v2.7.2-rc1

Changelog

• 87cdae6 chore(deps): bump github.com/libp2p/go-libp2p to v0.48.0 (#5430)
• fd3590b chore(docker): update environment variables to be compatible with latest updates (#5416)
• 879b028 fix: soft-fail on insufficient stake & auto-update height via API (#5315)
• a0d2868 feat: per-chunk stamped putter for WebSocket chunk uploads (#5256)
• a81f17a perf: stamp issuer write coalescing (#5392)
• c97059c feat: blockchain rpc http transport config (#5420)
• 2c0e2b8 fix(transaction): improve gas estimation reliability and error handling (#5344)
• ce36b8f fix: speed up node shutdown (#5408)
• 65df151 chore: use go 1.26 and golangci-lint 2.11.3 (#5377)
• 5eef16e chore(p2p): prefer tcp when discovering bootnodes (#5406)
• 790d338 fix: add stabilization detector to bee struct (#5414)
• 2f99748 chore: activate pre-push hook for local lint checks (#5410)
• fec3ecd docs: add ai disclosure sections (#5405)
• 4c52ada chore: update postage snapshot to v0.0.6 (#5401)
• 5231811 chore(pullsync): remove uninformative logline (#5398)
• 922bc41 fix(p2p/libp2p): redirect p2p-forge zap logger output to stdout (#5393)
• 8ebc8ad fix: deduplicate concurrent ReserveSample calls with singleflight (#5373)
• 67fe2b0 chore: upgrade to latest libp2p version (#5379)
• 7e83de7 fix(puller): prevent massive log lines from joined errors (#5331)
• 0723de6 fix(transaction): prevent concurrent map access in monitor (#5309)
• 4f8cc7b feat: export ReserveSample duration breakdown metrics (#5391)
• 2f1dade test: fix flaky reserve worker startup (#5384)
• ece6db4 ci: fix sonarqube warnings (#5385)
• 253d867 test: fix soc flaky test (#5382)
• c6357fd fix: fixes for topology oversaturated and block list streams tests (#5345)
• f27d3f9 test: reserve sample deterministic test + benchmarks (#5374)

v2.7.1

Bee v2.7.1 is a stability-focused patch release that hardens the P2P networking layer for safe WSS (AutoTLS) adoption at scale. With v2.7.0 introducing AutoTLS and WSS support, enabling it across many nodes exposed connectivity issues — timeout starvation, transport mismatch, reacher inefficiency, and unreachable address gossip. This release addresses all of them with five interlocking P2P fixes, alongside postage performance improvements and codebase cleanup.

💬 Join us on Discord if you have questions or feedback!

Note

📢 Operator Notice — Heads Up on Hosting Provider Alerts

We've observed that some operators have had their hosting provider flag their node's behaviour as a scanning attack, likely triggered by the libp2p networking. This does not happen with every provider or in every environment — but we want to make you aware of it in case you run into the same.

If your provider sends you a warning or your node gets throttled/suspended for suspicious network activity, the likely cause is the node attempting to connect to peer addresses that fall within private IP ranges. The good news is it's straightforward to mitigate.

If you experience this, adding the following iptables rules will resolve it:

/usr/sbin/iptables -I OUTPUT 1 -s $(/usr/bin/curl -4 ifconfig.me) -d 172.16.0.0/12 -j DROP
/usr/sbin/iptables -I OUTPUT 1 -s $(/usr/bin/curl -4 ifconfig.me) -d 192.168.0.0/16 -j DROP
/usr/sbin/iptables -I OUTPUT 1 -s $(/usr/bin/curl -4 ifconfig.me) -d 10.0.0.0/8 -j DROP
/usr/sbin/iptables -I OUTPUT 1 -s $(/usr/bin/curl -4 ifconfig.me) -d 100.64.0.0/10 -j DROP
/usr/sbin/iptables -I FORWARD 1 -s $(/usr/bin/curl -4 ifconfig.me) -d 172.16.0.0/12 -p tcp -j DROP
/usr/sbin/iptables -I FORWARD 1 -s $(/usr/bin/curl -4 ifconfig.me) -d 192.168.0.0/16  -p tcp -j DROP
/usr/sbin/iptables -I FORWARD 1 -s $(/usr/bin/curl -4 ifconfig.me) -d 10.0.0.0/8 -p tcp -j DROP
/usr/sbin/iptables -I FORWARD 1 -s $(/usr/bin/curl -4 ifconfig.me) -d 100.64.0.0/10 -p tcp -j DROP

No action is needed if you haven't experienced any issues. This is purely a mitigation guide to keep in your back pocket.

