ccf-0.18.1

Changed

• "id" field in state endpoint response has been renamed to "node_id" (#2150).
• user_id endpoint is renamed caller_id (#2142).
• Nodes' quotes format updated to Open Enclave's SGX_ECDSA. Quote endorsements are also stored in CCF and can be retrieved via the quotes/self and quotes endpoints (#2161).
• get_quote_for_this_node_v1() takes a QuoteInfo structure (containing the format, raw quote and corresponding endorsements) as out parameter instead of the distinct format and raw quote as two out paramters (#2161).
• Several internal tables are renamed (#2166).
• /node/network/nodes correctly returns all nodes if no filter is specified (#2188).

ccf-0.18.0

Changed

• endpoint_metrics is renamed api/metrics and now returns an array of objects instead of nested path/method objects (#2068).
• Governance proposal ids are now digests of the proposal and store state observed during their creation, hex-encoded as strings. This makes votes entirely specific to an instance of a proposal without having to include a nonce. (#2104, #2135).
• quote endpoint has been renamed to quotes/self (#2149).
• TxViews have been renamed to MapHandles, to clearly distinguish them from consensus views. Calls to tx.get_view must be replaced with tx.rw.
• tx.rw does not support retrieving multiple views in a single call. Instead of auto [view1, view2] = tx.get_view(map1, map2);, you must write auto handle1 = tx.rw(map1); auto handle2 = tx.rw(map2);.

Added

• Added get_version_of_previous_write(const K& k) to MapHandle. If this entry was written to by a previous transaction, this returns the version at which that transaction was applied. See docs for more details.

Removed

• The x-ccf-global-commit header is no longer sent with responses (#1586, #2144). This was a hint of global commit progress, but was known to be imprecise and unrelated to the executed transaction. Instead, clients should call /commit to monitor commit progress or /tx for a specific transaction.

ccf-0.17.2

Fixed

• Fixed incorrect ledger chunking on backup nodes when snapshotting is enabled (#2110).

ccf-0.17.1

Changed

• JS endpoints now list their auth policies by name, similar to C++ endpoints. The fields require_client_identity, require_client_signature, and require_jwt_authentication are removed, and should be replaced by authn_policies. For example, the previous default "require_client_identity": true should be replaced with "authn_policies": ["user_cert"], an endpoint which would like to handle a JWT but will also accept unauthenticated requests would be "authn_policies": ["jwt", "no_auth"], and a fully unauthenticated endpoint would be "authn_policies": []. See docs for further detail.

ccf-0.17.0

Added

• Versioned APIs for common CCF functionality: get_status_for_txid_v1, get_last_committed_txid_v1, generate_openapi_document_v1, get_receipt_for_seqno_v1, get_quote_for_this_node_v1. We will aim to support these function signatures long-term, and provide similar functionality with incremental version bumps when this is no longer possible. In particular, this enables building an app which does not expose the default endpoints but instead exposes similar functionality through its own API.

Changed

• /network, /network_info, /node/ids, /primary_info have been restructured into /network, /network/nodes, /network/nodes/{id}, /network/nodes/self, /network/nodes/primary while also changing the response schemas (#1954).
• /ack responds with HTTP status 204 now instead of 200 and true as body (#2088).

ccf-0.16.3

Changed

• To avoid accidentally unauthenticated endpoints, a vector of authentication policies must now be specified at construction (as a new argument to make_endpoint) rather than by calling add_authentication. The value ccf::no_auth_required must be used to explicitly indicate an unauthenticated endpoint.
• All /gov endpoints accept signature authentication alone correctly, regardless of session authentication.
• ccf.CCFClient now allows separate session_auth and signing_auth to be passed as construction time. ccf.CCFClient.call() no longer takes a signed argument, clients with a signing_auth always sign. Similarly, the disable_session_auth constructor argument is removed, the same effect can be achieved by setting session_auth to None.

ccf-0.16.2

Changed

• Snapshots are generated by default on the current primary node, every 10,000 committed transaction (#2029).
• Node information exposed in the API now correctly reports the public port when it differs from the local one. (#2001)
• All /gov endpoints accept signature authentication again. Read-only /gov endpoints had been incorrectly changed in [0.16.1] to accept session certification authentication only (#2033).

ccf-0.16.1

Added

• C++ endpoints can be omitted from OpenAPI with set_openapi_hidden(true) (#2008).
• JS endpoints can be omitted from OpenAPI if the "openapi_hidden" field in app.json is true (#2008).

