TechFlow reports that on May 2, the Zcash Foundation officially released Zebra version 4.4.0. This update fixes multiple critical consensus-level security vulnerabilities and strongly recommends that all node operators upgrade immediately. The vulnerabilities include a denial-of-service flaw that could permanently halt the discovery of new blocks; a signature operation (sigop) counting error in block signing that triggers consensus divergence; abnormal handling of transparent transaction signature hashes; and a memory allocation amplification attack risk.
The Zcash Foundation stated that some of these vulnerabilities could cause Zebra nodes to accept blocks rejected by zcashd, potentially leading to chain forks. Without timely upgrades, nodes risk interrupted block discovery, consensus forks, and amplified resource consumption. No alternative mitigation measures are currently available.
