Skip to content

Releases: Consensys/web3signer

26.4.2

27 Apr 05:11
@github-actions github-actions
26.4.2
221996a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
26.4.2 Latest
Latest

Bugs Fixed

  • Fix distroless image failing to load BLS native library under docker run --read-only. Issue #1175, PR #1176.

Downloads

Binaries

Binary Checksum
web3signer.tar.gz Checksum
web3signer.zip Checksum

Docker

Default image (Ubuntu + Eclipse Temurin JRE 25):
docker pull consensys/web3signer:26.4.2

Hardened image (Google Distroless, read-only-filesystem compatible):
docker pull consensys/web3signer:26.4.2-distroless

Full Changelog: 26.4.1...26.4.2

Assets 6
Loading

26.4.1

23 Apr 08:50
@github-actions github-actions
26.4.1
4c4ee0f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
26.4.1

Important

The next Web3Signer release will require Java 25 to build and run. The Docker image is already on Java 25.

Features Added

  • Update Teku to 26.4.0 [Fulu upgrade for Gnosis chain]
  • Publish an additional hardened Docker image under the -distroless tag suffix (e.g. consensys/web3signer:26.4.1-distroless). Built from gcr.io/distroless/java25-debian13:nonroot — no shell, runs as non-root by default, and is compatible with docker run --read-only. See issue #1151.
  • Docker image labels migrated from the deprecated org.label-schema.* schema to the OCI Image Spec org.opencontainers.image.* annotations, which are consumed by modern registries and image-scanning tooling.

Bugs Fixed

  • Fix memory leak in the reload endpoint: removed validators were not being offloaded from the slashing-protection in-memory cache, and every reload unnecessarily re-registered all validators, causing old-gen heap pressure. Reload now processes only the delta of added/removed keys. PR #1167.
  • Fix jdbi parsed-SQL cache growth in ValidatorsDao by replacing inlined values and bindList expansions with parameterized array bindings. PR #1170.

Downloads

Binaries

Binary Checksum
web3signer.tar.gz Checksum
web3signer.zip Checksum

Docker

Default image (Ubuntu + Eclipse Temurin JRE 25):
docker pull consensys/web3signer:26.4.1

Hardened image (Google Distroless, read-only-filesystem compatible):
docker pull consensys/web3signer:26.4.1-distroless

Full Changelog: 26.3.0...26.4.1

Loading

26.4.1-RC2

22 Apr 04:01
@github-actions github-actions
26.4.1-RC2
4c4ee0f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
26.4.1-RC2 Pre-release
Pre-release

Features Added

  • Update Teku to 26.4.0 [Fulu upgrade for Gnosis chain]
  • Publish an additional hardened Docker image under the -distroless tag suffix (e.g. consensys/web3signer:26.4.1-distroless). Built from gcr.io/distroless/java25-debian13:nonroot — no shell, runs as non-root by default, and is compatible with docker run --read-only. See issue #1151.
  • Docker image labels migrated from the deprecated org.label-schema.* schema to the OCI Image Spec org.opencontainers.image.* annotations, which are consumed by modern registries and image-scanning tooling.

Bugs Fixed

  • Fix memory leak in the reload endpoint: removed validators were not being offloaded from the slashing-protection in-memory cache, and every reload unnecessarily re-registered all validators, causing old-gen heap pressure. Reload now processes only the delta of added/removed keys. PR #1167.
  • Fix jdbi parsed-SQL cache growth in ValidatorsDao by replacing inlined values and bindList expansions with parameterized array bindings. PR #1170.

Downloads

Binaries

Binary Checksum
web3signer.tar.gz Checksum
web3signer.zip Checksum

Docker

Default image (Ubuntu + Eclipse Temurin JRE 25):
docker pull consensys/web3signer:26.4.1-RC2

Hardened image (Google Distroless, read-only-filesystem compatible):
docker pull consensys/web3signer:26.4.1-RC2-distroless

Full Changelog: 26.4.0...26.4.1-RC2

Loading

26.4.1-RC1

22 Apr 01:03
@github-actions github-actions
26.4.1-RC1
24b70dc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
26.4.1-RC1 Pre-release
Pre-release

Bugs Fixed

  • Fix memory leak in the reload endpoint: removed validators were not being offloaded from the slashing-protection in-memory cache, and every reload unnecessarily re-registered all validators, causing old-gen heap pressure. Reload now processes only the delta of added/removed keys. PR #1167.
  • Fix jdbi parsed-SQL cache growth in ValidatorsDao by replacing inlined values and bindList expansions with parameterized array bindings. PR #1170.

