This release contains a lot of preparatory work for important (and complex) lightning features: dual-funding, splicing and Bolt 12 offers. These features are now fully implemented in eclair, but we're waiting for the specification work to be finalized and other implementations to be ready for cross-compatibility tests. You should only activate them if you know what you're doing, and are ready to handle potential backwards-incompatible changes! We also make plugins more powerful, introduce mitigations against various types of DoS, and improve performance in many areas of the codebase.

Eclair is now up-to-date with the latest state of the dual funding specification. We contributed many improvements to the specification as we implemented this feature. This feature is disabled by default, because the specification may not be final yet.

Eclair now supports a custom prototype for splicing. This prototype differs from the current proposal: we've found multiple improvements that will be added to the specification. We are actively working with other implementations to be able to release this important feature in a future version of eclair.

The database model has been completely reworked to handle splices. Mainly, a channel can have several commitments in parallel. Node operators that use Postgres as database backend and make SQL queries on channels' JSON content should reset the JSON column:

1. Set eclair.db.postgres.reset-json-columns = true before restarting eclair
2. Once restarted, set eclair.db.postgres.reset-json-columns = false (no need to restart again)

We continued working on Bolt 12 support, and made a lot of updates to this experimental feature.

$ ./eclair-cli payoffer --offer=<offer-to-pay> --amountMsat=<amountToPay>

If the offer supports it, you can also specify --quantity to buy more than one at a time. All the parameters from payinvoice are also supported.

Eclair will request an invoice and pay it (assuming it matches our request) without further interaction.

Offers are still experimental and some details could still change before they are widely supported.

To be able to receive payments for offers, you will need to use a plugin. The plugin needs to create the offer and register a handler that will accept or reject the invoice requests and the payments. Eclair will check that these satisfy all the protocol requirements and the handler only needs to consider whether the item on offer can be delivered or not.

Invoices generated for offers are not stored in the database to prevent a DoS vector. Instead, all the relevant data (offer id, preimage, amount, quantity, creation date and payer id) is included in the blinded route that will be used for payment. The handler can also add its own data. All this data is signed and encrypted so that it can not be read or forged by the payer.

• audit now accepts --count and --skip parameters to limit the number of retrieved items (#2474, #2487)
• sendtoroute removes the --trampolineNodes argument and implicitly uses a single trampoline hop (#2480)
• sendtoroute now accept --maxFeeMsat to specify an upper bound of fees (#2626)
• payinvoice always returns the payment result when used with --blocking, even when using MPP (#2525)
• node returns high-level information about a remote node (#2568)
• channel-created is a new websocket event that is published when a channel's funding transaction has been broadcast (#2567)
• channel-opened websocket event was updated to contain the final channel_id and be published when a channel is ready to process payments (#2567)
• getsentinfo can now be used with --offer to list payments sent to a specific offer.
• listreceivedpayments lists payments received by your node (#2607)
• closedchannels lists closed channels. It accepts --count and --skip parameters to limit the number of retrieved items as well (#2642)
• cpfpbumpfees can be used to unblock chains of unconfirmed transactions by creating a child transaction that pays a high fee (#1783)

If some utxos are locked when eclair starts, it is likely because eclair was previously stopped in the middle of funding a transaction. While this doesn't create any risk of loss of funds, these utxos will stay locked for no good reason and won't be used to fund future transactions. Eclair offers three strategies to handle that scenario, that node operators can configure by setting eclair.bitcoind.startup-locked-utxos-behavior in their eclair.conf:

• stop: eclair won't start until the corresponding utxos are unlocked by the node operator
• unlock: eclair will automatically unlock the corresponding utxos
• ignore: eclair will leave these utxos locked and start

Eclair now supports plugins that intercept channel open requests and decide whether to accept or reject them. This is useful for example to enforce custom policies on who can open channels with you.

An example plugin that demonstrates this functionality can be found in the eclair-plugins repository.

