4.0.22

Base image

• Updated container base image.

6.0.0-dev0

Changed

• The set_jwt_issuer governance action has been updated, and no longer accepts key_filter or key_policy arguments (#6450).
• Nodes started in Join mode will shut down if they receive an unrecoverable condition such as StartupSeqnoIsOld or InvalidQuote when attempting to join (#6471, #6489).
• In configuration, attestation.snp_endorsements_servers can specify a max_retries_count. If the count has been exhausted without success for all configured servers, the node will shut down (#6478).
• When deciding which nodes are allowed to join, only UVM roots of trust defined in public:ccf.gov.nodes.snp.uvm_endorsements are considered (#6489).

Removed

• SGX Platform support.

Added

• Provided API for getting COSE signatures and Merkle proofs (#6477).
• Exposed COSE signature in historical API via TxReceiptImpl.
• Introduced ccf::describe_merkle_proof_v1(receipt) for Merkle proof construction in CBOR format.
• Added COSE signatures over the Merkle root to the KV (#6449).
• Signing is done with service key (different from raw signatures, which remain unchanged and are still signed by the node key).
• New signature reside in public:ccf.internal.cose_signatures.

5.0.6

Bug fixes

• Added COSE signature verification to consume signature transactions from upgraded primary (#6495).

5.0.5

Bug fix

• Nodes can be started in recovery mode from a snapshot alone (#6472)

4.0.21

Base image

• Updated container base image.

5.0.4

Bug fix

• JWT authentication correctly parses certificates that contain other certificates (#6440)

5.0.3

Changed

• Improved JWT authentication error messages (#6427).

Bug fix

• In GET gov/service/javascript-app, openApi now correctly returns the schema set for the endpoint (#6430)

5.0.2

Developer API

C++

• RSAKeyPair::sign and RSAKeyPair::verify now use RSA-PSS instead of RSASSA-PKCS1-v1_5.
• Users can specify salt_length (defaulted to 0).

TypeScript/JavaScript

• ccfapp.crypto.sign() and ccfapp.crypto.verifySignature() no longer support RSASSA-PKCS1-v1_5, instead RSA-PSS has been added.
• SigningAlgorithm has been extended with optional saltLength, defaulted to 0 if not passed.

Bug Fixes

• The /tx endpoint returns more accurate error messages for incorrectly formed transactions ids (#6359).

4.0.20

Base image

• Updated container base image.

5.0.1

Bug Fixes

• All public headers now correctly set pragma once (#6388, #6389)

Dependencies

• Base image refresh for containers (#6394, #6395)
• Python cryptography package requirement raised to 43.* (#6385)