490311e Release 1.8.0 — radicle.xyz

+

---

+

title: "Radicle 1.8.0 – Drosera"

+

image: radicle-1.png

+

---

+

[46f4c0f]: https://app.radicle.xyz/nodes/seed.radicle.xyz/rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5/commits/46f4c0f38ffb181f6e5787997c6153f18ab22902

+

[Drosera]: https://en.wikipedia.org/wiki/Drosera

+

The Radicle team are back sooner than later for this important release, Radicle 1.8.0, code name *[Drosera]*.

+

[Radicle 1.7.0](({% post_url 2026-03-18-radicle-1.7.0 %})) included a security fix,

+

and the team worked hard since that release to provide improved security on top of this.

+

Our post ["Disclosure of Vulnerability in Signed References"]({% post_url 2026-03-30-disclosure-of-vulnerability-in-signed-references %})

+

provides more context on the features listed below.

+

## Signed References Feature Levels

+

### Feature Level Detection

+

Radicle's Signed References now detect which feature level they have been upgraded to.

+

This feature level is monotonically increasing starting from `none`.

+

The `none` feature level means that the `refs` and `signature` blobs are present,

+

but the `refs` do not contain `refs/rad/root` nor `refs/rad/sigrefs-parent`.

+

This still implies that the `signature` in `refs` must verify against the public key of the namespace.

+

The next level increases by including `refs/rad/root`, and the feature level is known as `root`.

+

Once again, since these are monotonically increasing, `root` implies `none`.

+

The latest feature level is `parent`, which implies `root`, and means that `refs/rad/sigrefs-parent` is included.

+

### Feature Level Downgrade Detection

+

Since feature levels are monotonically increasing, this allows us to detect when downgrade attacks are attempted.

+

When the head commit of a signed references entry is at a `parent` feature level,

+

then they are secure.

+

However, if the current head is found to be `root` or `none`,

+

then the rest of the commits are inspected to see if the head is a result of a downgrade.

+

Note that, in some cases, downgrades may have occurred due to moving between different

+

versions of Radicle releases.

+

In these cases, there are recovery mechanisms, since the user can always create a new

+

signed references commit, and these upgrades can be fetched by other nodes.

+

### Feature Level Migration

+

The detection of these feature level allows the node to detect when a migration is needed.

+

Upon startup of the `radicle-node`, if any of the local user's signed references are not at the `parent` feature level, a new signed references entry will be automatically created.

+

### Feature Level Inspection

+

To help understand and debug a user's signed references,

+

the `rad inspect --sigrefs` command has learned to output the feature levels of the signed references entries. For example:

+

```

+

z6MkireRatUThvd3qzfKht1S44wpm4FEWSSa4PRMTSQZ3voM bf789d587a4f399b0580146cb06634d87188400c parent

+

z6MkkPvBfjP4bQmco5Dm7UGsX2ruDBieEHi8n9DVJWX5sTEz 7d1c1aa1816a3bb43b9667ec3d0ee7324b98cb3e parent

+

z6Mkf8A8EV6M8KjAFyjpvLexQMrixSmHu3hiP45qUMW6FoXE e1d57a292eba718b5bb192c5ba61c5b38ba07398 root

+

z6MkfXa53s1ZSFy8rktvyXt5ADCojnxvjAoQpzajaXyLqG5n 851d11cf8e6e208b96d72e71181700b822301a48 root

+

z6MkfgZKQgtWtgNsVizqWqFKf6ka7oo8vS8mppKDVhDM5YMm c5d091bb7d63f2dae517f78f77ae9e0a7e0607b4 none

+

```

+

The first column shows the Node Identifier, the second column shows the OID of the head of the respective `refs/rad/sigrefs`,

+

and the third column shows the feature level detected.

+

### Feature Level Option

+

Finally, the `node` configuration learned a new configuration option,

+

under `node.fetch.signedReferences.featureLevel.minimum`.

+

This prevents your node fetching namespaces that are at a feature level below the specified `minimum`.

+

The current default is `none`, but as time goes on, and nodes upgrade,

+

you should choose to update this minimum to `parent`.

+

Once you have updated this minimum, it is still possible to perform a one-shot `rad sync` or `rad clone` with a lower minimum by using the `--signed-refs-feature-level` option.

+

### Performance Impact of Signed References Verification

+

It is important to note that there will be a perceived performance impact on the verification of signed references.

+

The performance degradation is due to the verification process having to walk the history of the commits.

+

However, when signed references are on the `parent` feature level,

+

this walk is unnecessary.

+

This is provides another reason for users to upgrade as soon as possible,

+

so that fetches are fast again, as well as more secure.

