Disclosure of Replay Attack Vulnerability in Signed References
Summary
Radicle discloses a replay attack vulnerability in its Signed References, outlines the mitigation introduced in versions 1.7.0–1.8.0, and discusses how feature levels and internal refs improve security while preserving backward compatibility. The post also describes a network scanner, findings, and recommended actions for users and seed operators.