We have added parameters to eclair.conf to allow nodes to manage the number of channel open requests from peers that are pending on-chain confirmation. A limit exists for each public peer node individually and for all private peer nodes in aggregate.

The new configuration options and defaults are as follows:

// a list of public keys; we will ignore limits on pending channels from these peers
eclair.channel.channel-open-limits.channel-opener-whitelist = [] 

// maximum number of pending channels we will accept from a given peer
eclair.channel.channel-open-limits.max-pending-channels-per-peer = 3 

// maximum number of pending channels we will accept from all private nodes
eclair.channel.channel-open-limits.max-total-pending-channels-private-nodes = 99 

We have added a parameter to eclair.conf to allow nodes to track the number of incoming connections they maintain from peers they do not have existing channels with. Once the limit is reached, Eclair will disconnect from the oldest tracked peers first.

Outgoing connections and peers on the sync-whitelist are exempt from and do not count towards the limit.

The new configuration option and default is as follows:

// maximum number of incoming connections from peers that do not have any channels with us
eclair.peer-connection.max-no-channels = 250 

We removed the eclair.channel.max-funding-satoshis configuration field. If node operators wish to limit the size of channels opened to them, there are two options.

The first option is to disable large channels support by adding the following line to eclair.conf:

eclair.features.option_support_large_channel = disabled

But that option won't limit the number of inbound channels, so it isn't a guarantee that the node will "stay small".

The second option is to leverage the new plugin support for channel open interception: node operators can reject channel open requests based on any metric that they see fit.

You will need gpg and our release signing key 7A73FE77DE2C4027. Note that you can get it:

• from our website: https://acinq.co/pgp/drouinf.asc
• from github user @sstone, a committer on eclair: https://api.github.com/users/sstone/gpg_keys

To import our signing key:

$ gpg --import drouinf.asc

To verify the release file checksums and signatures:

$ gpg -d SHA256SUMS.asc > SHA256SUMS.stripped
$ sha256sum -c SHA256SUMS.stripped

Eclair builds are deterministic. To reproduce our builds, please use the following environment (*):

• Ubuntu 22.04
• AdoptOpenJDK 11.0.6
• Maven 3.9.2

Use the following command to generate the eclair-node package:

mvn clean install -DskipTests

That should generate eclair-node/target/eclair-node-<version>-XXXXXXX-bin.zip with sha256 checksums that match the one we provide and sign in SHA256SUMS.asc

(*) You may be able to build the exact same artefacts with other operating systems or versions of JDK 11, we have not tried everything.

This release is fully compatible with previous eclair versions. You don't need to close your channels, just stop eclair, upgrade and restart.

