15 Jun 2025 [mining]

P2Pool v4.8 released with security fixes

SChernykh1 has released P2Pool2 version 4.83 with important security fixes, new features, and various other bugfixes:

A number of security issues were found and fixed in the console commands code. It is recommended to update to v4.8. [..] Special thanks to Low-power4 for contributions to this release.

Changes overview

* Console: limit access via local TCP port
* Console: don't listen on a local TCP port when local API is not enabled
* Console: don't let random unformatted data end up in the log
* Added --stratum-ban-time option
* Tari: added "block push via gRPC" functionality
* TCPServer: fixed SOCKS5 error checking logic
* Fixed host ping time calculation when using SOCKS5 proxy

The full list of changes since v4.7 is available on Github5.

Before using the software, you should verify the SHA256 sums with SChernykh’s GPG key6.

The README7 has valuable information about features, defaults, how pool shares work, build instructions and a short mining guide. If you need assistance, read the FAQ8 and join the project’s IRC channels9.

Note that it is strongly recommended to synchronize your system clock before you start mining.

This is an ongoing story and the report will be updated when new information is available.

  1. https://github.com/SChernykh/ 

  2. https://p2pool.io/ 

  3. https://github.com/SChernykh/p2pool/releases/tag/v4.8 

  4. https://github.com/SChernykh/p2pool/commits?author=Low-power 

  5. https://github.com/SChernykh/p2pool/compare/v4.7…v4.8 

  6. https://p2pool.io/SChernykh.asc, https://github.com/monero-project/gitian.sigs/blob/master/gitian-pubkeys/SChernykh.asc 

  7. https://github.com/SChernykh/p2pool/blob/master/README.md 

  8. https://p2pool.io/#faq 

  9. #monero-pools, #p2pool-log, #p2pool-mini (IRC-Libera)