Conversation
…ersion code:18634 (#6508)
…,version code:18636 (#6542)
* fix(config): remove redundant JSON-RPC config fields and consolidate parameter binding Remove maxBlockFilterNum, maxAddressSize, and maxRequestTimeout from NodeConfig/CommonParameter since they were superseded by the jsonRpcMaxBatchSize/jsonRpcMaxResponseSize parameters. Consolidate the config binding path so all JSON-RPC size limits flow through a single reference.conf entry, and clean up stale test-config fixtures. * fix bug of NodeConfigTest * remove allowShieldedTransactionApi from reference.conf * add testcase of external.ip is null * change comment * fix the bug of --es and 7 failed testcases
) Pre-3.0.0(The previous event-plugin public release is 2.2.0) event-plugin builds still link against com.alibaba.fastjson, which was removed from java-tron in #6701. When such a plugin is loaded, the NoClassDefFoundError surfaces inside the plugin's own worker thread and is swallowed by its catch(Throwable) handler. The node keeps running while silently dropping every trigger, leaving operators with no signal that the event subscription is broken. Enforce a minimum Plugin-Version at startup in EventPluginLoader.startPlugin using pf4j's VersionManager (semver). When the descriptor version is below 3.0.0, log a clear upgrade hint and return false; the existing call chain in Manager.startEventSubscribing wraps that into TronError(EVENT_SUBSCRIBE_INIT) and aborts node startup instead of silently degrading.
…rs (#6761) - Add `rate.limiter.apiNonBlocking` switch (default false). When off, callers wait for a permit; when on, they reject immediately and shed load. - Wire the switch through `RateLimiterConfig` → `Args` → `CommonParameter`; update `reference.conf` / `config.conf`. - Add blocking `acquire()` paths on `IRateLimiter`, `GlobalRateLimiter`, and `QpsStrategy` / `IPQpsStrategy` / `GlobalPreemptibleStrategy`. Only the semaphore-based strategy is bounded (2s); the QPS-based paths use unbounded Guava `RateLimiter.acquire()`. - Introduce `acquirePermit()` dispatcher (default method on `IRateLimiter`; static on `GlobalRateLimiter`) that picks blocking vs non-blocking based on the switch. - Swap `tryAcquire` → `acquirePermit` at the `RateLimiterServlet` and `RateLimiterInterceptor` call sites; preserve per-endpoint-before-global ordering to avoid consuming global quota on per-endpoint rejection. - Extract `loadIpLimiter()` in `GlobalRateLimiter` and `loadLimiter()` in `IPQpsStrategy` to share cache+exception handling between `tryAcquire` and `acquire`. - Add unit tests covering dispatcher routing (both directions), acquire IP-before-global ordering, and IP-loader-failure fail-closed behaviour.
) - P2pEventHandlerImpl.processException's switch did not include the BLOCK_MERKLE_ERROR type introduced by PR #6716. The new type fell through to the default branch, so peers whose blocks failed merkle root validation were disconnected with ReasonCode.UNKNOWN instead of BAD_BLOCK, missing the bad-peer ban window in PeerConnection.processDisconnect. - Add the case alongside BAD_BLOCK and BLOCK_SIGN_INVALID so the disconnect reason is reported as BAD_BLOCK end-to-end. - Rename the two enum constants for naming consistency: BLOCK_SIGN_ERROR -> BLOCK_SIGN_INVALID, BLOCK_MERKLE_ERROR -> BLOCK_MERKLE_INVALID, and reword their descriptions to 'sign failed' / 'merkle failed' to match the imperative style used by the other nearby enum entries. All call sites updated. - Add two regression tests in P2pEventHandlerImplTest: one pins BLOCK_MERKLE_INVALID -> BAD_BLOCK (the actual fix); the other pins BLOCK_SIGN_INVALID -> BAD_BLOCK so a future switch refactor cannot silently drop either back to UNKNOWN.
- Manager.switchFork now re-validates each replayed block's witness signature before applying. The witness account's permission can change between forks (via permission-update transactions), so a signature that was valid on the original chain may no longer be valid on the replay path. - Use `if (!validateSignature(...)) throw new ValidateSignatureException` rather than discarding the boolean return: validateSignature only throws on malformed signature bytes; an attacker-supplied valid-format signature with a wrong-signer address returns false. Discarding the return would let that attack through. - The existing switchFork catch list already includes ValidateSignatureException, so the new throw is wired into the existing switchback path with no additional handling. - Add three BlockCapsule.validateSignature contract tests pinning the two failure modes the fix relies on: signer-mismatch returns false, signer-match returns true, and a 65-byte malformed signature throws ValidateSignatureException.
…6796) Initialize multiAddresses from ownerAddressSet so that getVerifyTxs still forces re-verification of an owner's later txs even after the owner's permission-change tx has been packed and is no longer present in pendingTransactions. Main changes: - Manager.getVerifyTxs: seed multiAddresses with ownerAddressSet to cover the case where a permission-change tx has been consumed but ownerAddressSet still retains the owner (kept alive by in-flight txs in pushTransactionQueue / rePushTransactions via filterOwnerAddress). - ManagerTest: add getVerifyTxsSkipsBlockWhenPermissionTxAlreadyConsumed reproducing the bypass — pending contains only B (transfer, old sig, isVerified=true), ownerAddressSet contains the owner, block contains only B without the permission-change tx. Assertion checks B is placed in the re-verify list instead of being short-circuited via setVerified.
