According to engineer Conner Fromknecht on the Lightning Network developer channel Thursday, a flaw in LND versions 0.10.x and below has been disclosed to the Lightning Labs team. In light of the disclosure, the company advises node operators to update as soon as possible to versions 0.11.0 or higher.
No known exploits of the vulnerability have been discovered, but factors surrounding the discovery have resulted in a compressed timeline of the disclosure.
With a thorough publication of the results promised on Oct. 20, the vulnerability was “partly revealed.”
On Oct. 1, Lightning Labs, one of three major Lightning Network implementations, launched its newest v0.11.1-beta.
Lightning Labs did not respond to a request for comment immediately.