0xPolygon/bor - v2.8.3 New

Published: Jun 12, 2026

Release Summary

Bor v2.8.3 is a maintenance release that introduces significant improvements in security, performance, and stability. Key changes include a hardened and full-featured gRPC server, a more efficient block-building prefetcher, and crucial bug fixes that resolve deadlocks and high memory usage.

Critical Security Enhancement (Breaking Change)

Hardened gRPC Server: The gRPC server, which was previously enabled by default on all network interfaces without authentication, is now disabled by default and binds to 127.0.0.1 (localhost). This fixes a high-severity vulnerability (CVSS 8.6) that could allow remote attackers to cause denial-of-service. Operators relying on the gRPC server must now explicitly enable it with the --grpc.enabled flag.

Key Features & Performance

Full gRPC Backend for Heimdall: A complete, opt-in gRPC server is now available for Heimdall-Bor communication. Benchmarks show significant performance gains, including up to a 77% latency reduction for critical consensus calls and 50-67% fewer memory allocations. To enable, use --grpc.enabled on Bor and configure Heimdall accordingly.
Smarter Block-Building Prefetcher: A new builder-phase streaming prefetcher has been introduced. It follows the live block build process to warm the state cache, moving from speculative prefetching to a more deterministic approach. This reduces cache misses and improves block processing efficiency, especially for contract-heavy blocks.
Tracing for State-Sync Transactions: Full tracing support for state-sync transactions (post-Madhugiri) is now available across the debug_* RPC namespace, providing better visibility for developers. The legacy debug_traceBorBlock RPC method has been removed in favor of the standard debug_traceBlockBy* methods.

Major Stability and Bug Fixes

Automatic Fork Recovery: A critical deadlock that prevented nodes from automatically recovering after a fork has been fixed. Previously, this situation required a manual chain data wipe. Nodes can now automatically rewind and resync from peers in case of a milestone hash mismatch.
Memory Usage Fix on Startup: An issue causing exponential memory growth during the trie preload phase on restart has been resolved. This prevents nodes from stalling for hours due to excessive memory usage.
Stale State on Non-Validators Fixed: Non-validator nodes will no longer have a stale pending state, which caused RPC calls like eth_estimateGas to fail with "insufficient funds" errors after validator rotations.
Miner Stability: Several silent stall paths in the block producer's state machine have been fixed, improving overall reliability for validators.

Configuration & Other Improvements

Witness Filestore Enabled by Default: Filesystem-based witness storage is now enabled by default for new nodes.
Disable Snap Protocol Serving: A new flag, --p2p.nosnap, allows operators to use the in-memory snapshot for faster local state reads without the network overhead of serving snap sync data to other peers. This is particularly useful for block producers.
Disable Pending Block Creation: A new flag, --miner.disable-pending-block, can be used to disable the pending block creation loop, which may be useful for non-RPC nodes to reduce overhead.
Updated Amoy Testnet Peers: The list of static bootnodes for the Amoy testnet has been updated.

Release Notes

Bor v2.8.3 is a maintenance release containing bug fixes across the miner and consensus engine, a full gRPC server implementation (disabled by default), a builder-phase streaming prefetcher, and observability, configuration, and build improvements.

## What's Changed

### Features

* (feat): disable pending block creation loop via flag by @manav2401 in https://github.com/0xPolygon/bor/pull/2175
* consensus/bor, internal/cli: full grpc implementation by @marcello33 in https://github.com/0xPolygon/bor/pull/2194
* prefetcher: builder-phase prefetch + streaming worker pool by @lucca30 in https://github.com/0xPolygon/bor/pull/2192
* (feat): tracing support for state-sync transactions by @manav2401 in https://github.com/0xPolygon/bor/pull/2236
* security: harden gRPC server — disable by default, bind to localhost by @harshinsecurity in https://github.com/0xPolygon/bor/pull/2078