Bug Fixes

• P2P: Fresh connection timeout per underlay address — Each underlay address now gets its own dedicated 15-second connection timeout instead of sharing a single timeout context across all addresses. Previously, when connecting to a peer with multiple addresses (TCP + WSS), later addresses were starved of connection time. Bootnode connection timeout also raised from 15s to 45s to accommodate multiple sequential address attempts. (#5328)

• P2P: Transport-aware address selection and filtering — Introduced a new TransportType classification system (TCP > WS > WSS) with ClassifyTransport(), SelectBestAdvertisedAddress(), and filterSupportedAddresses() functions. The reacher now only selects addresses matching locally enabled transports, preventing WSS-only addresses from being selected on nodes without WSS enabled. (#5347)

• P2P: Update peer address on reconnect and optimize reacher — Replaced the reacher's internal map[string]*peer with a min-heap (container/heap) for O(1) peek and O(log n) updates instead of O(n) per scheduling cycle. When a peer reconnects with a different underlay, the address is now updated and the peer is immediately re-pinged instead of being silently ignored. (#5348)

• P2P: Skip addressbook and reacher for unreachable addresses — Removed the RemoteMultiaddr fallback from peerMultiaddrs() which was returning NAT IPs with ephemeral ports. These unreachable addresses were being stored in the addressbook, gossipped via hive, and sent to the reacher for pinging (always failing). Addressbook storage and reacher notifications are now gated on having valid peerstore addresses. (#5370)

• P2P: Exponential backoff for reacher — Reacher now uses exponential backoff with ±20% jitter instead of flat retry intervals. Healthy peers are checked less often (5m → 10m → 20m), while unreachable peers are backed off more aggressively (up to 80m). Worker count reduced from 16 to 8. Added a generation counter to discard stale in-flight ping results, and new Prometheus metrics for queue depth, ping attempts/errors, and duration histograms. (#5371)

• P2P: Set reachability status metric value correctly — Fixed the reachability status Prometheus metric to use value 1 instead of 0 when the node is reachable. (#5368)

• Postage: Prevent nil pointer panic in TopUpBatch — Fixed a crash in light nodes running stamps topup where receipt.TxHash was accessed after sendTopUpBatchTransaction returned an error. The txHash assignment is now moved after the nil-check/success path. Same pattern fixed in CreateBatch and DiluteBatch. (#5332)

Improvements

• Optimize postage batch snapshot loading — Introduced a pendingChainState buffer that holds ChainState in memory during TransactionStart() … TransactionEnd() windows. During large batch processing (e.g., 50,000 blocks snapshot replay), disk writes are reduced from 50,000+ down to a single write at TransactionEnd(). (#5343)

• Refactor: Extract p2p-forge code into separate file — Moved p2p-forge related code into its own file for better code organization. (#5349)

Maintenance

• Remove dead use-postage-snapshot flag and unused bootstrapping logic — The flag was intended to bootstrap nodes by fetching a postage snapshot from a Swarm feed, but the feed address was hardcoded to a zero address, making it non-functional. Removed the entire bootstrap.go file and related config entries across 13 files. −561 lines of dead code. (#5318)

• Remove timebomb — Removed time-based expiration check. (#5359)

• Update postage snapshot to v0.0.6 — Updated the postage snapshot dependency to block number 45,195,454. (#5401)

• OpenAPI spec improvements — Bumped OpenAPI version to 7.4.0 (#5353) and 7.4.1 (#5375), with additional spec improvements (#5363).

What's Changed

• chore: bump open api version to 7.4.0 by @gacevicljubisa in #5353
• fix(workflows): add failure checks for gsoc, postage-stamps, stake, w… by @akrem-chabchoub in #5354
• fix(p2p): give each underlay address fresh 15s connection timeout by @gacevicljubisa in #5328
• fix(postage): prevent nil pointer panic in TopUpBatch on transaction … by @akrem-chabchoub in #5332
• fix(p2p): improve reacher address selection and transport filtering by @gacevicljubisa in #5347
• chore: remove timebomb by @acud in #5359
• refactor(libp2p): extract p2p-forge code into separate file by @gacevicljubisa in #5349
• fix(p2p): update peer address on reconnect and optimize reacher by @gacevicljubisa in #5348
• fix(kademlia): set reachability status metric value to 1 instead of 0 by @gacevicljubisa in #5368
• chore: improve openapi spec by @acud in #5363
• chore: remove unused code and enable extra linters by @martinconic in #5369
• feat: optimize postage batch snapshot by @martinconic in #5343
• chore: remove dead use-postage-snapshot flag and unused bootstrapping logic by @martinconic in #5318
• fix(p2p): add exponential backoff for reacher by @gacevicljubisa in #5371
• chore: bump version of OpenAPI to 7.4.1 by @gacevicljubisa in #5375
• fix(p2p): skip addressbook and reacher for unreachable addresses by @gacevicljubisa in #5370
• chore: update postage snapshot to v0.0.6 by @martinconic in #5401

