ci: Remove "(WARNING: BETA SOFTWARE)" tagline from all upcoming releases (backport #9371) (#9373)

* ci: Remove "(WARNING: BETA SOFTWARE)" tagline from all upcoming releases (#9371) This is by no means a signal that we offer any additional guarantees with our software. This warning seems somewhat pointless given that: 1. Our open source license clearly states that we offer no warranties with this software. 2. We are clearly still pre-1.0. It also doesn't make sense to append "(WARNING: BETA SOFTWARE)" to pre-releases such as alpha releases, which are to be considered _more_ unstable than beta releases. --- #### PR checklist - [x] Tests written/updated, or no tests needed - [x] `CHANGELOG_PENDING.md` updated, or no changelog entry needed - [x] Updated relevant documentation (`docs/`) and code comments, or no documentation updates needed (cherry picked from commit d7645628f1) # Conflicts: # .goreleaser.yml * Resolve conflicts Signed-off-by: Thane Thomson <connect@thanethomson.com> * Sync root docs with main Signed-off-by: Thane Thomson <connect@thanethomson.com> Signed-off-by: Thane Thomson <connect@thanethomson.com> Co-authored-by: Thane Thomson <connect@thanethomson.com>
2026-01-07 13:55:17 +00:00 · 2022-09-05 09:26:00 -04:00
parent 3ab015127c
commit 441405eb9e
5 changed files with 241 additions and 168 deletions
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -25,4 +25,13 @@ checksum:
  algorithm: sha256
 release:
-  name_template: "{{.Version}} (WARNING: BETA SOFTWARE)"
+  prerelease: auto
  name_template: "{{.Version}}"
 archives:
  - files:
      - LICENSE
      - README.md
      - UPGRADING.md
      - SECURITY.md
      - CHANGELOG.md
--- a/6
+++ b/6
@@ -1,5 +1,3 @@
 Tendermint Core
 License: Apache2.0
                                 Apache License
                           Version 2.0, January 2004
@@ -181,7 +179,7 @@ License: Apache2.0
   APPENDIX: How to apply the Apache License to your work.
      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "{}"
+      boilerplate notice, with the fields enclosed by brackets "[]"
      replaced with your own identifying information. (Don't include
      the brackets!)  The text should be enclosed in the appropriate
      comment syntax for the file format. We also recommend that a
@@ -189,7 +187,7 @@ License: Apache2.0
      same "printed page" as the copyright notice for easier
      identification within third-party archives.
-   Copyright 2016 All in Bits, Inc
+   Copyright [yyyy] [name of copyright owner]
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/README.md
+++ b/README.md
@@ -2,72 +2,76 @@
 ![banner](docs/tendermint-core-image.jpg)
-[Byzantine-Fault Tolerant](https://en.wikipedia.org/wiki/Byzantine_fault_tolerance)
+[Byzantine-Fault Tolerant][bft] [State Machine Replication][smr]. Or
-[State Machines](https://en.wikipedia.org/wiki/State_machine_replication).
+[Blockchain], for short.
 Or [Blockchain](<https://en.wikipedia.org/wiki/Blockchain_(database)>), for short.