Changed

• Error responses of built-in endpoints are now JSON and follow the OData schema (#1919).
• Code ids are now deleted rather than marked as RETIRED. ACTIVE is replaced with the more precise ALLOWED_TO_JOIN (#1996).
• Authentication policies can be specified per-endpoint with add_authentication. Sample policies are implemented which check for a user TLS handshake, a member TLS handshake, a user HTTP signature, a member HTTP signature, and a valid JWT. This allows multiple policies per-endpoints, and decouples auth from frontends - apps can define member-only endpoints (#2010).
• By default, if no authentication policy is specified, endpoints are now unauthenticated and accessible to anyone (previously the default was user TLS handshakes, where the new default is equivalent to set_require_client_identity(false)).
• CCF now depends on Open Enclave 0.13.

Removed

• The methods Endpoint::set_require_client_signature, Endpoint::set_require_client_identity and Endpoint::set_require_jwt_authentication are removed, and should be replaced by calls to add_authentication. For unauthenticated endpoints, either add no policies, or add the built-in empty_auth policy which accepts all requests.
  • .set_require_client_signature(true) must be replaced with .add_authentication(user_signature_auth_policy)
  • .set_require_client_identity(true) must be replaced with .add_authentication(user_cert_auth_policy)
  • .set_require_jwt_authentication(true) must be replaced with .add_authentication(jwt_auth_policy)

0.16.0

Added

• CLI options are printed on every node launch (#1923).
• JS logging sample app is included in CCF package (#1932).
• C++ apps can be built using cmake's find_package(ccf REQUIRED) (see cmake sample) (#1947).

Changed

• JWT signing keys are auto-refreshed immediately when adding a new issuer instead of waiting until the next auto-refresh event is due (#1978).
• Snapshots are only committed when proof of snapshot evidence is committed (#1972).
• Snapshot evidence must be validated before joining/recovering from snapshot (see doc) (#1925).

Fixed

• Ledger index is recovered correctly even if --ledger-dir directory is empty (#1953).
• Memory leak fixes (#1957, #1959, #1974, #1982).
• Consensus fixes (#1977, #1981).
• Enclave schedules messages in a fairer way (#1991).

Security

• Hostname of TLS certificate is checked when auto-refreshing JWT signing keys (#1934).
• Evercrypt update to 0.3.0 (#1967).

ccf-0.15.2

Added

• JWT key auto-refresh (#1908), can be enabled by providing "auto_refresh": true and "ca_cert_name": "..." in set_jwt_issuer proposal.
  • Auto-refresh is currently only supported for providers following the OpenID Connect standard where keys are published under the /.well-known/openid-configuration path of the issuer URL.
  • ca_cert_name refers to a certificate stored with a set_ca_cert proposal and is used to validate the TLS connection to the provider endpoint.
• JWT signature validation (#1912), can be enabled with the require_jwt_authentication endpoint property.

Changed

• Members can no longer vote multiple times on governance proposals (#1743).
• update_ca_cert proposal has been replaced by set_ca_cert/remove_ca_cert (#1917).

Deprecated

• set_js_app proposal and --js-app-script argument are deprecated, and should be replaced by deploy_js_app and --js-app-bundle. See #1895 for an example of converting from the old style (JS embedded in a Lua script) to the new style (app bundle described by app.json).

Removed

• kv::Store::create is removed.
• luageneric is removed.