• cd9ca57 Back to Dev (#2515)
• 3b2eb96 Fix balance histogram (#2516)
• a0b7a49 Remove compatibility code for waitingSince (#2338)
• 908d87f Switch embedded postgres library used in tests (#2518)
• 2a7649d Add pagination on Audit API (#2487)
• cdedbdf Streamline api extractor names (#2521)
• 683328d Close SQL statements during migrations (#2524)
• 8320964 Improve htlc_maximum_msat in channel updates (#2299)
• 7eb5067 Add mempool eviction tests (#2529)
• ca831df Add a payment recipient abstraction (#2480)
• 04517f8 Update title of v0.8.0 release notes (#2531)
• aa04402 Add anchor outputs zero fee spec test vector (#2400)
• a9146dd Fix flaky tests (#2520)
• 74719b8 Send payments to blinded routes (#2482)
• 83edd8c Allow non segwit outputs in dual funding (#2528)
• b5a2d3a Fix blinded route failure messages (#2490)
• bf08769 Update dependencies (#2537)
• 656812e Commitments clean-up (#2533)
• 5b19e58 Improve payinvoice API response (#2525)
• c2eb357 Add PeerReadyNotifier actor (#2464)
• 7c50528 Improve findRoute ignored channels behavior (#2523)
• 2fdc9fa Remove redundant log messages (#2527)
• d76d0f6 Fix build (#2543)
• 431df1f Update various doc files (#2547)
• f0d12eb Minor refactoring (#2538)
• 33ca262 Add singleton AsyncPaymentTriggerer to monitor when the receiver of an async payment reconnects (#2491)
• 555de6e Move Commitments methods from companion to class (#2539)
• 9aee10a Improve blinded payments e2e tests (#2535)
• 530b3c2 Unlock utxos at startup (#2278)
• f95f087 Updated offers spec (#2386)
• 5967f72 Update to bitcoind 23.1 (#2551)
• 92c27fe Increase blockchain watchdogs connection timeout (#2555)
• c9c5638 Add tlv stream to onion failures (#2455)
• 93ed6e8 Factor funding spent handlers (#2556)
• 06587f9 Wait for tx to be published for zero-conf (#2558)
• 351666d Factor funding tx acceptance (#2557)
• 6b6725e Always lock utxos when funding transactions (#2559)
• 20c9a58 Skip waiting for empty tx_signatures (#2560)
• f02d33d Do not hardcode input index at signature (#2563)
• 4dd4829 Move interactive-tx funding to a dedicated actor (#2561)
• 1d68ccc Make creation of first commit tx more generic (#2564)
• b2bde63 Use case classes for fee providers (#2454)
• 6486449 Add GetNode router API (#2568)
• b21085d Add ChannelOpened event (#2567)
• 303799e Allow keysend payments without a payment secret (#2573)
• 204bc3e Build message inside Postman (#2570)
• c52bb69 Rework data model for splices (#2540)
• 06fcb1f Dual funding latest changes (#2536)
• 9d4f2ba Add replyTo field to Router.GetNode (#2575)
• 8084f3c Properly quote urls in bash scripts (#2580)
• d52e869 Don't send payment secret when using keysend (#2574)
• 1d5af4d Read channel db only once at restart (#2569)
• 9611f9e Improve InteractiveTxBuilder model (#2576)
• e3e1ee5 Refactor commitments and meta-commitments (#2579)
• 28072e8 Select final onchain address when closing (#2565)
• 46999fd Use MetaCommitments as much as possible (#2587)
• 2857994 Equality for TlvStream (#2586)
• 927e1c8 Absolute priority to local channels (#2588)
• f901aea Fix ability for plugins to exchange custom Lightning Messages with other LN nodes (#2495)
• 198fd93 Allow sending message to route that starts with us (#2585)
• f23e2c5 Clarify contribution guidelines around rebasing PRs (#2591)
• 01ec73b Store fundingParams with the sharedTx (#2592)
• a54ae22 Remove unnecessary dust limit hack in interactive-tx (#2594)
• 6483896 Add ChannelAborted event (#2593)
• 202598d Introduce a specific funding status for zeroconf (#2598)
• 6904283 Handle next remote commit in ReplaceableTxPublisher (#2600)
• d4c32f9 Add support for paying offers (#2479)
• ddcb978 Add support for plugins that intercept open channel messages (#2552)
• fcc52a8 Prepare InteractiveTxBuilder to support splicing (#2595)