-[![version](https://img.shields.io/github/tag/tendermint/tendermint.svg)](https://github.com/tendermint/tendermint/releases/latest)
+[![Version][version-badge]][version-url]
-[![API Reference](https://camo.githubusercontent.com/915b7be44ada53c290eb157634330494ebe3e30a/68747470733a2f2f676f646f632e6f72672f6769746875622e636f6d2f676f6c616e672f6764646f3f7374617475732e737667)](https://pkg.go.dev/github.com/tendermint/tendermint)
+[![API Reference][api-badge]][api-url]
-[![Go version](https://img.shields.io/badge/go-1.15-blue.svg)](https://github.com/moovweb/gvm)
+[![Go version][go-badge]][go-url]
-[![Discord chat](https://img.shields.io/discord/669268347736686612.svg)](https://discord.gg/AzefAFd)
+[![Discord chat][discord-badge]][discord-url]
-[![license](https://img.shields.io/github/license/tendermint/tendermint.svg)](https://github.com/tendermint/tendermint/blob/main/LICENSE)
+[![License][license-badge]][license-url]
-[![tendermint/tendermint](https://tokei.rs/b1/github/tendermint/tendermint?category=lines)](https://github.com/tendermint/tendermint)
+[![Sourcegraph][sg-badge]][sg-url]
 [![Sourcegraph](https://sourcegraph.com/github.com/tendermint/tendermint/-/badge.svg)](https://sourcegraph.com/github.com/tendermint/tendermint?badge)
-| Branch | Tests                                                                                                                                                                                                                                                  | Coverage                                                                                                                             | Linting                                                                    |
+| Branch | Tests                              | Linting                         |
-| ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------- |
+|--------|------------------------------------|---------------------------------|
-| master | [![CircleCI](https://circleci.com/gh/tendermint/tendermint/tree/master.svg?style=shield)](https://circleci.com/gh/tendermint/tendermint/tree/master) </br> ![Tests](https://github.com/tendermint/tendermint/workflows/Tests/badge.svg?branch=master) | [![codecov](https://codecov.io/gh/tendermint/tendermint/branch/master/graph/badge.svg)](https://codecov.io/gh/tendermint/tendermint) | ![Lint](https://github.com/tendermint/tendermint/workflows/Lint/badge.svg) |
+| main   | [![Tests][tests-badge]][tests-url] | [![Lint][lint-badge]][lint-url] |
-Tendermint Core is Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language -
+Tendermint Core is a Byzantine Fault Tolerant (BFT) middleware that takes a
-and securely replicates it on many machines.
+state transition machine - written in any programming language - and securely
 replicates it on many machines.
-For protocol details, see [the
+For protocol details, refer to the [Tendermint Specification](./spec/README.md).
 specification](https://github.com/tendermint/tendermint/tree/v0.34.x/spec).
-For detailed analysis of the consensus protocol, including safety and liveness proofs,
+For detailed analysis of the consensus protocol, including safety and liveness
-see our recent paper, "[The latest gossip on BFT consensus](https://arxiv.org/abs/1807.04938)".
+proofs, read our paper, "[The latest gossip on BFT
 consensus](https://arxiv.org/abs/1807.04938)".
 ## Documentation
 Complete documentation can be found on the
 [website](https://docs.tendermint.com/).
 ## Releases
-Please do not depend on master as your production branch. Use [releases](https://github.com/tendermint/tendermint/releases) instead.
+Please do not depend on `main` as your production branch. Use
 [releases](https://github.com/tendermint/tendermint/releases) instead.
-Tendermint is being used in production in both private and public environments,
+Tendermint has been in the production of private and public environments, most
-most notably the blockchains of the [Cosmos Network](https://cosmos.network/).
+notably the blockchains of the Cosmos Network. we haven't released v1.0 yet
-However, we are still making breaking changes to the protocol and the APIs and have not yet released v1.0.
+since we are making breaking changes to the protocol and the APIs. See below for
-See below for more details about [versioning](#versioning).
+more details about [versioning](#versioning).
-In any case, if you intend to run Tendermint in production, we're happy to help. You can
+In any case, if you intend to run Tendermint in production, we're happy to help.
-contact us [over email](mailto:hello@interchain.berlin) or [join the chat](https://discord.gg/AzefAFd).
+You can contact us [over email](mailto:hello@interchain.io) or [join the
 chat](https://discord.gg/cosmosnetwork).
 More on how releases are conducted can be found [here](./RELEASES.md).
 ## Security
 To report a security vulnerability, see our [bug bounty
-program](https://hackerone.com/tendermint).
+program](https://hackerone.com/cosmos). For examples of the kinds of bugs we're
-For examples of the kinds of bugs we're looking for, see [our security policy](SECURITY.md)
+looking for, see [our security policy](SECURITY.md).
-We also maintain a dedicated mailing list for security updates. We will only ever use this mailing list
+We also maintain a dedicated mailing list for security updates. We will only
-to notify you of vulnerabilities and fixes in Tendermint Core. You can subscribe [here](http://eepurl.com/gZ5hQD).
+ever use this mailing list to notify you of vulnerabilities and fixes in
 Tendermint Core. You can subscribe [here](http://eepurl.com/gZ5hQD).
