on-chain reserve
  requirements for nodes using anchor channels (#3340).
• A MigratableKVStore trait was added (and implemented for
  FilesystemStore), enabling easy migration between KVStores (#3481).
• InvoiceRequest::amount_msats now returns the offer-implied amount if a
  Bitcoin-denominated amount was set in the offer and no amount was set
  directly in the invoice_request (#3535).
• Event::OpenChannelRequest::push_msat has been replaced with an enum in
  preparation for the dual-funding protocol coming in a future release (#3137).
• GossipVerifier now requires a P2PGossipSync which holds a reference to
  the GossipVerifier via an Arc (#3432).
• The max_level_* features were removed as the performance gain compared to
  doing the limiting at runtime was negligible (#3431).
• ChannelManager::create_bolt11_invoice was added, deprecating the
  lightning::ln::invoice_utils module (#3389).
• The bech32 dependency has been upgraded to 0.11 across crates (#3270).
• Support for creating BOLT 12 invoice_requests with a static signing key
  rather than an ephemeral one has been removed (#3264).
• The Router trait no longer extends the MessageRouter trait, creating an
  extra argument to ChannelManager construction (#3326).
• The deprecated AvailableBalances::balance_msat has been removed in favor of
  ChannelMonitor::get_claimable_balances (#3243).
• Deprecated re-exports of Payment{Hash,Preimage,Secret} and features were
  removed (#3359).
• bolt11_payment::*_from_zero_amount_invoice methods were renamed
  *_from_variable_amount_invoice (#3397)
• Offer signing_pubkey (and related struct names) have been renamed
  issuer_signing_pubkey (#3218).
• Event::PaymentForwarded::{prev,next}_node_id were added (#3458).
• Event::ChannelClosed::last_local_balance_msat was added (#3235).
• RoutingMessageHandler::handle_* now all have a node_id argument (#3291).
• lightning::util::persist::MonitorName has been exposed (#3376).
• ProbabilisticScorer::live_estimated_payment_success_probability was added
  (#3420)
• EcdsaChannelSigner::sign_splicing_funding_input was added to support an
  eventual splicing feature (#3316).
• {Payment,Offer}Id now support lowercase-hex formatting (#3377).

Bug Fixes

• Fixed a rare case where a BOLT 12 payment may be made duplicatively if the
  node crashes while processing a BOLT 12 invoice message (#3313).
• Fixed a bug where a malicious sender could cause a payment Event to be
  generated with an OfferId using a payment with a lower amount than the
  corresponding BOLT 12 offer would have required. The amount in the
  Event::Payment{Claimable,Claimed} were still correct (#3435).
• The ProbabilisticScorer model and associated default scoring parameters
  were tweaked to be more predictive of real-world results (#3368, #3495).
• ProbabilisticScoringFeeParameters::base_penalty_amount_multiplier_msat no
  longer includes any pending HTLCs we already have through channels in the
  graph, avoiding over-penalizing them in comparison to other channels (#3356).
• A ChannelMonitor will no longer be archived if a MonitorEvent containing
  a preimage for another channel is pending. This fixes an issue where a
  payment preimage needed for another channel claim is lost if events go
  un-processed for 4038 blocks (#3450).
• std builds no longer send the full gossip state to peers that do not
  request it (#3390).
• lightning-block-sync listeners now receive block_connected calls, rather
  than always receiving filtered_block_connected calls (#3354).
• Fixed a bug where some transactions were broadcasted one block before their
  locktime made them candidates for inclusion in the mempool (though they would
  be automatically re-broadcasted later, #3453).
• ChainMonitor now persists ChannelMonitors when their Balance set first
  goes empty, making ChannelMonitor pruning more reliable on nodes that are
  only online briefly (e.g. mobile nodes, #3442).
• BOLT 12 invoice requests now better handle intermittent internet connectivity
  (e.g. on mobile devices with app interruptions, #3010).
• Broadcast-gossip MessageSendEvents from the ChannelMessageHandler are now
  delivered to peers even if the peer is behind in processing relayed gossip.
  This ensures our own gossip propagates well even if we have very limited
  upload bandwidth (#3142).
• Fixed a bug where calling OutputSweeper::transactions_confirmed with
  transactions from anything but the latest block may have triggered a spurious
  assertion in debug mode (#3524).