+

## Changelog

+

* `edde15d9` **Release 1.8.0** *<fintan.halpenny@gmail.com>*

+

* `263d04b5` **schemars: Update to 0.7.0** *<fintan.halpenny@gmail.com>*

+

* `597b514d` **remote-helper: Update to 0.16.0** *<fintan.halpenny@gmail.com>*

+

* `d685d6f9` **cli: Update to 0.20.0** *<fintan.halpenny@gmail.com>*

+

* `78908682` **node: Update to 0.19.0** *<fintan.halpenny@gmail.com>*

+

* `6e40a617` **protocol: Update to 0.7.0** *<fintan.halpenny@gmail.com>*

+

* `5a2e7841` **fetch: Update to 0.19.0** *<fintan.halpenny@gmail.com>*

+

* `9f91817d` **radicle: Update to 0.23.0** *<fintan.halpenny@gmail.com>*

+

* `46f4c0f3` **protocol/service: Increase timeout for fetches** *<lorenz.leutgeb@radicle.xyz>*

+

* `e7467fb1` **protocol: SignedRefs upgrades provide `SyncedAt`** *<lorenz.leutgeb@radicle.xyz>*

+

* `6d771abf` **radicle/storage/refs: Remove `RefAt::load`** *<lorenz.leutgeb@radicle.xyz>*

+

* `ec36d1c3` **radicle/sigrefs: Merge `SignedRefs{,At}`** *<lorenz.leutgeb@radicle.xyz>*

+

* `07011233` **radicle/sigrefs: Use `SignedRefsAt` everywhere** *<lorenz.leutgeb@radicle.xyz>*

+

* `d25fb7f6` **radicle/sigrefs/git: Refactor `Committer`** *<lorenz.leutgeb@radicle.xyz>*

+

* `5d583338` **radicle/sigrefs/git: Use stable `RAD_LOCAL_TIME`** *<lorenz.leutgeb@radicle.xyz>*

+

* `86cacfb8` **radicle: Have migration repair downgrades** *<lorenz.leutgeb@radicle.xyz>*

+

* `33db6637` **radicle: Teach `rad sync` and `rad clone` to accept feature levels** *<fintan.halpenny@gmail.com>*

+

* `ef4ddf06` **node: Remove `radicle_fetch::Config` from `worker::Config`** *<fintan.halpenny@gmail.com>*

+

* `07f3d565` **protocol: Allow configuration of `radicle_fetch::Config`** *<fintan.halpenny@gmail.com>*

+

* `81ca4b9e` **fetch: Allow upgrading Signed References** *<lorenz.leutgeb@radicle.xyz>*

+

* `e245e311` **fetch: Configure Minimum Feature Level** *<lorenz.leutgeb@radicle.xyz>*

+

* `47063057` **radicle/sigrefs: Automatically Migrate** *<lorenz.leutgeb@radicle.xyz>*

+

* `8b166b23` **fetch: Log on old sigrefs** *<lorenz.leutgeb@radicle.xyz>*

+

* `7fb032da` **cli/inspect: Show feature level of sigrefs** *<lorenz.leutgeb@radicle.xyz>*

+

* `404fe33a` **radicle/sigrefs: Remove `MissingIdentity` error** *<lorenz.leutgeb@radicle.xyz>*

+

* `7f19044a` **radicle/sigrefs/write: Treat error to verify head** *<lorenz.leutgeb@radicle.xyz>*

+

* `8bc3ffc0` **radicle/sigrefs: Detect features when writing** *<lorenz.leutgeb@radicle.xyz>*

+

* `372a7875` **radicle/sigrefs: Implement feature detection** *<lorenz.leutgeb@radicle.xyz>*

+

* `9a4539fe` **radicle/sigrefs: Find first non-replayed commit** *<lorenz.leutgeb@radicle.xyz>*

+

* `b5dc3486` **node/wire: Remove `FetchResult` log** *<lorenz.leutgeb@radicle.xyz>*

+

* `14493cbf` **core: Enable `radicle-oid/qcheck`** *<lorenz.leutgeb@radicle.xyz>*

+

* `9fda8c6d` **radicle: Update to 0.22.1** *<fintan.halpenny@gmail.com>*

+

## Checksums

+

```

+

c6cf18a44d64182270bfcfcb70a19bc1556e8627bcd6d3b6d373fe7e1c461cc2  radicle-1.8.0-x86_64-unknown-linux-musl.tar.xz

+

72ac7abde20eee1973bcdcd2d2022916fbb371fc3651ffba9166d15109923ace  radicle-1.8.0-aarch64-unknown-linux-musl.tar.xz

+

fe68c9a0e5bbceb3cc1c123e99ee2835673759c8acc33511ada995abd33d0abd  radicle-1.8.0-aarch64-apple-darwin.tar.xz

+

238d9df6204f0ea9e42c9fe508a848e18799abd660483add346908a5f2754826  radicle-1.8.0-x86_64-apple-darwin.tar.xz

+

```