 ## Minimum requirements
-| Requirement | Notes            |
+| Requirement | Notes             |
-| ----------- | ---------------- |
+|-------------|-------------------|
-| Go version  | Go1.18 or higher |
+| Go version  | Go 1.18 or higher |
 ## Documentation
 Complete documentation can be found on the [website](https://docs.tendermint.com/v0.34/).
 ### Install
-See the [install instructions](/docs/introduction/install.md).
+See the [install instructions](./docs/introduction/install.md).
 ### Quick Start
- [Single node](/docs/introduction/quick-start.md)
+- [Single node](./docs/introduction/quick-start.md)
- [Local cluster using docker-compose](/docs/networks/docker-compose.md)
+- [Local cluster using docker-compose](./docs/tools/docker-compose.md)
- [Remote cluster using Terraform and Ansible](/docs/networks/terraform-and-ansible.md)
+- [Remote cluster using Terraform and Ansible](./docs/tools/terraform-and-ansible.md)
 - [Join the Cosmos testnet](https://cosmos.network/testnet)
 ## Contributing
@@ -75,89 +79,97 @@ Please abide by the [Code of Conduct](CODE_OF_CONDUCT.md) in all interactions.
 Before contributing to the project, please take a look at the [contributing
 guidelines](CONTRIBUTING.md) and the [style guide](STYLE_GUIDE.md). You may also
-find it helpful to read the [specifications](./spec/), watch the [Developer
+find it helpful to read the [specifications](./spec/README.md), and familiarize
-Sessions](/docs/DEV_SESSIONS.md), and familiarize yourself with our
+yourself with our [Architectural Decision Records
-[Architectural Decision
+(ADRs)](./docs/architecture/README.md) and
-Records](https://github.com/tendermint/tendermint/tree/main/docs/architecture).
+[Request For Comments (RFCs)](./docs/rfc/README.md).
 ## Versioning
 ### Semantic Versioning
-Tendermint uses [Semantic Versioning](http://semver.org/) to determine when and how the version changes.
+Tendermint uses [Semantic Versioning](http://semver.org/) to determine when and
-According to SemVer, anything in the public API can change at any time before version 1.0.0
+how the version changes. According to SemVer, anything in the public API can
 change at any time before version 1.0.0
-To provide some stability to Tendermint users in these 0.X.X days, the MINOR version is used
+To provide some stability to users of 0.X.X versions of Tendermint, the MINOR
-to signal breaking changes across a subset of the total public API. This subset includes all
+version is used to signal breaking changes across Tendermint's API. This API
-interfaces exposed to other processes (cli, rpc, p2p, etc.), but does not
+includes all publicly exposed types, functions, and methods in non-internal Go
-include the Go APIs.
+packages as well as the types and methods accessible via the Tendermint RPC
 interface.
-That said, breaking changes in the following packages will be documented in the
+Breaking changes to these public APIs will be documented in the CHANGELOG.
 CHANGELOG even if they don't lead to MINOR version bumps:
 - crypto
 - config
 - libs
    - bech32
    - bits
    - bytes
    - json
    - log
    - math
    - net
    - os
    - protoio
    - rand
    - sync
    - strings
    - service
 - node
 - rpc/client
 - types
 ### Upgrades
-In an effort to avoid accumulating technical debt prior to 1.0.0,
+In an effort to avoid accumulating technical debt prior to 1.0.0, we do not
-we do not guarantee that breaking changes (ie. bumps in the MINOR version)
+guarantee that breaking changes (ie. bumps in the MINOR version) will work with
-will work with existing Tendermint blockchains. In these cases you will
+existing Tendermint blockchains. In these cases you will have to start a new
-have to start a new blockchain, or write something custom to get the old
+blockchain, or write something custom to get the old data into the new chain.
-data into the new chain. However, any bump in the PATCH version should be
+However, any bump in the PATCH version should be compatible with existing
-compatible with existing blockchain histories.
+blockchain histories.
 For more information on upgrading, see [UPGRADING.md](./UPGRADING.md).
 ### Supported Versions
-Because we are a small core team, we only ship patch updates, including security updates,
+Because we are a small core team, we only ship patch updates, including security
-to the most recent minor release and the second-most recent minor release. Consequently,
+updates, to the most recent minor release and the second-most recent minor
-we strongly recommend keeping Tendermint up-to-date. Upgrading instructions can be found
+release. Consequently, we strongly recommend keeping Tendermint up-to-date.