* fix(vm): canonicalize ModExp zero modulus output (TIP-871) * func(vm): remove account name for history block hash contract * test(db): align BlockHashHistory account name assertion
* feat(net): normalize inbound messages * perf(net): skip wire-byte rewrite when sanitize is a no-op
New workflows: - pr-build.yml: multi-OS build matrix (macOS, Ubuntu, RockyLinux, Debian11) and changed-line/overall coverage gate - pr-check.yml: PR title/body lint + Checkstyle - pr-reviewer.yml: scope-based reviewer auto-assignment - pr-cancel.yml: cancel in-progress runs when PR is closed unmerged - system-test.yml: spin up FullNode and run the system-test suite Existing workflows: - codeql.yml: bump to v4/v5 actions, switch to manual build-mode with JDK 8, add paths-ignore for docs-only changes - math-check.yml: bump checkout/upload-artifact/github-script versions
* feat(vm): check CREATE2 max depth under Osaka * feat(vm): clear residual logs on exception escape paths under Osaka Mirror the in-try failure path: failed txs must not leak event logs into TransactionInfo/Bloom. Gated on Osaka to preserve replay.
… triggers (#6833) On a chain reorg, BlockLogTrigger/TransactionLogTrigger subscribers previously never learned that an orphaned block's events were rolled back. Add the same "removed" semantics already used by ContractTrigger. - add a `removed` field to BlockLogTrigger/TransactionLogTrigger and the matching setRemoved() on their capsules - Manager (event version 0): refactor postBlockTrigger to emit a single real-time block (with removed), move the solidified-mode batch into postSolidityTrigger, add reOrgBlockTrigger to re-emit erased blocks with removed=true, rename reApplyLogsFilter to reApplyBlockEvents and re-emit the re-applied fork branch's block/tx triggers (forward), thread removed through processTransactionTrigger/postTransactionTrigger - RealtimeEventService (event version 1): post block/tx triggers synchronously to the plugin with the removed flag instead of the async triggerCapsuleQueue, avoiding overwrite of the shared cached capsule; drop the unused manager field - tests: capsule removed passthrough, version-0 emit (testReOrgBlockTriggerRemoved), rewritten RealtimeEventServiceTest, updated ManagerTest stub
Improve the hand-rolled JsonFormat parser used by HTTP wallet APIs so field-heavy and deeply nested JSON no longer overflows the request thread stack. mergeField now consumes one field per call and leaves comma iteration to the caller. JsonFormat also enforces Constant.MAX_NESTING_DEPTH for object/array descent and returns ParseException instead of allowing StackOverflowError to escape. Compatibility notes: direct JsonFormat.merge callers now reject nesting beyond 100 levels; trailing commas on known-field parse paths (top-level fields, known message fields, and known repeated fields) may be accepted, while trailing commas inside unknown nested object/array fields remain rejected; malicious deep-nesting requests now surface as parse errors instead of container-level HTTP 500s.
* fix(jsonrpc): enforce maxBlockRange on eth_getFilterLogs * style(jsonrpc): fix styles and comments
…#6851) Validate the inventory type at the inbound entry points and reject any value other than TRX or BLOCK with P2pException(BAD_MESSAGE), before the type is used for cache insertion or outbound fetch construction: - P2pEventHandlerImpl.checkInvRateLimit: add else branch for unknown type - InventoryMsgHandler.check: add type allowlist check - FetchInvDataMsgHandler.check: validate raw getInventoryType() instead of getInvMessageType() (which mapped non-BLOCK types to TRX) Use getTypeValue() when building the error message to avoid calling getNumber() on an UNRECOGNIZED enum value. Add regression tests for all three entry points. Co-authored-by: wb <wb@wbdeMacBook-Air.local>
#6857) * fix(vm): self-dispatch vote-witness cost by proposal flag getVoteWitnessCost3 falls back to cost2 when Osaka is off, and cost2 to the legacy cost when energy adjustment is off. The energy then stays correct even if a stale cost function lingers in the shared jump table after a reorg, or is read by a constant call whose view has the proposal off. * fix(vm): isolate constant-call config view to prevent global pollution Constant calls bound to a lagging solidity/PBFT snapshot loaded their flags into the process-global VMConfig, racing block processing during a proposal's activation-to-solidification window and risking a fork. Route a constant call's config into a thread-local snapshot; the block/broadcast path keeps writing (and reading) the global.
1. Treat known protobuf fields with literal null as absent so HTTP APIs recover the 4.8.1 fastjson-compatible behavior for null object fields. 2. This relaxes JSON-RPC buildTransaction ABI handling because that path now accepts null ABI fields instead of returning invalid abi. 3. TRON's JsonFormat now aligns more closely with protobuf Java JsonFormat: field-level null is treated as absent, while null elements inside repeated arrays remain invalid.
The switchFork new-branch apply loop only re-validated each block's witness signature; the transactions inside were applied through the isVerified cache. That flag caches a signature-verification result computed against a specific account-permission state, but a fork switch re-applies blocks on a rewound, diverged chain state where those permissions may have changed. Trusting the stale flag lets a transaction skip verification and be accepted with a signature no longer valid under the fork-chain state. - Manager.switchFork: clear isVerified on every transaction of each block on the branch being switched to, before applyBlock, forcing full signature re-validation against the fork-chain state. The switch-back path (original main branch) is left untouched: it reproduces the exact original state, so its cached verifications stay valid and resetting them would only cost perf. - ManagerTest: add switchForkShouldResetTransactionSignVerifiedOnNewBranch, which drives a real reorg and asserts the new branch's transaction gets its cached verification flag cleared (fails without the fix).
chore(release): record master merge into release_v4.8.2
feat(version): merge release_v4.8.2 into master
…54,version code:18817
….1-173-gaced0d5654 feat(version): update a new version. version name:GreatVoyage-v4.8.1.1
kuny0707
approved these changes
Jul 15, 2026
halibobo1205
approved these changes
Jul 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merge the latest master branch into develop to keep development aligned with released fixes and shared infrastructure changes.