Full Changelog: v2.7.0...v2.7.1

v2.7.1-rc3

Changelog

• 61fab37 chore: update postage snapshot to v0.0.6 (#5401)

v2.7.1-rc2

Changelog

• 858f52c fix(p2p): skip addressbook and reacher for unreachable addresses (#5370)
• 4f09e38 chore: bump version of OpenAPI to 7.4.1 (#5375)
• bb05308 fix(p2p): add exponential backoff for reacher (#5371)
• 1fd7740 chore: remove dead use-postage-snapshot flag and unused bootstrapping logic (#5318)
• 48c19ef feat: optimize postage batch snapshot (#5343)
• 07cc20d chore: remove unused code and enable extra linters (#5369)
• 80d6086 chore: improve openapi spec (#5363)
• 8251748 fix(kademlia): set reachability status metric value to 1 instead of 0 (#5368)

v2.7.1-rc1

Changelog

• ffb7104 fix(p2p): update peer address on reconnect and optimize reacher (#5348)
• b2f6762 refactor(libp2p): extract p2p-forge code into separate file (#5349)
• db955ee chore: remove timebomb (#5359)
• 579f776 fix(p2p): improve reacher address selection and transport filtering (#5347)
• 668bd8b fix(postage): prevent nil pointer panic in TopUpBatch on transaction … (#5332)
• 91b01ad fix(p2p): give each underlay address fresh 15s connection timeout (#5328)
• 3f6c6c9 fix(workflows): add failure checks for gsoc, postage-stamps, stake, w… (#5354)
• 60ca478 chore: bump open api version to 7.4.0 (#5353)

v2.7.0

The Bee team is pleased to announce the v2.7.0 release! 🎉

This update brings support for multiple underlay addresses, AutoTLS for secure WebSocket connections, improved feed resolution, and significant performance and reliability improvements.

The release also includes various bug fixes, API changes, and an upgrade to Go 1.25, so make sure to check out the full list below.

For questions, comments, and feedback, reach out on Discord.

Features

• Nodes can now advertise multiple underlay addresses, enabling better connectivity for diverse network configurations (e.g. in-browser nodes, multi-homed servers). Backward compatibility with v2.6.0 nodes is maintained (#5204)

• Added AutoTLS support for secure WebSocket connections, allowing nodes to automatically obtain and use TLS certificates. This introduces the following new configuration flags (#5187):

  p2p-wss-enable: false
  p2p-wss-addr: ":1635"
  nat-wss-addr: ""
  autotls-domain: "libp2p.direct"
  autotls-registration-endpoint: "https://registration.libp2p.direct"
  autotls-ca-endpoint: "https://acme-v02.api.letsencrypt.org/directory"

• Both feed versions (legacy and wrapped) now race together automatically, removing the need for manual version selection. A new Swarm-Feed-Resolved-Version response header indicates which version was resolved (#5287)

• Added reserveCapacityDoubling field to /reservestate endpoint for better reserve state visibility (#5139)

• Added bootup time metrics for monitoring node startup performance (#5162)

• Added metrics for ReserveSample performance analysis (#5177)

• Added metrics for overdraft refresh logs in pushsync to reduce log spam and improve observability (#5297)

• Improved storer performance by using buffered channels in the sampling pipeline, reducing sample generation time by 15–30% (#5170)

• Added funding URL for mainnet users when chequebook deployment requires funds (#5284)

Bug fixes

• Fixed a panic when storage incentives are disabled (#5150)
• Fixed peers being incorrectly marked as healthy in underpopulated bins (#5145)
• Fixed postage snapshot import incorrectly running on ultra light nodes (#5169)
• Fixed gas price handling by replacing SuggestGasPrice with custom SuggestedFeeAndTip for proper EIP-1559 compliance (#5144)
• Fixed legacy gasPrice to EIP-1559 dynamic fee mapping that was causing overpayment (#5225)
• Fixed uncompressed ETH message signature handling (#5197)
• Fixed ENS error handling to provide clearer failure information (#5213)
• Added erasure ReDecoder for evicted chunks, fixing reliability issues during long-lived erasure-coded downloads (#5097)
• Fixed pin eviction guard to prevent pinned content from being incorrectly evicted (#5222)
• Fixed EstimateGas to use block-specific estimation for more accurate results (#5252)
• Added chain availability check to prevent errors when the blockchain backend is unreachable (#5227)
• Fixed joiner redundancy at multiple levels for improved erasure coding reliability (#5292)
• Fixed chain backend being incorrectly used for ultra light nodes (#5310)

Improvements

• Upgraded to Go v1.25 with modernized codebase, incorporating the latest language features, performance improvements, and security patches (#5231, #5236, #5248)

