btcpayserver on Nostr: We are releasing version 2.0.2 to address a vulnerability affecting stores using the ...
We are releasing version 2.0.2 to address a vulnerability affecting stores using the Blink or Nostr plugins together with pull payments and payouts (most commonly used for refunds and Bolt cards).
https://github.com/btcpayserver/btcpayserver/releases/tag/v2.0.2
If your setup relies on these functionalities, we strongly recommend immediately updating your Nostr plugin to the latest version and BTCPay Server to 2.0.2 to mitigate this issue.
Please note that regular users operating LND or CLN nodes were not impacted on all versions.
If you run BTCPay Server 1.x and you use pull payments with NwC (Nostr wallet Connect) - please update to BTCPay Server 2.0.2 and update the Nostr Plugin.
If you opted into BTCPay Server 2.0 and are using blinkbtc plugin with pull payment - please update to BTCPay Server 2.0.2.
Our thanks to itstomek petzsch leinert for responsibly disclosing and alerting us of this issue.
https://github.com/btcpayserver/btcpayserver/releases/tag/v2.0.2
If your setup relies on these functionalities, we strongly recommend immediately updating your Nostr plugin to the latest version and BTCPay Server to 2.0.2 to mitigate this issue.
Please note that regular users operating LND or CLN nodes were not impacted on all versions.
If you run BTCPay Server 1.x and you use pull payments with NwC (Nostr wallet Connect) - please update to BTCPay Server 2.0.2 and update the Nostr Plugin.
If you opted into BTCPay Server 2.0 and are using blinkbtc plugin with pull payment - please update to BTCPay Server 2.0.2.
Our thanks to itstomek petzsch leinert for responsibly disclosing and alerting us of this issue.