4.0.14

Fixed

• Nodes are now more robust to unexpected traffic on node-to-node ports (#5889).
• ccf.crypto.digest and ccf.crypto.isValidX509CertBundle are accessible again through ccf.digest and ccf.isValidX509CertBundle, to faciliate migration of CCF 3.x-era constitutions. The constitution sample under samples/constitutions/default/actions.js has been updated to show how migration is possible without relying on aliasing in 4.x.

5.0.0-dev11

Removed

• ccf::historical::adapter_v2 is removed, replaced by ccf::historical::adapter_v3 first introduced in 2.0.0.
• ccf::EnclaveAttestationProvider has been removed. It is replaced by ccf::AttestationProvider
• The attestation.environment.security_context_directory configuration entry and --snp-security-context-dir-var CLI option have been removed. SNP collateral must now be provided through the snp_security_policy_file, snp_uvm_endorsements_file and snp_endorsement_servers configuration values. See documentation for details and platform-specific configuration samples.

MCR Docker Images: App Development, C++ Runtime, TypeScript/JavaScript Runtime

5.0.0-dev10

• The url field in snp_endorsements_servers can now contain environment variables that will be resolved at startup, such as "$Fabric_NodeIPOrFQDN:2377" (#5862).
• Add a new snp_security_policy_file configuration value under attestation, superseding the lookup from $UVM_SECURITY_CONTEXT_DIR. The value can contain environment variables, for example: "snp_security_policy_file": "$UVM_SECURITY_CONTEXT_DIR/security-policy-base64".
• Add a new snp_uvm_endorsements_file configuration value under attestation, superseding the lookup from $UVM_SECURITY_CONTEXT_DIR. The value can contain environment variables, for example: "snp_uvm_endorsements_file": "$UVM_SECURITY_CONTEXT_DIR/reference-info-base64". This value can come from an untrusted location, like snp_security_policy_file and AMD endorsements (fetched from snp_endorsements_servers), because the CCF code contains pre-defined roots of trust.

MCR Docker Images: App Development, C++ Runtime, TypeScript/JavaScript Runtime

5.0.0-dev9

• snp_endorsements_servers now supports a THIM type, which is the recommended value when running in Confidential AKS preview.

MCR Docker Images: App Development, C++ Runtime, TypeScript/JavaScript Runtime

5.0.0-dev8

• ccf.crypto.generateEddsaKeyPair, pubEddsaPemToJwk and eddsaPemToJwk now support x25519 as well as curve25519 (#5846).
• POST /recovery/members/{memberId}:recover is now authenticated by COSE Sign1, making it consistent with the other POST endpoints in governance, and avoiding a potential denial of service where un-authenticated and un-authorised clients could submit invalid shares repeatedly. The submit_recovery_share.sh script has been amended accordingly, and now takes a --member-id-privk and --member-id-cert (#5821).
• CCF can now fetch SEV-SNP attestations from kernel 6.0 and above (#5848).

MCR Docker Images: App Development, C++ Runtime, TypeScript/JavaScript Runtime

5.0.0-dev7

• POST /recovery/members/{memberId}:recover is now authenticated by COSE Sign1, making it consistent with the other POST endpoints in governance, and avoiding a potential denial of service where un-authenticated and un-authorised clients could submit invalid shares repeatedly. The submit_recovery_share.sh script has been amended accordingly, and now takes a --member-id-privk and --member-id-cert (#5821).

MCR Docker Images: App Development, C++ Runtime, TypeScript/JavaScript Runtime

5.0.0-dev6

• Lifted parser size limits on forwarded request from default values to more permissive ones. Note that the limits set out on the interface of the inbound node still apply (#5803).
• ccf.crypto.unwrapKey() has been added to the JS API (#5792).

MCR Docker Images: App Development, C++ Runtime, TypeScript/JavaScript Runtime

4.0.12

• Lifted parser size limits on forwarded request from default values to more permissive ones. Note that the limits set out on the interface of the inbound node still apply (#5803).

5.0.0-dev5

• In governance contexts, JS runtimes now only use runtime limits from the public:ccf.gov.js_runtime_options map if they are strictly higher than the defaults (#5730).
• Fixed an issue where a JS runtime limit could be hit out of user code execution, leading to an incorrectly constructed JS runtime or a crash (#5730).
• Added a GET /node/primary endpoint, returning 200 when primary and 404 when not, for load balancers to use (#5789).

MCR Docker Images: App Development, C++ Runtime, TypeScript/JavaScript Runtime

4.0.11

• Path to the enclave file should now be passed as --enclave-file CLI argument to cchost, rather than enclave.file entry within configuration file. A potential SNP security context directory environment variable override, where desired, should now be passed as --snp-security-context-dir-var CLI argument to cchost, rather than attestation.environment.security_context_directory entry within configuration file. This is to ensure that these values are attested on Confidential Containers/SNP, even if the configuration itself is provided from un-attested storage, such as an external mount. The configuration entries are deprecated, and will be removed in a future release.
• A new versioned governance API is now available, with the api-version=2023-06-01-preview query parameter. This will fully replace the previous governance endpoints, which will be removed in a future release. A guide to aid in upgrading from the previous API is available here
• Added a consensus.max_uncommitted_tx_count configuration option, which specifies the maximum number of transactions that can be pending on the primary. When that threshold is exceeded, a 503 Service Unavailable is temporarily returned on all but the /node/* paths (#5692).
• In governance contexts, JS runtimes now only use runtime limits from the public:ccf.gov.js_runtime_options map if they are strictly higher than the defaults (#5730).
• Fixed an issue where a JS runtime limit could be hit out of user code execution, leading to an incorrectly constructed JS runtime or a crash (#5730).