Zebra 6.0.0-rc.0: NU6.3 “Ironwood” Assist and Safety Fixes
We’re happy to announce the discharge of Zebra 6.0.0-rc.0. This launch candidate provides Testnet help for the NU6.3 “Ironwood” shielded pool and v6 transaction format, fixes two moderate-severity safety points, ships signed pre-built zebrad binaries for Linux, and features a state database format improve. All node operators are inspired to check it on Testnet forward of the ultimate 6.0.0 launch.
Safety Advisories
GHSA-x6v8-c2xp-928m: getblock Verbosity 2 Facet-Chain Panic (Reasonable)
The getblock RPC at verbosity 2 panicked for blocks not on the very best chain: their transactions’ confirmations are destructive and had been forged to an unsigned sort, crashing the node. The repair adjustments the confirmations discipline to a signed sort, matching zcashd and the remainder of Zebra’s codebase.
Due to Taylor Hornby for reporting this challenge.
GHSA-m9xx-8rcj-vmgp: Per-Peer Mempool Admission Cap Bypass (Reasonable)
Zebra caps concurrent inbound mempool admissions per peer, however the cap solely utilized to marketed transaction IDs. Instantly pushed transactions (tx messages) bypassed it, letting a single inbound peer occupy greater than its share of obtain slots by pushing full transactions as an alternative of promoting them. This launch routes straight pushed transactions via the identical per-peer admission accounting. It’s the direct-push counterpart to the advertisement-path repair shipped in GHSA-4fc2-h7jh-287c.
Due to SuplabsYi of Invariant Labs for reporting this challenge.
New Options
NU6.3 “Ironwood” Assist (Testnet)
Zebra now helps the NU6.3 “Ironwood” shielded pool and the v6 transaction format, activating on Testnet at top 4,134,000. The consensus parameters: v6 model group ID, consensus department ID, and Testnet activation top, match zcash_protocol. No Mainnet activation top is ready but. The z_gettreestate, z_getsubtreesbyindex, and verbose getblock RPCs expose the Ironwood observe dedication tree and its subtree roots from NU6.3 activation. (#10762, #10888)
Coinbase Marker for Zebra-Mined Blocks
Zebra now tags the coinbase enter of each block it mines with a 🦓. Because of this, the mining.extra_coinbase_data possibility is now restricted to 86 bytes (beforehand 94); Zebra refuses to start out if the configured worth exceeds this. (#10836)
Pre-Constructed, Signed zebrad Binaries
Pre-built zebrad binaries at the moment are hooked up to every GitHub launch for Linux on x86_64 and aarch64, so operators can run a node with out Docker or a supply construct. Binaries are additionally installable with cargo binstall zebrad. Every .tar.gz carries a SHA-256 checksum, a Sigstore build-provenance attestation, and a Cosign signature over the checksum manifest. (#10799)
Block Notify Command
A brand new [notify] block_notify_command possibility runs a command on every best-chain-tip change, with %s changed by the brand new block hash: Zebra’s equal of zcashd‘s –blocknotify. (#10726)
Resumable Indexer Streaming
When the indexer RPC is enabled, a co-located read-state shopper can now observe the node extra effectively: the non-finalized block subscription resumes from the patron’s identified chain suggestions as an alternative of re-streaming the entire non-finalized state, and a brand new GetBlock indexer methodology lets the patron fetch blocks it’s lacking whereas its finalized state catches up. A brand new zebra-state learn request, ReadRequest::FindForkPoint, returns the newest block in a caller-supplied locator that’s on the very best chain, the fork level, for purchasers monitoring chain reorganizations via a read-only state service. (#10776)
Regtest Coinbase Spend Restrictions
A brand new Regtest configuration possibility, should_allow_unshielded_coinbase_spends, forbids spending coinbase outputs into clear outputs: the inverse of zcashd‘s –regtestshieldcoinbase. It defaults to permitting such spends, preserving current Regtest habits. (#10698)
Bug Fixes
Sync Stall Close to the Chain Tip
A timeout ready for a clear enter UTXO throughout transaction verification is now handled as a lacking enter quite than an inside error, stopping a sync stall close to the chain tip. (#10810)
getblocktemplate Coinbase Caching
getblocktemplate now caches the constructed coinbase transaction per block, so repeated short-poll requests inside the similar block now not rebuild it. This prevents CPU saturation and multi-second template latency when mining to a shielded handle. (#10847)
Indexer Syncer Subscription Churn
The co-located read-state syncer (utilized by indexers like Zaino) now not drops and re-creates its non-finalized block subscription each second whereas its view of the finalized state lags the node’s. (#10818)
invalidateblock / reconsiderblock Edge Instances
Mounted edge circumstances in invalidateblock and reconsiderblock (chain-root and same-height sibling-tip invalidation, and repeated reconsideration) that would trigger a panic. (#10586)
Modified
State Database Format Improve to twenty-eight.0.0
The state database format is bumped to 28.0.0 for the NU6.3 “Ironwood” shielded pool. This can be a major-version bump that’s restorable in place from the earlier main format (no resync required): an in-place migration backfills the genesis Ironwood observe dedication tree and anchor, creates 4 new (initially empty) ironwood_* column households, and widens the chain worth pool document to incorporate the Ironwood pool. The getblockchaininfo and getblock valuePools now embody the ironwood pool, which will likely be at zero till NU6.3 prompts.
Different Adjustments
- Upgraded the
librustzcashcrate cohort to the NU6.3 pre-release wave for V6 transactions and Ironwood help. (#10762) - Bumped
anyhowto 1.0.103, clearing RUSTSEC-2026-0190. (#10849) - Opening a Zebra state read-only now fails with a transparent error as an alternative of panicking when the cache listing is lacking or unreadable, when no database exists on the configured path, or when an ephemeral database can be configured. The read-write open path is unchanged.
Different Safety Enhancements
- Zebra’s launch Docker pictures at the moment are reproducible: an impartial rebuild of a broadcast
zebradfrom the identical commit produces the identical binary. The Rust toolchain and the Rust and Debian base pictures are pinned by actual model and digest, and construct paths and file timestamps are normalized. Launch pictures are additionally constructed with out the shared construct cache, so a broadcast picture can not inherit a layer from a lower-trust construct. (#10798) - Launch Docker pictures are signed and carry construct provenance and a signed SBOM, so anybody can verify a picture got here from Zebra’s CI with
cosign confirmorgh attestation confirm. (#10798) - Zebra now makes use of a constant-time comparability for RPC cookie authentication. (#10567)
- Launched
zebradbinaries report their supply commit inzebrad model. (#10798)
Upgrading
This can be a launch candidate supposed for Testnet testing forward of the ultimate 6.0.0 launch. The state database format improve to twenty-eight.0.0 migrates in place, so no resync is required. Yow will discover the discharge on GitHub, crates.io, and Docker Hub.
Thank You to Our Contributors
This launch was made attainable by the work of @andres-pcg, @arya, @conradoplg, @dannywillems, @emersonian, @gustavovalverde, @nuttycom, @oxarbitrage, @syszery, @upbqdn, and @zmanian. Thanks to your continued contributions to Zebra.
Zebra is the Zcash Basis’s impartial, Rust-based implementation of the Zcash protocol. Be taught extra at github.com/ZcashFoundation/zebra.