Performance Improvements

• LDK now verifies channel_update gossip messages without holding a lock,
  allowing additional parallelism during gossip sync (#3310).
• LDK now checks if it already has certain gossip messages before verifying the
  message signatures, reducing CPU usage during gossip sync after the first
  startup (#3305).

Node Compatibility

• LDK now handles fields in the experimental range of BOLT 12 messages (#3237).

Backwards Compatibility

• Nodes with pending forwarded HTLCs or unclaimed payments cannot be
  upgraded directly from 0.0.123 or earlier to 0.1. Instead, they must
  first either resolve all pending HTLCs (including those pending
  resolution on-chain), or run 0.0.124 or 0.0.125 and resolve any HTLCs that
  were originally forwarded or received running 0.0.123 or earlier (#3355).
• ChannelMonitors not being re-persisted after deserializing the
  ChannelManager only applies to upgraded nodes after a startup with the
  old semantics completes at least once. In other words, you must deserialize
  the ChannelManager with an upgraded LDK, persist the ChannelMonitors as
  you would on pre-0.1 versions of LDK, then continue to normal startup once,
  and for startups thereafter you can take advantage of the new semantics
  avoiding redundant persistence on startup (#3322).
• Pending inbound payments paying a BOLT 12 invoice issued prior to upgrade
  to LDK 0.1 will fail. Issued BOLT 12 offers remain payable (#3435).
• UserConfig::accept_mpp_keysend was removed, thus the presence of pending
  inbound MPP keysend payments will prevent downgrade to LDK 0.0.115 and
  earlier (#3439).
• Inbound payments initialized using the removed
  ChannelManager::create_inbound_payment{,_for_hash}_legacy API will no
  longer be accepted by LDK 0.1 (#3383).
• Do...

v0.1.0-beta1

Release notes forthcoming.

v0.0.125

0.0.125 - Oct 14, 2024 - "Delayed Beta Testing"

Bug Fixes

• On upgrade to 0.0.124, channels which were at a steady-state (i.e. for which
  the counterparty has received our latest revoke_and_ack message) will
  force-close upon receiving the next channel state update from our
  counterparty. When built with debug assertions a debug assertion failure will
  occur instead (#3362).
• Listeners in a ChainListenerSet will now have their block_connected
  method called, when appropriate, rather than always having their
  filtered_block_connected method called with full block data (#3354).
• Routefinding historical liquidity channel scores were made more consistent
  for channels which have very little data which has been decayed (#3362).
• A debug assertion failure when adding nodes to the network graph after
  removal of nodes from the network graph was fixed (#3362).

In total, this release features 6 files changed, 32 insertions, 7
deletions in 5 commits since 0.0.124 from 2 authors, in alphabetical order:

• Elias Rohrer
• Matt Corallo

v0.0.124

0.0.124 - Sep 3, 2024 - "Papercutting Feature Requests"