• e3bba3d Remove reserve requirement on first commitment (#2597)
• 1a79e75 Replace Commitments with MetaCommitments (#2599)
• a3c6029 Limit number of RBF attempts during dual funding (#2596)
• df590d8 Make updateLocalFundingStatus method return Either (#2602)
• 1c9c694 Add new command to fix flaky tests in PendingChannelsRateLimiterSpec (#2606)
• a52a10a Update Bolt 3 tests (#2605)
• f4326f4 Use bitcoin-lib 0.27 (#2612)
• e1cee96 Fix opportunistic zero-conf (#2616)
• 732eb31 Add limit for incoming connections from peers without channels (#2601)
• df0e712 Add offer manager (#2566)
• dcedecc Rework responses to channel open and rbf (#2608)
• e383d81 Add listreceivedpayments RPC call (#2607)
• db15beb Add t-bast's GPG key to SECURITY.md (#2621)
• 3a95a7d Store channel state after sending commit_sig (#2614)
• 6d7b0fa Remove max-funding-satoshis config (#2624)
• daf947f Allow negative contributions in InteractiveTxBuilder (#2619)
• de6d3c1 Add support for splices (#2584)
• a8471df Update tx_signature witness codec (#2633)
• 71568ca Dynamic funding pubkeys (#2634)
• 3973ffa Onion message test vector (#2628)
• 46149c7 Add padding to blinded payment routes (#2638)
• 36745a6 Better validation of onion message payloads (#2631)
• 0d3de8f Fix test to prevent error from timeout waiting for no messages (#2640)
• 25b92da Pass remote address to InterceptOpenChannelPlugin (#2641)
• a58b7e8 Use tlv type 0 for next_funding_txid (#2637)
• 25f4cd2 Remove minDepth from InteractiveTxParams (#2635)
• a010750 Minor fixes for splices (#2647)
• 15e4986 Cleanup ChannelKeyManager (#2639)
• 396c84d Included doc folder in the assembly zip (#2604)
• ee63c65 Add cpfp-bump-fees API (#1783)
• 77b3337 Use a tx_hash instead of txid in all lightning messages (#2648)
• 7bf2e8c Remove restriction to regtest/testnet (#2652)
• 9beccce Define channelReserve() methods in ChannelParams (#2653)
• 14cbed9 Fix JSON Postgres index on channel's remote_node_id (#2649)
• 55a985a Fix channels DB migration (#2655)
• fa985da Reject unreasonably low splice feerate (#2657)
• c73db84 Ignore lnd's internal errors (#2659)
• 50178be Update to bitcoind 23.2 (#2664)
• f2aa0cc Use bitcoin-lib 0.28 (#2658)
• adaad5e Fix interpretation of option_onion_messages (#2670)
• 3fed408 Update Kamon (#2665)
• 2c01915 Add message size metric (#2671)
• 4713a54 Relax reserve requirements on HTLC receiver (#2666)
• aaad2e1 Accept closing fee above commit fee (#2662)
• 835b33b Add upper bound on fees paid during force-close (#2668)
• 0fa4453 Ignore non-relayed incoming HTLCs when closing (#2672)
• 41b8d5c Fix Autoprobe dummy invoice (#2661)
• 84f1d03 Fix splice reconnection while signing (#2673)
• 71968d0 More robust channels timestamps (#2674)
• e7b4631 (Minor) refactor tlvs at connection reestablish (#2675)
• 46d1c73 Always store remote commit_sig in interactive tx (#2681)
• 37eb142 Add closedchannels RPC (#2642)
• 53872ea (Minor) Add json type hint for WAIT_FOR_DUAL_FUNDING_SIGNED (#2682)
• 5505967 Make shared transaction codecs more future-proof (#2679)
• ef277f0 Increase default max-cltv value (#2677)
• 5ab8471 Check bitcoind version before initializing DB (#2660)
• 42dfa9f Handle invoice with amounts larger than 1btc (#2684)
• ef77198 Ignore outgoing connection requests if front not ready (#2683)
• b084d73 Add maxFeeMsat parameter to sendtoroute RPC call (#2626)
• 05ef2f9 Fix blinded path min_final_expiry_delta check (#2678)
• faebbfa Move channel collector inside Peer actor (#2688)
• f184317 Fix problems and add tests for pending channels rate limiter (#2687)
• 303c1d4 Fix failing test PendingChannelsRateLimiter and clarify other tests (#2691)
• 878eb27 Update maven version (#2690)
• 1105a0a Update docker gradle checksum (#2692)
• fe9f32b Minor updates on PeerReadyNotifier (#2695)
• 3a351f4 Never serialize ActorRef (#2697)