Security Releases

There may be instances where urgent security fixes need to be rolled out before publicly announcing it's presence (issues affecting liveness, invariants such as IOTA supply, governance, etc.). In order to not be actively exploited the IOTA Foundation will release signed security binaries incorporating such fixes with a delay in publishing the source code until a large percent of our validators have patched the vulnerability.

This release process will be different and we expect to announce the directory for such binaries out of band.

You can download all the necessary signed binaries and docker artifacts incorporating the security fixes by using the download_private.sh

Usage ./download_private.sh <directory-name>

You can also download and verify specific binaries that may not be included by the above script using the download_and_verify_private_binary.sh script.

Usage: ./download_and_verify_private_binary.sh <directory-name> <binary-name>