API Updates

• rust-bitcoin has been updated to 0.32. The new bitcoin-io crate is now
  used for all IO traits, irrespective of the features set on LDK crates.
  LDK crates no longer automatically force features on dependent crates where
  possible, allowing different std/no-std settings between LDK and
  rust-bitcoin crates (e.g. to disable std on LDK to ensure system time is
  not accessed while using bitcoin-io's std feature). (#3063, #3239, #3249).
• A new lightning_types crate was added which contains various top-level
  types. Using types from lightning::ln::features or
  Payment{Hash,Preimage,Secret} from lightning::ln or
  lightning::ln::types is now deprecated. The new crate is re-exported as
  lightning::types (#3234, #3253).
• lightning now depends on lightning-invoice, rather than the other way
  around. The lightning_invoice::payment module has moved to
  lightning::ln::bolt11_payment and lightning_invoice::utils to
  lightning::ln::invoice_utils (#3234).
• Event handlers may now return errors, causing most events to be replayed
  immediately without blocking the background processor. See documentation on
  individual Events for more information on replay (#2995).
• ChannelDetails::balance_msat is deprecated in favor of
  ChainMonitor::get_claimable_balances and the Balance, which now contains
  substantially more details and more accurately calculates a node-wide
  balance when Balance::claimable_amount_satoshis are summed (#3212, #3247).
• ConfirmationTarget has two new variants - a MaximumFeeEstimate which can
  help to avoid spurious force-closes by ensuring we always accept feerates up
  to this value from peers as sane and a UrgentOnChainSweep, replacing
  OnChainSweep and only being used when the on-chain sweep is urgent (#3268).
• All ChannelMonitors are no longer persisted after each block connection,
  instead spreading them out over a handful of blocks to reduce load spikes.
  Note that this will increase the incidence of ChannelMonitors that have
  different best blocks on startup, requiring some additional chain replay
  (but only on some ChannelMonitors) on startup for Listen users (#2966).
• A new format for Rapid Gossip Sync data is now supported which contains
  additional node metadata and is more extensible (#3098).
• ChannelManager::send_payment_with_route is now deprecated in favor of the
  much easier to use Channelmanager::send_payment. Those who wish to manually
  select the route such payments go over should do so by matching the
  payment_id passed to send_payment in Router::find_route_with_id (#3224)
• lightning-transaction-sync now takes most Confirms as a generic Deref.
  You may need an explicit as &(dyn Confirm) to update existing code (#3101).
• HTLCs will now be forwarded over any channel with a peer, rather than only
  the specific channel requested by the payment sender (#3127).
• Event::PaymentFailed is now used in place of Event::InvoiceRequestFailed,
  holding an Option for the payment hash, which will be None when no
  invoice has been received (#3192).
• ChannelManager now supports intercepting and manually paying
  Bolt12Invoices, see UserConfig::manually_handle_bolt12_invoices (#3078).
• logger::Records now contain a PaymentHash (#2930).
• ChainMonitor no longer uses an opaque MonitorUpdateId, opting to reuse
  the ChannelMonitorUpdate::update_id instead. Note that you no longer have
  to call ChainMonitor::channel_monitor_updated for
  ChannelMonitorUpdateStatus::InProgress updates to a monitor that were
  started without a ChannelMonitorUpdate (#2957).
• NodeAnnouncementInfo is now an enum holding either a gossip message or
  the important fields, reducing the memory usage of NetworkGraph (#3072).
• Onion message handlers now include a message context, which allows for
  blinded path authentication (#3085, #3202).
• ChannelManager now supports funding with only a txid and output index, see
  ChannelManager::unsafe_manual_funding_transaction_generated (#3024).
• BOLT 12 invoice requests now go out over, and accept responses over, multiple
  paths (#3087).
• OnionMessenger now supports intercepting and re-forwarding onion messages
  for peers that are offline at the time of receipt when constructed with
  new_with_offline_peer_interception (#2973).
• Onion message handling trait methods now generally take a Responder which
  can be used to create a ResponseInstruction to better control how responses
  are sent. The ResponseInstruction can also be converted to
  MessageSendInstructions which can be passed to OnionMessenger's
  send_onion_message to respond asynchronously (#2907, #2996, #3263).
• OnionMessenger::process_pending_events_async was added (#3060).
• Blinded paths used for BOLT 12 Offer/Refunds are now compact when they
  expire relatively soon, making them somewhat smaller (#3011, #3080).
• ChannelManager::force_close_* now take a err msg to send to peers (#2889).
• ChannelDetails::is_public has been renamed to is_announced and
  ChannelHandshakeConfig::announced_channel to announce_for_forwarding to
  address various misconceptions about the purpose of announcement (#3257).
• BlindedPaths are now split into BlindedMessagePaths and
  BlindedPaymentPaths and advance_path_by_one added to each (#3182).
• BlindedPaymentPath now includes the BlindedPayInfo (#3245).
• BOLT 12 Offer/Refund builders no longer require a description, instead
  allowing it to be set on the builder itself (#3018).
• The {Inbound,Outbound}HTLCState{,Details} and ChannelDetails structs have
  moved to the ln::channel_state module (#3089).
• Event::OpenChannelRequest now contains params and is_announced (#3019).
• Peers are no longer disconnected when we force-close a channel (#3088).
• BOLT12 Offer and Refund now implement Readable (#2965).
• RecipientOnionFields is now included in Event::PaymentClaimed (#3084).
• ClosureReason::HolderForceClosed::broadcasted_latest_txn was added (#3107).
• EcdsaChannelSigner no longer needs to be Writeable and the supertrait
  WriteableEcdsaChannelSigner has been removed (#3059).
• CustomMessageHandler::peer_{,dis}connected were added (#3105).
• lightning_invoice::Description::as_inner() was added (#3203).
• Splice-related wire messages have been updated to the latest spec (#3129).

