Zebra 6.0.0-rc.0: NU6.3 “Ironwood” Assist and Safety Fixes
We’re happy to announce the discharge of Zebra 6.0.0-rc.0. This launch candidate provides Testnet help for the NU6.3 “Ironwood” shielded pool and v6 transaction format, fixes two moderate-severity safety points, ships signed pre-built zebrad binaries for Linux, and features a state database format improve. All node operators are inspired to check it on Testnet forward of the ultimate 6.0.0 launch.
Safety Advisories
GHSA-x6v8-c2xp-928m: getblock Verbosity 2 Aspect-Chain Panic (Reasonable)
The getblock RPC at verbosity 2 panicked for blocks not on the very best chain: their transactions’ confirmations are detrimental and have been solid to an unsigned kind, crashing the node. The repair modifications the confirmations area to a signed kind, matching zcashd and the remainder of Zebra’s codebase.
Due to Taylor Hornby for reporting this situation.
GHSA-m9xx-8rcj-vmgp: Per-Peer Mempool Admission Cap Bypass (Reasonable)
Zebra caps concurrent inbound mempool admissions per peer, however the cap solely utilized to marketed transaction IDs. Instantly pushed transactions (tx messages) bypassed it, letting a single inbound peer occupy greater than its share of obtain slots by pushing full transactions as an alternative of promoting them. This launch routes instantly pushed transactions by the identical per-peer admission accounting. It’s the direct-push counterpart to the advertisement-path repair shipped in GHSA-4fc2-h7jh-287c.
Due to SuplabsYi of Invariant Labs for reporting this situation.
New Options
NU6.3 “Ironwood” Assist (Testnet)
Zebra now helps the NU6.3 “Ironwood” shielded pool and the v6 transaction format, activating on Testnet at peak 4,134,000. The consensus parameters: v6 model group ID, consensus department ID, and Testnet activation peak, match zcash_protocol. No Mainnet activation peak is about but. The z_gettreestate, z_getsubtreesbyindex, and verbose getblock RPCs expose the Ironwood be aware dedication tree and its subtree roots from NU6.3 activation. (#10762, #10888)
Coinbase Marker for Zebra-Mined Blocks
Zebra now tags the coinbase enter of each block it mines with a 🦓. Because of this, the mining.extra_coinbase_data choice is now restricted to 86 bytes (beforehand 94); Zebra refuses to start out if the configured worth exceeds this. (#10836)
Pre-Constructed, Signed zebrad Binaries
Pre-built zebrad binaries at the moment are connected to every GitHub launch for Linux on x86_64 and aarch64, so operators can run a node with out Docker or a supply construct. Binaries are additionally installable with cargo binstall zebrad. Every .tar.gz carries a SHA-256 checksum, a Sigstore build-provenance attestation, and a Cosign signature over the checksum manifest. (#10799)
Block Notify Command
A brand new [notify] block_notify_command choice runs a command on every best-chain-tip change, with %s changed by the brand new block hash: Zebra’s equal of zcashd‘s –blocknotify. (#10726)
Resumable Indexer Streaming
When the indexer RPC is enabled, a co-located read-state shopper can now comply with the node extra effectively: the non-finalized block subscription resumes from the buyer’s recognized chain ideas as an alternative of re-streaming the entire non-finalized state, and a brand new GetBlock indexer technique lets the buyer fetch blocks it’s lacking whereas its finalized state catches up. A brand new zebra-state learn request, ReadRequest::FindForkPoint, returns the newest block in a caller-supplied locator that’s on the very best chain, the fork level, for shoppers monitoring chain reorganizations by a read-only state service. (#10776)
Regtest Coinbase Spend Restrictions
A brand new Regtest configuration choice, should_allow_unshielded_coinbase_spends, forbids spending coinbase outputs into clear outputs: the inverse of zcashd‘s –regtestshieldcoinbase. It defaults to permitting such spends, preserving present Regtest habits. (#10698)
Bug Fixes
Sync Stall Close to the Chain Tip
A timeout ready for a clear enter UTXO throughout transaction verification is now handled as a lacking enter relatively than an inside error, stopping a sync stall close to the chain tip. (#10810)
getblocktemplate Coinbase Caching
getblocktemplate now caches the constructed coinbase transaction per block, so repeated short-poll requests inside the similar block not rebuild it. This prevents CPU saturation and multi-second template latency when mining to a shielded tackle. (#10847)
Indexer Syncer Subscription Churn
The co-located read-state syncer (utilized by indexers like Zaino) not drops and re-creates its non-finalized block subscription each second whereas its view of the finalized state lags the node’s. (#10818)
invalidateblock / reconsiderblock Edge Circumstances
Fastened edge instances in invalidateblock and reconsiderblock (chain-root and same-height sibling-tip invalidation, and repeated reconsideration) that would trigger a panic. (#10586)
Modified
State Database Format Improve to twenty-eight.0.0
The state database format is bumped to 28.0.0 for the NU6.3 “Ironwood” shielded pool. This can be a major-version bump that’s restorable in place from the earlier main format (no resync required): an in-place migration backfills the genesis Ironwood be aware dedication tree and anchor, creates 4 new (initially empty) ironwood_* column households, and widens the chain worth pool file to incorporate the Ironwood pool. The getblockchaininfo and getblock valuePools now embody the ironwood pool, which will probably be at zero till NU6.3 prompts.
Different Adjustments
- Upgraded the
librustzcashcrate cohort to the NU6.3 pre-release wave for V6 transactions and Ironwood help. (#10762) - Bumped
anyhowto 1.0.103, clearing RUSTSEC-2026-0190. (#10849) - Opening a Zebra state read-only now fails with a transparent error as an alternative of panicking when the cache listing is lacking or unreadable, when no database exists on the configured path, or when an ephemeral database can also be configured. The read-write open path is unchanged.
Different Safety Enhancements
- Zebra’s launch Docker pictures at the moment are reproducible: an unbiased rebuild of a broadcast
zebradfrom the identical commit produces the identical binary. The Rust toolchain and the Rust and Debian base pictures are pinned by actual model and digest, and construct paths and file timestamps are normalized. Launch pictures are additionally constructed with out the shared construct cache, so a broadcast picture can’t inherit a layer from a lower-trust construct. (#10798) - Launch Docker pictures are signed and carry construct provenance and a signed SBOM, so anybody can affirm a picture got here from Zebra’s CI with
cosign confirmorgh attestation confirm. (#10798) - Zebra now makes use of a constant-time comparability for RPC cookie authentication. (#10567)
- Launched
zebradbinaries report their supply commit inzebrad model. (#10798)
Upgrading
This can be a launch candidate meant for Testnet testing forward of the ultimate 6.0.0 launch. The state database format improve to twenty-eight.0.0 migrates in place, so no resync is required. You could find the discharge on GitHub, crates.io, and Docker Hub.
Thank You to Our Contributors
This launch was made potential by the work of @andres-pcg, @arya, @conradoplg, @dannywillems, @emersonian, @gustavovalverde, @nuttycom, @oxarbitrage, @syszery, @upbqdn, and @zmanian. Thanks in your continued contributions to Zebra.
Zebra is the Zcash Basis’s unbiased, Rust-based implementation of the Zcash protocol. Study extra at github.com/ZcashFoundation/zebra.