### Bug Fixes

* consensus: fix milestone-mismatch rewind deadlock by @kamuikatsurgi in https://github.com/0xPolygon/bor/pull/2246
* consensus/bor, miner: fix stale pending state for non-validator nodes by @cffls in https://github.com/0xPolygon/bor/pull/2183
* miner, consensus/bor: fix leaked-wedge family in worker state machine by @cffls in https://github.com/0xPolygon/bor/pull/2220
* miner: drop PeerCount==0 gate in mainLoop by @cffls in https://github.com/0xPolygon/bor/pull/2238
* consensus/bor: fix race in SpanStore.PurgeCache by @lucca30 in https://github.com/0xPolygon/bor/pull/2235
* miner: disable tracer in vm.Config to prevent conflicts during block synchronization by @maoueh in https://github.com/0xPolygon/bor/pull/2206
* ethapi: include pre-Madhugiri state-sync logs in bor_getLogs by @LarryArnault45 in https://github.com/0xPolygon/bor/pull/2155
* eth: stop dialing before waiting on handler shutdown by @LarryArnault45 in https://github.com/0xPolygon/bor/pull/2158
* eth: cancel milestone subscriber on shutdown by @kamuikatsurgi in https://github.com/0xPolygon/bor/pull/2199
* core/state: fix GetWriteMapDump write-set output by @AaronAjose in https://github.com/0xPolygon/bor/pull/2156
* core/types: guard (*Header).GetValidatorBytes against short Extra by @kajaaz in https://github.com/0xPolygon/bor/pull/2222
* triedb/pathdb: fix exponential memory growth in preload BFS by @lucca30 in https://github.com/0xPolygon/bor/pull/2187
* rawdb: recover witness size from filesystem metadata miss by @AaronAjose in https://github.com/0xPolygon/bor/pull/2200
* metrics, build: fix time.Tick resource leaks and oss-fuzz shebang by @haoyu-haoyu in https://github.com/0xPolygon/bor/pull/2145
* Fix triejournaldirectory wiring by @jschnelder in https://github.com/0xPolygon/bor/pull/2213

### Observability & Metrics

* metrics: fix ResettingSample Prometheus _count monotonicity by @lake-dunamu in https://github.com/0xPolygon/bor/pull/2174
* miner, consensus: more block building metrics by @manav2401 in https://github.com/0xPolygon/bor/pull/2228
* miner: format build-block log times as RFC3339Nano, gate on IsRunning by @kamuikatsurgi in https://github.com/0xPolygon/bor/pull/2239

### Configuration & CLI

* internal/cli: enabled witness filestore by default by @pratikspatil024 in https://github.com/0xPolygon/bor/pull/2191
* templates: replace dead witnessprotocol with witness.enable hint by @apetro2 in https://github.com/0xPolygon/bor/pull/2204
* packaging/docs: replace deprecated rpc.batchlimit key by @odupontt in https://github.com/0xPolygon/bor/pull/2216
* p2p: add flag to disable snap/1 serving by @lucca30 in https://github.com/0xPolygon/bor/pull/2152
* Fixing amoy static peers by @sanketsaagar in https://github.com/0xPolygon/bor/pull/2209

### Testing, CI & Build

* all: fix nightly race test flakes by @cffls in https://github.com/0xPolygon/bor/pull/2193
* core/vm: add hardfork precompile continuity checks by @pratikspatil024 in https://github.com/0xPolygon/bor/pull/2234
* miner: fix TestPrefetchRaceWithSetExtra deadlock by @wjmelements in https://github.com/0xPolygon/bor/pull/2233
* ethclient: bound tx indexing wait in tests by @LarryArnault45 in https://github.com/0xPolygon/bor/pull/2211
* eth/fetcher: refactor witness_manager to reduce complexity by @cffls in https://github.com/0xPolygon/bor/pull/2188
* build: bump Go to 1.26.2 and 1.26.3 to fix stdlib CVEs by @lucca30 in https://github.com/0xPolygon/bor/pull/2189 and https://github.com/0xPolygon/bor/pull/2230
* build: bump x/net for govulncheck by @lucca30 in https://github.com/0xPolygon/bor/pull/2240
* build(deps): bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 by @dependabot in https://github.com/0xPolygon/bor/pull/2182
* ci: fix kurtosis setup/cleanup action paths by @cffls in https://github.com/0xPolygon/bor/pull/2223

## New Contributors

* @lake-dunamu made their first contribution in https://github.com/0xPolygon/bor/pull/2174
* @harshinsecurity made their first contribution in https://github.com/0xPolygon/bor/pull/2078
* @AaronAjose made their first contribution in https://github.com/0xPolygon/bor/pull/2156
* @haoyu-haoyu made their first contribution in https://github.com/0xPolygon/bor/pull/2145
* @kajaaz made their first contribution in https://github.com/0xPolygon/bor/pull/2222
* @apetro2 made their first contribution in https://github.com/0xPolygon/bor/pull/2204
* @odupontt made their first contribution in https://github.com/0xPolygon/bor/pull/2216
* @jschnelder made their first contribution in https://github.com/0xPolygon/bor/pull/2213

**Full Changelog**: https://github.com/0xPolygon/bor/compare/v2.8.2...v2.8.3

Links

Back to 0xPolygon/bor releases