-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

If you are running a wallet on an exchange, payment gateway, or service, please pay attention to the following message.

The Monero Vulnerability Response workgroup has received a disclosure of a wallet bug related to coinbase transactions, that could be disruptive to anyone running a wallet on an exchange, payment gateway, or service. There will be a patch released on GitHub on March the 6th, 2019, at 4pm GMT, so in about 4 days.

In the meantime, you can be safe against anyone trying to exploit this bug by running "set refresh-type no-coinbase" in monero-wallet-cli. Note that you will need to first close monero-wallet-rpc, and open the wallet with monero-wallet-cli. This should be set for every wallet you're running. This is a persistent flag, so once you quit monero-wallet-cli and start monero-wallet-rpc on that same wallet, the setting will persist.

NB: this is not a consensus bug, there is no double spend, it does not allow coins to be created out of thin air, etc.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEElLc43TUBMvWsvuodVUMt8xzNT80FAlx7tfoACgkQVUMt8xzN
T80VNAf+PKYPaagcGVIhnPCINqSIX/dw9tRMMMaE4q0u1AFTyZz6ynYuVFJrX6Ir
JoMThLf+wQAKlkBoxiSeLskWJ2ILpoP6S+CfZzBzFRYWTwy6NlTZT9WndSFTXPlJ
A/cLTfiHsmzLMc9fiwbcaZI3okcG2XEP7eXkwx5ocUhe1LV77a9Q5CuV1gt8siXA
i1eWNvH1KF33vctwmCvmF3yQf9mGJF4v2eG8IWre4Xr6TBqr4UndL3sBPGy5OS++
IrpBAv1ycTvHWmL2GKVt3AmdA4WwUhBBw7u0Reh1PpLAAWiFdHb5tYZbD9CCryjB
N2lKh+EyNb1DY0GWq4kHxgbMFN7LpA==
=6Pr5
-----END PGP SIGNATURE-----