-in [UPGRADING.md](./UPGRADING.md).
+Upgrading instructions can be found in [UPGRADING.md](./UPGRADING.md).
 ## Resources
-### Tendermint Core
+### Libraries
-For details about the blockchain data structures and the p2p protocols, see the
+- [Cosmos SDK](http://github.com/cosmos/cosmos-sdk); A framework for building
-[Tendermint specification](./spec/).
+  applications in Golang
-
+- [Tendermint in Rust](https://github.com/informalsystems/tendermint-rs)
-For details on using the software, see the [documentation](/docs/) which is also
+- [ABCI Tower](https://github.com/penumbra-zone/tower-abci)
 hosted at: <https://docs.tendermint.com/v0.34/>
 ### Tools
 Benchmarking is provided by [`tm-load-test`](https://github.com/informalsystems/tm-load-test).
 Additional tooling can be found in [/docs/tools](/docs/tools).
 ### Applications
- [Cosmos SDK](http://github.com/cosmos/cosmos-sdk); a cryptocurrency application framework
+- [Cosmos Hub](https://hub.cosmos.network/)
- [Ethermint](http://github.com/cosmos/ethermint); Ethereum on Tendermint
+- [Terra](https://www.terra.money/)
- [Many more](https://tendermint.com/ecosystem)
+- [Celestia](https://celestia.org/)
 - [Anoma](https://anoma.network/)
 - [Vocdoni](https://docs.vocdoni.io/)
 ### Research
 - [The latest gossip on BFT consensus](https://arxiv.org/abs/1807.04938)
 - [Master's Thesis on Tendermint](https://atrium.lib.uoguelph.ca/xmlui/handle/10214/9769)
 - [Original Whitepaper: "Tendermint: Consensus Without Mining"](https://tendermint.com/static/docs/tendermint.pdf)
- [Blog](https://blog.cosmos.network/tendermint/home)
+- [Tendermint Core Blog](https://medium.com/tendermint/tagged/tendermint-core)
 - [Cosmos Blog](https://blog.cosmos.network/tendermint/home)
 ## Join us!
 Tendermint Core is maintained by [Interchain GmbH](https://interchain.berlin).
 If you'd like to work full-time on Tendermint Core,
 [we're hiring](https://interchain-gmbh.breezy.hr/)!
 Funding for Tendermint Core development comes primarily from the
 [Interchain Foundation](https://interchain.io), a Swiss non-profit. The
 Tendermint trademark is owned by [Tendermint Inc.](https://tendermint.com), the
 for-profit entity that also maintains [tendermint.com](https://tendermint.com).
 [bft]: https://en.wikipedia.org/wiki/Byzantine_fault_tolerance
 [smr]: https://en.wikipedia.org/wiki/State_machine_replication
 [Blockchain]: https://en.wikipedia.org/wiki/Blockchain
 [version-badge]: https://img.shields.io/github/tag/tendermint/tendermint.svg
 [version-url]: https://github.com/tendermint/tendermint/releases/latest
 [api-badge]: https://camo.githubusercontent.com/915b7be44ada53c290eb157634330494ebe3e30a/68747470733a2f2f676f646f632e6f72672f6769746875622e636f6d2f676f6c616e672f6764646f3f7374617475732e737667
 [api-url]: https://pkg.go.dev/github.com/tendermint/tendermint
 [go-badge]: https://img.shields.io/badge/go-1.18-blue.svg
 [go-url]: https://github.com/moovweb/gvm
 [discord-badge]: https://img.shields.io/discord/669268347736686612.svg
 [discord-url]: https://discord.gg/cosmosnetwork
 [license-badge]: https://img.shields.io/github/license/tendermint/tendermint.svg
 [license-url]: https://github.com/tendermint/tendermint/blob/main/LICENSE
 [sg-badge]: https://sourcegraph.com/github.com/tendermint/tendermint/-/badge.svg
 [sg-url]: https://sourcegraph.com/github.com/tendermint/tendermint?badge
 [tests-url]: https://github.com/tendermint/tendermint/actions/workflows/tests.yml
 [tests-badge]: https://github.com/tendermint/tendermint/actions/workflows/tests.yml/badge.svg?branch=main
 [lint-badge]: https://github.com/tendermint/tendermint/actions/workflows/lint.yml/badge.svg
 [lint-url]: https://github.com/tendermint/tendermint/actions/workflows/lint.yml
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,98 +2,146 @@
 ## Reporting a Bug
-As part of our [Coordinated Vulnerability Disclosure
+As part of our [Coordinated Vulnerability Disclosure Policy](https://tendermint.com/security),
-Policy](https://tendermint.com/security), we operate a [bug
+we operate a [bug bounty][hackerone]. See the policy for more
-bounty](https://hackerone.com/tendermint).