Bug Fixes

• channel_update messages are no longer extracted from failed payments and
  applied to the network graph via Event::PaymentPathFailed, preventing a
  node along the path from identifying the sender of a payment (#3083).
• In order to prevent senders from identifying the recipient of a BOLT 12 offer
  that included a blinded path, cryptographic information from blinded paths
  are now included in the invoice request verification (#3085, #3139, #3242).
• Routes are now length-limited based on the actual onion contents rather than
  a fixed value. This ensures no routes are generated that are unpayable when
  sending HTLCs with custom TLVs, blinded paths, or metadata (#3026, #3156).
• Unannounced LDK nodes (or ones without a network graph) will now include
  unannounced peers as introduction points in blinded paths. This addresses
  issues where test networks were not usable for BOLT 12 due to failures to
  find paths over private channels to LDK nodes. It will also enable creating
  BOLT 12 offers for nodes with no local network graph (#3132).
• If a channel partner fails to update the feerate on a channel for some time
  and prevailing network feerates increase, LDK will now force-close
  automatically to avoid being unable to claim our funds on-chain. In order to
  reduce false-positives, it does so by comparing the channel's fee against the
  minimum ConfirmationTarget::MinAllowed{,Non}AnchorChannelRemoteFee we've
  seen over the past day (and do not force-close if we haven't been running for
  a full day, #3037).
• MonitorUpdatingPersister did not read ChannelMonitorUpdates when
  archiving a ChannelMonitor, causing the archived ChannelMonitor to be
  missing some updates. Those updates were not removed from the KVStore and
  monitors being archived should have no pending updates as they were persisted
  on each new block for some time before archiving (#3276).
• CoinSelections selected for commitment transactions which did not contain a
  change output no longer result in broadcasting a non-standard transaction nor
  in under-paying the target feerate (#3285). Note that such a transaction
  would fail to propagate and LDK would have continued to bump the fee until a
  different CoinSelection is used which did contain a change output.
• invoice_errors from BOLT 12 recipients now fail payments (#3085, #3192).
• Fixed a bug which may lead to a missing Event::ChannelClosed and missing
  Error messages for peers when a bogus funding transaction is provided for a
  batch channel open (#3029).
• Fixed an overflow in RawBolt11Invoice::amount_pico_btc() reachable via
  Bolt11Invoice::amount_milli_satoshis(), resulting in a debug panic or bogus
  value for invoices with invalid values (#3032).
• In incredibly rare circumstances, when using the beta asynchronous
  persistence, it is possible that the preimage for an MPP claim could fail to
  be persisted in the ChannelMonitor for one or more MPP parts, resulting in
  only some of the payment's value being claimed (#3120).
• A rare race was fixed which could lead to ChannelMonitorUpdates appearing
  after a full ChannelMonitor persistence th...

