alessio/lavender.txt

## lavender.txt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Subject: Cosmos Mainnet Security Advisory Lavender

Dear partners,

All In Bits Inc. (dba Tendermint Inc.), All In Bits GmbH, Informal Systems Inc., and
Interchain GmbH have been working closely together on the release of patches that
address security vulnerabilities affecting Tendermint's several release series.

We intend to release these patches at 14:00 UTC on Thursday, April 9th. Simultaneously,
new versions of Cosmos-Sdk and Gaia, the application that powers the Cosmos Hub, will
be simultaneously released.

The patches will be released with Tendermint 0.32.10 and 0.33.3, Cosmos SDK 0.37.9 and
0.38.3, and Gaia 2.0.8. We do not plan to release patches for earlier release series of
the aforementioned products, therefore it is highly recommended to upgrade your software
to any of the series that will receive the security update.

More in-depth information regarding the security vulnerabilities addressed by such
releases will be submitted to the public in due course. Meanwhile, it is highly recommended
to carry out all preparatory actions to be ready to upgrade your nodes and client software.

For more detailed information please refer to this announcement: [1]

Do not hesitate to reach out and ask questions, should you have any.

    - AT

[1] https://forum.cosmos.network/t/cosmos-mainnet-security-advisory-lavender/3511

- --
Alessio Treglia <alessio@tendermint.com>
Head of EMEA Partnerships
0416 0004 A827 6E40 BB98 90FB E8A4 8AE5 311D 765A

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBBYABKgnbkC7mJD76KSK5TEddloFAl6N2nQACgkQ6KSK5TEd
dlqrhQ//bIh4alo/cTzmYNyMSpxFRTqvVgv8dR7mGZ+0/xlBctP4+s/0uzOG69ao
3AeIK7z8uzNVsPfIsiTX7alm45M3GOABz4mD4SPGQXomSaxX7GO/3/YAaCfqgWrn
NsTsZJFICewK2MXe31kV8gu7jJwa+PUACP5fo62p7eDie86cXTAuVVauUm6SjzuR
quAt9kqKWKIA+LBdVhKKwy6ieuGmEPglM3s04pfgP+yOjgJe3SBaMu7RJ+GqrrS2
qhI25vYtsu9biTUDoOHeVIWIR9/sPZkeEKSRBjbRH/PzPyIrDP/qruyoB06LtczB
XVZnP0c6XQEi+dBwg+1+8U/UnietsJTfX02ddWV34Ptk9mgsZ55QwyxyDMZQgGEH
/FcIiSPIuJhhCLh3ztlgSnf3nfMTlx0A0cdTDmOsHj81YntKe3qL/+imDhBZNKh5
pQwLp1GhGiqiSWORBR8rWdBnh8dsxUSrtv3oaueV/tidUzVzlByxdxCdW7i2nZMW
uGc3CkIDtz8Uv1ASC2jeflPm82oPEq0O/sxiiEipNAbdCkExkugD8Wo13wJP6vDb
Vom6E2sh5aQyumf5D3W6qlEOrAH3Unjsb/l6taPttyOkmB1+wNbOz3WHtT82UcI4
33BTqsiDM4J5Jj9OhJiyXPqhjZQHn1uw3BOKNXEReGzJ5KpgffE=
=PiIe
-----END PGP SIGNATURE-----
	-----BEGIN PGP SIGNED MESSAGE-----
	Hash: SHA512

	Subject: Cosmos Mainnet Security Advisory Lavender

	Dear partners,

	All In Bits Inc. (dba Tendermint Inc.), All In Bits GmbH, Informal Systems Inc., and
	Interchain GmbH have been working closely together on the release of patches that
	address security vulnerabilities affecting Tendermint's several release series.

	We intend to release these patches at 14:00 UTC on Thursday, April 9th. Simultaneously,
	new versions of Cosmos-Sdk and Gaia, the application that powers the Cosmos Hub, will
	be simultaneously released.

	The patches will be released with Tendermint 0.32.10 and 0.33.3, Cosmos SDK 0.37.9 and
	0.38.3, and Gaia 2.0.8. We do not plan to release patches for earlier release series of
	the aforementioned products, therefore it is highly recommended to upgrade your software
	to any of the series that will receive the security update.

	More in-depth information regarding the security vulnerabilities addressed by such
	releases will be submitted to the public in due course. Meanwhile, it is highly recommended
	to carry out all preparatory actions to be ready to upgrade your nodes and client software.

	For more detailed information please refer to this announcement: [1]

	Do not hesitate to reach out and ask questions, should you have any.

	- AT

	[1] https://forum.cosmos.network/t/cosmos-mainnet-security-advisory-lavender/3511

	- --
	Alessio Treglia <alessio@tendermint.com>
	Head of EMEA Partnerships
	0416 0004 A827 6E40 BB98 90FB E8A4 8AE5 311D 765A

	-----BEGIN PGP SIGNATURE-----

	iQIzBAEBCgAdFiEEBBYABKgnbkC7mJD76KSK5TEddloFAl6N2nQACgkQ6KSK5TEd
	dlqrhQ//bIh4alo/cTzmYNyMSpxFRTqvVgv8dR7mGZ+0/xlBctP4+s/0uzOG69ao
	3AeIK7z8uzNVsPfIsiTX7alm45M3GOABz4mD4SPGQXomSaxX7GO/3/YAaCfqgWrn
	NsTsZJFICewK2MXe31kV8gu7jJwa+PUACP5fo62p7eDie86cXTAuVVauUm6SjzuR
	quAt9kqKWKIA+LBdVhKKwy6ieuGmEPglM3s04pfgP+yOjgJe3SBaMu7RJ+GqrrS2
	qhI25vYtsu9biTUDoOHeVIWIR9/sPZkeEKSRBjbRH/PzPyIrDP/qruyoB06LtczB
	XVZnP0c6XQEi+dBwg+1+8U/UnietsJTfX02ddWV34Ptk9mgsZ55QwyxyDMZQgGEH
	/FcIiSPIuJhhCLh3ztlgSnf3nfMTlx0A0cdTDmOsHj81YntKe3qL/+imDhBZNKh5
	pQwLp1GhGiqiSWORBR8rWdBnh8dsxUSrtv3oaueV/tidUzVzlByxdxCdW7i2nZMW
	uGc3CkIDtz8Uv1ASC2jeflPm82oPEq0O/sxiiEipNAbdCkExkugD8Wo13wJP6vDb
	Vom6E2sh5aQyumf5D3W6qlEOrAH3Unjsb/l6taPttyOkmB1+wNbOz3WHtT82UcI4
	33BTqsiDM4J5Jj9OhJiyXPqhjZQHn1uw3BOKNXEReGzJ5KpgffE=
	=PiIe
	-----END PGP SIGNATURE-----