+details on submissions and rewards, and see "Example Vulnerabilities" (below)
-See the policy for more details on submissions and rewards, and see "Example Vulnerabilities" (below) for examples of the kinds of bugs we're most interested in.
+for examples of the kinds of bugs we're most interested in.
-### Guidelines 
+### Guidelines
 We require that all researchers:
-* Use the bug bounty to disclose all vulnerabilities, and avoid posting vulnerability information in public places, including Github Issues, Discord channels, and Telegram groups
+* Use the bug bounty to disclose all vulnerabilities, and avoid posting
-* Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems (including but not limited to the Cosmos Hub), and destruction of data
+  vulnerability information in public places, including Github Issues, Discord
-* Keep any information about vulnerabilities that you’ve discovered confidential between yourself and the Tendermint Core engineering team until the issue has been resolved and disclosed 
+  channels, and Telegram groups
 * Make every effort to avoid privacy violations, degradation of user experience,
  disruption to production systems (including but not limited to the Cosmos
  Hub), and destruction of data
 * Keep any information about vulnerabilities that you’ve discovered confidential
  between yourself and the Tendermint Core engineering team until the issue has
  been resolved and disclosed
 * Avoid posting personally identifiable information, privately or publicly
 If you follow these guidelines when reporting an issue to us, we commit to:
-* Not pursue or support any legal action related to your research on this vulnerability
+* Not pursue or support any legal action related to your research on this
-* Work with you to understand, resolve and ultimately disclose the issue in a timely fashion 
+  vulnerability
 * Work with you to understand, resolve and ultimately disclose the issue in a
  timely fashion
-## Disclosure Process 
+## Disclosure Process
 Tendermint Core uses the following disclosure process:
-1. Once a security report is received, the Tendermint Core team works to verify the issue and confirm its severity level using CVSS. 
+1. Once a security report is received, the Tendermint Core team works to verify
-2. The Tendermint Core team collaborates with the Gaia team to determine the vulnerability’s potential impact on the Cosmos Hub. 
+   the issue and confirm its severity level using CVSS.
-3. Patches are prepared for eligible releases of Tendermint in private repositories. See “Supported Releases” below for more information on which releases are considered eligible. 
+2. The Tendermint Core team collaborates with the Gaia team to determine the
-4. If it is determined that a CVE-ID is required, we request a CVE through a CVE Numbering Authority. 
+   vulnerability’s potential impact on the Cosmos Hub.
-5. We notify the community that a security release is coming, to give users time to prepare their systems for the update. Notifications can include forum posts, tweets, and emails to partners and validators, including emails sent to the [Tendermint Security Mailing List](https://berlin.us4.list-manage.com/subscribe?u=431b35421ff7edcc77df5df10&id=3fe93307bc).
+3. Patches are prepared for eligible releases of Tendermint in private
-6. 24 hours following this notification, the fixes are applied publicly and new releases are issued. 
+   repositories. See “Supported Releases” below for more information on which
-7. Cosmos SDK and Gaia update their Tendermint Core dependencies to use these releases, and then themselves issue new releases. 
+   releases are considered eligible.
-8. Once releases are available for Tendermint Core, Cosmos SDK and Gaia, we notify the community, again, through the same channels as above. We also publish a Security Advisory on Github and publish the CVE, as long as neither the Security Advisory nor the CVE include any information on how to exploit these vulnerabilities beyond what information is already available in the patch itself. 
+4. If it is determined that a CVE-ID is required, we request a CVE through a CVE
-9. Once the community is notified, we will pay out any relevant bug bounties to submitters. 
+   Numbering Authority.
-10. One week after the releases go out, we will publish a post with further details on the vulnerability as well as our response to it. 