v0.0.123

v0.0.123 - May 08, 2024 - "BOLT12 Dust Sweeping"

API Updates

• To reduce risk of force-closures and improve HTLC reliability the default
  dust exposure limit has been increased to
  MaxDustHTLCExposure::FeeRateMultiplier(10_000). Users with existing
  channels might want to consider using
  ChannelManager::update_channel_config to apply the new default (#3045).
• ChainMonitor::archive_fully_resolved_channel_monitors is now provided to
  remove from memory ChannelMonitors that have been fully resolved on-chain
  and are now not needed. It uses the new Persist::archive_persisted_channel
  to inform the storage layer that such a monitor should be archived (#2964).
• An OutputSweeper is now provided which will automatically sweep
  SpendableOutputDescriptors, retrying until the sweep confirms (#2825).
• After initiating an outbound channel, a peer disconnection no longer results
  in immediate channel closure. Rather, if the peer is reconnected before the
  channel times out LDK will automatically retry opening it (#2725).
• PaymentPurpose now has separate variants for BOLT12 payments, which
  include fields from the invoice_request as well as the OfferId (#2970).
• ChannelDetails now includes a list of in-flight HTLCs (#2442).
• Event::PaymentForwarded now includes skimmed_fee_msat (#2858).
• The hashbrown dependency has been upgraded and the use of ahash as the
  no-std hash table hash function has been removed. As a consequence, LDK's
  Hash{Map,Set}s no longer feature several constructors when LDK is built
  with no-std; see the util::hash_tables module instead. On platforms that
  getrandom supports, setting the possiblyrandom/getrandom feature flag
  will ensure hash tables are resistant to HashDoS attacks, though the
  possiblyrandom crate should detect most common platforms (#2810, #2891).
• ChannelMonitor-originated requests to the ChannelSigner can now fail and
  be retried using ChannelMonitor::signer_unblocked (#2816).
• SpendableOutputDescriptor::to_psbt_input now includes the witness_script
  where available as well as new proprietary data which can be used to
  re-derive some spending keys from the base key (#2761, #3004).
• OutPoint::to_channel_id has been removed in favor of
  ChannelId::v1_from_funding_outpoint in preparation for v2 channels with a
  different ChannelId derivation scheme (#2797).
• PeerManager::get_peer_node_ids has been replaced with list_peers and
  peer_by_node_id, which provide more details (#2905).
• Bolt11Invoice::get_payee_pub_key is now provided (#2909).
• Default[Message]Router now take an entropy_source argument (#2847).
• ClosureReason::HTLCsTimedOut has been separated out from
  ClosureReason::HolderForceClosed as it is the most common case (#2887).
• ClosureReason::CooperativeClosure is now split into
  {Counterparty,Locally}Initiated variants (#2863).
• Event::ChannelPending::channel_type is now provided (#2872).
• PaymentForwarded::{prev,next}_user_channel_id are now provided (#2924).
• Channel init messages have been refactored towards V2 channels (#2871).
• BumpTransactionEvent now contains the channel and counterparty (#2873).
• util::scid_utils is now public, with some trivial utilities to examine
  short channel ids (#2694).
• DirectedChannelInfo::{source,target} are now public (#2870).
• Bounds in lightning-background-processor were simplified by using
  AChannelManager (#2963).
• The Persist impl for KVStore no longer requires Sized, allowing for
  the use of dyn KVStore as Persist (#2883, #2976).
• From<PaymentPreimage> is now implemented for PaymentHash (#2918).
• NodeId::from_slice is now provided (#2942).
• ChannelManager deserialization may now fail with DangerousValue when
  LDK's persistence API was violated (#2974).

