7.0.0-dev12

Added

• Backup nodes can now be configured to automatically fetch snapshots from the primary when snapshot evidence is detected. This is controlled by the snapshots.backup_fetch configuration section, with enabled, max_attempts, retry_interval, max_size and target_rpc_interface options. Note that the target RPC interface selected must have the SnapshotRead operator feature enabled.
• Added ccf::IdentityHistoryNotFetched exception type to distinguish identity-history-fetching errors from other logic errors in the network identity subsystem (#7708).
• Added ccf::describe_cose_receipt_v1(receipt) to obtain COSE receipts with Merkle proof in unprotected header for non-signature TXs, and empty unprotected header for signature TXs (#7700).
• NetworkIdentitySubsystemInterface now exposes get_trusted_keys(), returning all trusted network identity keys as a TrustedKeys map (#7690).
• Added support for self-transparent code update policies (#7681).

Changed

• On recovery, the UVM descriptor SVN is now set to the minimum of the previously stored value in the KV and the value found in the new node's startup endorsements. On start, the behaviour is unchanged (#7716).
• Refactored the user facing surface of self-healing-open and local sealing. The whole feature is now sealing-recovery with self-healing-open now referred to as the recovery-decision-protocol (#7679).
• Local sealing is enabled by setting the sealing-recovery config field (for both the sealing node, and the unsealing recovery node).
• The local sealing identity is under sealing-recovery.location.name.
• The recovery-decision-protocol is configured via sealing-recovery.recovery_decision_protocol.
• Snapshots now carry COSE receipts, JSON receipts are no longer included (#7711).

6.0.24

Fixed

• Fix race condition when initialising a ledger secret's commit secret (#7689)
• Add missing cases for FailedInvalidCPUID and FailedInvalidTcbVersion in quote verification error handling (#7696).
• On recovery, the UVM descriptor SVN is now set to the minimum of the previously stored value in the KV and the value found in the new node's startup endorsements. On start, the behaviour is unchanged (#7716).

7.0.0-dev11

Changed

• When fetch_recent_snapshot is enabled, snapshot fetching now occurs in response to a StartupSeqnoIsOld error during join, rather than eagerly at startup. Fetched snapshots are verified before use, and corrupt local snapshots are skipped. See documentation (#7630).

7.0.0-dev10

Added

• GET and HEAD /node/ledger-chunk?since={seqno} and /node/ledger-chunk/{chunk_name} endpoints, gated by the LedgerChunkDownload RPC interface operator feature. See documentation for more detail.
• GET and HEAD /node/ledger-chunk/{chunk_name} and /node/snapshot/{snapshot_name} now support the Want-Repr-Digest request header and return the Repr-Digest response header accordingly (RFC 9530). Supported algorithms are sha-256, sha-384, and sha-512. If no supported algorithm is requested, the server defaults to sha-256 (#7650).
• ETag and If-None-Match support on GET /node/ledger-chunk/{chunk_name}, using SHA-256 by default for the ETag response header. Clients can supply If-None-Match with sha-256, sha-384, or sha-512 digest ETags to avoid re-downloading unchanged content (#7652).

Changed

• ccf::crypto::HashProvider::Hash() has been renamed to ccf::crypto::HashProvider::hash() for consistency with the rest of the API (#7660).

Fixed

• Only rollback uncommittable indices during become_leader (#7620)
• x509 parsing now correctly handles times validity beyond 2262. To support this, some public function signatures (ccf::ds::time_point_from_string(), ccf::crypto::Verifier::remaining_seconds()) now use time_points from ccf::nonstd::SystemClock rather than std::chrono::system_clock (#7648)

6.0.23

Changed

• Updated the Python cryptography package constraint to allow 46.x versions (< 47).

6.0.22

Fixed

• x509 parsing now correctly handles times validity beyond 2262. To support this, some public function signatures (ccf::ds::time_point_from_string(), ccf::crypto::Verifier::remaining_seconds()) now use time_points from ccf::nonstd::SystemClock rather than std::chrono::system_clock (#7648)

6.0.21

Fixed

• Snapshot fetching requests now handle either inclusive-end or exclusive-end content-range headers, for compatibility with 7.x nodes.
• Primaries now indicate all of their chunk-ending transactions in the transaction header, for better interop with 7.x nodes. Upgrades must create a snapshot from the network after it has upgraded to this version, and provide that to joining 7.x nodes.

6.0.20

Fixed

• Join client now sets SNI correctly (#7622)

7.0.0-dev9

Fixed

• Join client now sets SNI correctly (#7622)
• CBOR and COSE dependencies are now internal, and their headers are no longer exposed (#7616, #7617).

6.0.19

Changed

• Partial revert to fetch_recent_snapshot behaviour. Nodes will now use a local snapshot if available and sufficiently fresh, and only prefer the peer's snapshot if it is newer (#7589).