+5. We notify the community that a security release is coming, to give users time
   to prepare their systems for the update. Notifications can include forum
   posts, tweets, and emails to partners and validators, including emails sent
   to the [Tendermint Security Mailing List][tmsec-mailing].
 6. 24 hours following this notification, the fixes are applied publicly and new
   releases are issued.
 7. Cosmos SDK and Gaia update their Tendermint Core dependencies to use these
   releases, and then themselves issue new releases.
 8. Once releases are available for Tendermint Core, Cosmos SDK and Gaia, we
   notify the community, again, through the same channels as above. We also
   publish a Security Advisory on Github and publish the CVE, as long as neither
   the Security Advisory nor the CVE include any information on how to exploit
   these vulnerabilities beyond what information is already available in the
   patch itself.
 9. Once the community is notified, we will pay out any relevant bug bounties to
   submitters.
 10. One week after the releases go out, we will publish a post with further
    details on the vulnerability as well as our response to it.
-This process can take some time. Every effort will be made to handle the bug in as timely a manner as possible, however it's important that we follow the process described above to ensure that disclosures are handled consistently and to keep Tendermint Core and its downstream dependent projects--including but not limited to Gaia and the Cosmos Hub--as secure as possible. 
+This process can take some time. Every effort will be made to handle the bug in
 as timely a manner as possible, however it's important that we follow the
 process described above to ensure that disclosures are handled consistently and
 to keep Tendermint Core and its downstream dependent projects--including but not
 limited to Gaia and the Cosmos Hub--as secure as possible.
-### Example Timeline 
+### Example Timeline
-The following is an example timeline for the triage and response. The required roles and team members are described in parentheses after each task; however, multiple people can play each role and each person may play multiple roles. 
+The following is an example timeline for the triage and response. The required
 roles and team members are described in parentheses after each task; however,
 multiple people can play each role and each person may play multiple roles.
-#### > 24 Hours Before Release Time
+#### 24+ Hours Before Release Time
-1. Request CVE number (ADMIN) 
+1. Request CVE number (ADMIN)
-2. Gather emails and other contact info for validators (COMMS LEAD) 
+2. Gather emails and other contact info for validators (COMMS LEAD)
-3. Test fixes on a testnet  (TENDERMINT ENG, COSMOS ENG) 
+3. Create patches in a private security repo, and ensure that PRs are open
-4. Write “Security Advisory” for forum (TENDERMINT LEAD) 
+   targeting all relevant release branches (TENDERMINT ENG, TENDERMINT LEAD)
 4. Test fixes on a testnet  (TENDERMINT ENG, COSMOS SDK ENG)
 5. Write “Security Advisory” for forum (TENDERMINT LEAD)
 #### 24 Hours Before Release Time
-1. Post “Security Advisory” pre-notification on forum (TENDERMINT LEAD) 
+1. Post “Security Advisory” pre-notification on forum (TENDERMINT LEAD)
-2. Post Tweet linking to forum post (COMMS LEAD) 
+2. Post Tweet linking to forum post (COMMS LEAD)
-3. Announce security advisory/link to post in various other social channels (Telegram, Discord) (COMMS LEAD) 
+3. Announce security advisory/link to post in various other social channels
-4. Send emails to validators or other users (PARTNERSHIPS LEAD) 
+   (Telegram, Discord) (COMMS LEAD)
 4. Send emails to validators or other users (PARTNERSHIPS LEAD)
 #### Release Time
-1. Cut Tendermint releases for eligible versions (TENDERMINT ENG, TENDERMINT LEAD)
+1. Cut Tendermint releases for eligible versions (TENDERMINT ENG, TENDERMINT
   LEAD)
 2. Cut Cosmos SDK release for eligible versions (COSMOS ENG)
 3. Cut Gaia release for eligible versions (GAIA ENG)
 4. Post “Security releases” on forum (TENDERMINT LEAD)
 5. Post new Tweet linking to forum post (COMMS LEAD)
-6. Remind everyone via social channels (Telegram, Discord)  that the release is out (COMMS LEAD)
+6. Remind everyone via social channels (Telegram, Discord)  that the release is
-7. Send emails to validators or other users (COMMS LEAD) 
+   out (COMMS LEAD)
-8. Publish Security Advisory and CVE, if CVE has no sensitive information (ADMIN) 
+7. Send emails to validators or other users (COMMS LEAD)
 8. Publish Security Advisory and CVE, if CVE has no sensitive information
   (ADMIN)
 #### After Release Time
 1. Write forum post with exploit details (TENDERMINT LEAD)
-2. Approve pay-out on HackerOne for submitter (ADMIN) 
+2. Approve pay-out on HackerOne for submitter (ADMIN)
 #### 7 Days After Release Time
-1. Publish CVE if it has not yet been published (ADMIN) 
+1. Publish CVE if it has not yet been published (ADMIN)
 2. Publish forum post with exploit details (TENDERMINT ENG, TENDERMINT LEAD)
 ## Supported Releases
-The Tendermint Core team commits to releasing security patch releases for both the latest minor release as well for the major/minor release that the Cosmos Hub is running. 