Bug Fixes

• Excess fees on counterparty commitment transactions are now included in the
  dust exposure calculation. This lines behavior up with some cases where
  transaction fees can be burnt, making them effectively dust exposure (#3045).
• Futures used as an std::...::Future could grow in size unbounded if it
  was never woken. For those not using async persistence and using the async
  lightning-background-processor, this could cause a memory leak in the
  ChainMonitor (#2894).
• Inbound channel requests that fail in
  ChannelManager::accept_inbound_channel would previously have stalled from
  the peer's perspective as no error message was sent (#2953).
• Blinded path construction has been tuned to select paths more likely to
  succeed, improving BOLT12 payment reliability (#2911, #2912).
• After a reorg, lightning-transaction-sync could have failed to follow a
  transaction that LDK needed information about (#2946).
• RecipientOnionFields' custom_tlvs are now propagated to recipients when
  paying with blinded paths (#2975).
• Event::ChannelClosed is now properly generated and peers are properly
  notified for all channels that as a part of a batch channel open fail to be
  funded (#3029).
• In cases where user event processing is substantially delayed such that we
  complete multiple round-trips with our peers before a PaymentSent event is
  handled and then restart without persisting the ChannelManager after having
  persisted a ChannelMonitor[Update], on startup we may have Errd trying to
  deserialize the ChannelManager (#3021).
• If a peer has relatively high latency, PeerManager may have failed to
  establish a connection (#2993).
• ChannelUpdate messages broadcasted for our own channel closures are now
  slightly more robust (#2731).
• Deserializing malformed BOLT11 invoices may have resulted in an integer
  overflow panic in debug builds (#3032).
• In exceedingly rare cases (no cases of this are known), LDK may have created
  an invalid serialization for a ChannelManager (#2998).
• Message processing latency handling BOLT12 payments has been reduced (#2881).
• Latency in processing Event::SpendableOutputs may be reduced (#3033).

Node Compatibility

• LDK's blinded paths were inconsistent with other implementations in several
  ways, which have been addressed (#2856, #2936, #2945).
• LDK's messaging blinded paths now support the latest features which some
  nodes may begin relying on soon (#2961).
• LDK's BOLT12 structs have been updated to support some last-minute changes to
  the spec (#3017, #3018).
• CLN v24.02 requires the gossip_queries feature for all peers, however LDK
  by default does not set it for those not using a P2PGossipSync (e.g. those
  using RGS). This change was reverted in CLN v24.02.2 however for now LDK
  always sets the gossip_queries feature. This change is expected to be
  reverted in a future LDK release (#2959).

Security

0.0.123 fixes a denial-of-service vulnerability which we believe to be reachable
from untrusted input when parsing invalid BOLT11 invoices containing non-ASCII
characters.

• BOLT11 invoices with non-ASCII characters in the human-readable-part may
  cause an out-of-bounds read attempt leading to a panic (#3054). Note that all
  BOLT11 invoices containing non-ASCII characters are invalid.

In total, this release features 150 files changed, 19307 insertions, 6306
deletions in 360 commits since 0.0.121 from 17 authors, in alphabetical order:

• Arik Sosman
• Duncan Dean
• Elias Rohrer
• Evan Feenstra
• Jeffrey Czyz
• Keyue Bao
• Matt Corallo
• Orbital
• Sergi Delgado Segura
• Valentine Wallace
• Willem Van Lint
• Wilmer Paulino
• benthecarman
• jbesraa
• olegkubrakov
• optout
• shaavan

v0.0.122

0.0.122 - Apr 09, 2024 - "That Which Is Untested Is Broken"

Bug Fixes

• Route objects did not successfully round-trip through de/serialization
  since LDK 0.0.117, which has now been fixed (#2897).
• Correct deserialization of unknown future enum variants. This ensures
  downgrades from future versions of LDK do not result in read failures or
  corrupt reads in cases where enums are written (#2969).
• When hitting lnd bug 6039, our workaround previously resulted in
  ChannelManager persistences on every round-trip with our peer. These
  useless persistences are now skipped (#2937).

In total, this release features 4 files changed, 99 insertions, 55
deletions in 6 commits from 1 author, in alphabetical order:

• Matt Corallo