Important

NAT address validation: nat-addr and the new nat-wss-addr are now validated on startup. Previously nat-addr was not validated at all, which could lead to silent misconfigurations. Ensure your values are correct before upgrading. (#5257)

• Added validation for redundancy level in bytes and bzz handlers (#5311)
• Updated misleading debug log message for bootnode connection failure (#5320)
• Updated dependencies: gnark-crypto to v0.18.1 (#5271), golang.org/x/crypto to v0.45.0 (#5286)
• Updated postage snapshot (#5325)
• Refactoring and code improvements, enhancing maintainability and performance (#5158, #5168, #5188, #5200, #5206, #5103, #5214, #5218, #5337)
• Migrated multiple test packages to use synctest for more reliable testing (#5250, #5260, #5258, #5259, #5261, #5262, #5263, #5264, #5265, #5266, #5267, #5296)

API Changes

• Added reserveCapacityDoubling to /reservestate response (#5139)
• Removed swarm-feed-legacy-resolve query parameter; both feed versions now race automatically. Added Swarm-Feed-Resolved-Version response header (#5287)
• Removed body from POST /tags (#5246)

New Contributors

• @socialsister made their first contribution in #5158
• @bytesingsong made their first contribution in #5154
• @chengehe made their first contribution in #5121
• @jishudashu made their first contribution in #5168
• @tanhuaan made their first contribution in #5183
• @youzichuan made their first contribution in #5188
• @pxwanglu made their first contribution in #5195
• @zhedazijingang made their first contribution in #5200
• @Olexandr88 made their first contribution in #5207
• @keeghcet made their first contribution in #5206
• @mickychang9 made their first contribution in #5212
• @jinjiadu made their first contribution in #5103
• @riskrose made their first contribution in #5079
• @joemicky made their first contribution in #5214
• @zhoujiaweii made their first contribution in #5218
• @akrem-chabchoub made their first contribution in #5231
• @sbackend123 made their first contribution in #5204
• @vicerace made their first contribution in #5293

Full Changelog: v2.6.0...v2.7.0

v2.7.0-rc14

Changelog

• 6ddf9b4 refactor(libp2p): rename underlays to overlayToPeerID in peer registry (#5337)
• 9f2f7aa fix(p2p): use connection remote addr as fallback when peerstore is empty (#5336)

v2.7.0-rc13

Changelog

• 5ad0417 fix: make hive bee 2.6.0 backward compatible (#5329)
• eccd4f1 fix(p2p): handle pre-release versions in bee260 backward compatibility check (#5327)

v2.7.0-rc12

Changelog

• 26530f1 chore: update postage snapshot (#5325)
• c00d65d test(joiner): add synctest to joiner tests (#5265)
• c01e11c test: integrate synctest in access control pkg (#5296)
• 5857dad fix(kademlia): update misleading debug log message for bootnode connection failure (#5320)

v2.7.0-rc11

Changelog

• c92d8c5 feat(p2p): add AutoTLS support for secure WebSocket connections (#5187)
• 66519d7 test(libp2p): update reacher tests to use synctest (#5267)
• 37ab9c7 fix: add validation for redundancy level in bytes and bzz handlers (#5311)
• 55d4864 fix(node): allow hostnames in public address validation (#5312)
• f612bf9 chore: updated mock accounting service function names and comments (#5293)
• 47cb8d1 test(pingpong): add synctest to ping test (#5264)
• 3e157a0 feat: make both feed versions race together (#5287)
• 0d1b99b fix: chain backend should not be used for ultra light nodes (#5310)
• d5a095c feat(ci): add PR title validation to prevent invalid merge commits (#5304)
• a54d62b fix: typo (#5299)
• 7a72d9f chore(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 (#5286)
• 492ea53 feat(pushsync): add rate limiting and metric for overdraft refresh logs (#5297)
• aed9d55 test(pullsync): add synctest to pullsync (#5261)
• 8e716cb Add synctest in storage incentives (#5262)
• 11f8c81 test(storer-reserve): add synctest in evict test (#5263)
• 44d5d4f test(events): add synctest to subscriber tests (#5266)
• cd6c34a fix: use hex encoded values in stamerindex.Item.String() (#5294)
• 3298411 fix: joiner redundancy multilevel (#5292)
• 7980065 test(synctest): add synctest to syncutil test (#5259)
• 72ed53f test(blocker): add synctest to blocker pkg (#5258)
• 54b963a test(spinlock): add synctest to wait test (#5260)
• 48ded1a feat(chequebook): add funding URL for mainnet users (#5284)
• 57a0355 docs(bee-dev): update dev command with deprecation warning and doc link (#5283)
• 02704a1 revert(pushsync): cap overdraft backoff delay with jitter (#5275)
• 9c7116d test(storage-incentives): add synctest to TestAgent (#5250)