+The Tendermint Core team commits to releasing security patch releases for both
 the latest minor release as well for the major/minor release that the Cosmos Hub
 is running.
-If you are running older versions of Tendermint Core, we encourage you to upgrade at your earliest opportunity so that you can receive security patches directly from the Tendermint repo. While you are welcome to backport security patches to older versions for your own use, we will not publish or promote these backports. 
+If you are running older versions of Tendermint Core, we encourage you to
 upgrade at your earliest opportunity so that you can receive security patches
 directly from the Tendermint repo. While you are welcome to backport security
 patches to older versions for your own use, we will not publish or promote these
 backports.
 ## Scope
-The full scope of our bug bounty program is outlined on our [Hacker One program page](https://hackerone.com/tendermint). Please also note that, in the interest of the safety of our users and staff, a few things are explicitly excluded from scope:
+The full scope of our bug bounty program is outlined on our
 [Hacker One program page][hackerone]. Please also note that, in the interest of
 the safety of our users and staff, a few things are explicitly excluded from
 scope:
-* Any third-party services 
+* Any third-party services
-* Findings from physical testing, such as office access 
+* Findings from physical testing, such as office access
 * Findings derived from social engineering (e.g., phishing)
-## Example Vulnerabilities 
+## Example Vulnerabilities
-The following is a list of examples of the kinds of vulnerabilities that we’re most interested in. It is not exhaustive: there are other kinds of issues we may also be interested in! 
+The following is a list of examples of the kinds of vulnerabilities that we’re
 most interested in. It is not exhaustive: there are other kinds of issues we may
 also be interested in!
 ### Specification
@@ -105,7 +153,8 @@ The following is a list of examples of the kinds of vulnerabilities that we’re
 Assuming less than 1/3 of the voting power is Byzantine (malicious):
-* Validation of blockchain data structures, including blocks, block parts, votes, and so on
+* Validation of blockchain data structures, including blocks, block parts,
  votes, and so on
 * Execution of blocks
 * Validator set changes
 * Proposer round robin
@@ -114,6 +163,9 @@ Assuming less than 1/3 of the voting power is Byzantine (malicious):
 * A node halting (liveness failure)
 * Syncing new and old nodes
 Assuming more than 1/3 the voting power is Byzantine:
 * Attacks that go unpunished (unhandled evidence)
 ### Networking
@@ -139,7 +191,7 @@ Attacks may come through the P2P network or the RPC layer:
 ### Libraries
-* Serialization (Amino)
+* Serialization
 * Reading/Writing files and databases
 ### Cryptography
@@ -150,5 +202,8 @@ Attacks may come through the P2P network or the RPC layer:
 ### Light Client
-* Core verification 
+* Core verification
 * Bisection/sequential algorithms
 [hackerone]: https://hackerone.com/cosmos
 [tmsec-mailing]: https://berlin.us4.list-manage.com/subscribe?u=431b35421ff7edcc77df5df10&id=3fe93307bc
--- a/UPGRADING.md
+++ b/UPGRADING.md
@@ -1,6 +1,7 @@
 # Upgrading Tendermint Core
-This guide provides instructions for upgrading to specific versions of Tendermint Core.
+This guide provides instructions for upgrading to specific versions of
 Tendermint Core.
 ## v0.34.20
@@ -23,7 +24,7 @@ Refactor](https://github.com/tendermint/tendermint/blob/main/docs/architecture/a
 This release is not compatible with previous blockchains due to changes to
 the encoding format (see "Protocol Buffers," below) and the block header (see "Blockchain Protocol").
-Note also that Tendermint 0.34 also requires Go 1.15 or higher.
+Note also that Tendermint 0.34 also requires Go 1.16 or higher.
 ### ABCI Changes
@@ -64,12 +65,9 @@ directory. For more, see "Protobuf," below.
 ### Blockchain Protocol
-* `Header#LastResultsHash` previously was the root hash of a Merkle tree built from `ResponseDeliverTx(Code, Data)` responses.
+* `Header#LastResultsHash`, which is the root hash of a Merkle tree built from
-  As of 0.34,`Header#LastResultsHash` is now the root hash of a Merkle tree built from:
+  `ResponseDeliverTx(Code, Data)` as of v0.34 also includes `GasWanted` and `GasUsed`
-    * `BeginBlock#Events`
+  fields.
    * Root hash of a Merkle tree built from `ResponseDeliverTx(Code, Data,
      GasWanted, GasUsed, Events)` responses
    * `BeginBlock#Events`
 * Merkle hashes of empty trees previously returned nothing, but now return the hash of an empty input,
  to conform with [RFC-6962](https://tools.ietf.org/html/rfc6962).
@@ -159,7 +157,7 @@ The `bech32` package has moved to the Cosmos SDK:
 ### CLI
 The `tendermint lite` command has been renamed to `tendermint light` and has a slightly different API.
-See [the docs](https://docs.tendermint.com/v0.34/tendermint-core/light-client-protocol.html#http-proxy) for details.
+See [the docs](https://docs.tendermint.com/v0.33/tendermint-core/light-client-protocol.html#http-proxy) for details.
 ### Light Client
@@ -173,6 +171,7 @@ Other user-relevant changes include:
 * The `Verifier` was broken up into two pieces:
    * Core verification logic (pure `VerifyX` functions)
    * `Client` object, which represents the complete light client
 * The new light client stores headers and validator sets as `LightBlock`s
 * The RPC client can be found in the `/rpc` directory.
 * The HTTP(S) proxy is located in the `/proxy` directory.
@@ -314,7 +313,7 @@ Evidence Params has been changed to include duration.
 ### RPC Changes
 * `/validators` is now paginated (default: 30 vals per page)
-* `/block_results` response format updated [see RPC docs for details](https://docs.tendermint.com/v0.34/rpc/#/Info/block_results)
+* `/block_results` response format updated [see RPC docs for details](https://docs.tendermint.com/v0.33/rpc/#/Info/block_results)
 * Event suffix has been removed from the ID in event responses
 * IDs are now integers not `json-client-XYZ`
@@ -433,11 +432,11 @@ the compilation tag:
 Use `cleveldb` tag instead of `gcc` to compile Tendermint with CLevelDB or
 use `make build_c` / `make install_c` (full instructions can be found at
-<https://tendermint.com/docs/introduction/install.html#compile-with-cleveldb-support>)
+<https://docs.tendermint.com/v0.33/introduction/install.html#compile-with-cleveldb-support>)
 ## v0.31.0
-This release contains a breaking change to the behaviour of the pubsub system.
+This release contains a breaking change to the behavior of the pubsub system.
 It also contains some minor breaking changes in the Go API and ABCI.
 There are no changes to the block or p2p protocols, so v0.31.0 should work fine
 with blockchains created from the v0.30 series.
@@ -455,7 +454,7 @@ In this case, the WS client will receive an error with description:
  "error": {
    "code": -32000,
    "msg": "Server error",
-    "data": "subscription was cancelled (reason: client is not pulling messages fast enough)" // or "subscription was cancelled (reason: Tendermint exited)"
+    "data": "subscription was canceled (reason: client is not pulling messages fast enough)" // or "subscription was canceled (reason: Tendermint exited)"
  }
 }
@@ -636,7 +635,7 @@ to `timeout_propose = "3s"`.
 ### RPC Changes
-The default behaviour of `/abci_query` has been changed to not return a proof,
+The default behavior of `/abci_query` has been changed to not return a proof,
 and the name of the parameter that controls this has been changed from `trusted`
 to `prove`. To get proofs with your queries, ensure you set `prove=true`.