Features Added

  • Update Teku to 26.4.0 [Fulu upgrade for Gnosis chain]

Downloads

Binaries

Binary Checksum
web3signer.tar.gz Checksum
web3signer.zip Checksum

Docker

docker pull consensys/web3signer:26.4.1-RC1

Full Changelog: 26.4.0...26.4.1-RC1

Loading

26.4.0

15 Apr 22:08
@github-actions github-actions
26.4.0
d1144f1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
26.4.0

Features Added

  • Update Teku to 26.4.0 [Fulu upgrade for Gnosis chain]

Downloads

Binaries

Binary Checksum
web3signer.tar.gz Checksum
web3signer.zip Checksum

Docker

docker pull consensys/web3signer:26.4.0

Full Changelog: 26.3.0...26.4.0

Loading

26.4.0-RC1

13 Apr 23:53
@github-actions github-actions
26.4.0-RC1
d1144f1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
26.4.0-RC1 Pre-release
Pre-release

Features Added

  • Update Teku to 26.4.0 [Fulu upgrade for Gnosis chain]

Downloads

Binaries

Binary Checksum
web3signer.tar.gz Checksum
web3signer.zip Checksum

Docker

docker pull consensys/web3signer:26.4.0-RC1

Full Changelog: 26.3.0...26.4.0-RC1

Loading

26.3.0

09 Mar 02:24
@github-actions github-actions
26.3.0
9a782c3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
26.3.0

Security

  • Updated base Docker image packages to address CVE-2025-68973 (HIGH severity) in gpgv package
  • Docker images now apply all available security updates during build
  • Updated jackson dependencies to 2.21.1

Features Added

  • Update Netty to 4.2.9.Final
  • New --logging-format CLI option to select structured logging formats (PLAIN, ECS, GCP, LOGSTASH, GELF) without requiring custom Log4j2 configuration files. Issue #1144 via PR #1146.

Bugs Fixed

  • Fix unregistered validator IllegalStateException due to race condition in keymanager API

Downloads

Binaries

Binary Checksum
web3signer.tar.gz Checksum
web3signer.zip Checksum

Docker

docker pull consensys/web3signer:26.3.0

Full Changelog: 25.12.0...26.3.0

Loading

26.3.0-RC1

04 Mar 02:02
@github-actions github-actions
26.3.0-RC1
cd4d0d1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
26.3.0-RC1 Pre-release
Pre-release

Security

  • Updated base Docker image packages to address CVE-2025-68973 (HIGH severity) in gpgv package
  • Docker images now apply all available security updates during build

Features Added

  • Update Netty to 4.2.9.Final
  • New --logging-format CLI option to select structured logging formats (PLAIN, ECS, GCP, LOGSTASH, GELF) without requiring custom Log4j2 configuration files. Issue #1144 via PR #1146.

Bugs Fixed

  • Fix unregistered validator IllegalStateException due to race condition in keymanager API

Downloads

Binaries

Binary Checksum
web3signer.tar.gz Checksum
web3signer.zip Checksum

Docker

docker pull consensys/web3signer:26.3.0-RC1

Full Changelog: 25.12.0...26.3.0-RC1

Loading

25.12.0

17 Dec 04:27
@github-actions github-actions
25.12.0
ae3d399
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
25.12.0

Breaking Changes

Java25 Docker image

  • Java 25, which is the latest Long-Term Support release, is used in the docker image instead of previous LTS version, Java 21.

/reload Endpoint Response Format Changed

  • Now returns HTTP 202 Accepted (previously 200 OK) with JSON response body
  • Returns 409 Conflict with error message if reload already in progress
  • Migration: Update automation to expect 202 status code instead of 200

Removed Swagger UI CLI Option

Features Added

  • Enhanced /reload endpoint with status monitoring:
    • New GET /reload endpoint to check reload operation status
    • Reports detailed status: idle, running, completed, completed_with_errors, failed
    • Exposes error counts when individual signer configurations fail to load
    • Distinguishes between complete success and partial success (some signers failed)
    • Provides timestamps and error messages for last reload operation
  • Virtual thread-based signer loading for improved performance
  • New file system signer loading configuration:
    • --signer-load-timeout (default: 60 sec) - Timeout per file during parallel processing
    • --signer-load-batch-size (default: 500) - Files processed per batch in parallel mode
    • --signer-load-sequential-threshold (default: 100) - Minimum files to trigger parallel processing
    • --signer-load-parallel (default: true) - Enable/disable parallel processing
  • New /reload endpoint configuration:
    • --reload-timeout (default: 30 min) - Maximum time for entire reload operation
  • Improved reload concurrency control prevents multiple simultaneous reloads
  • Include Log4J JSON Template Layout library that provides predefined event templates such as ECS and GCP layouts in log4j configuration file. PR #1140.

Bugs Fixed

  • Fix memory leak during reload API endpoint. Issue #1073 via PR #1135.
  • Fix race condition in reload flag management when executor initialization fails synchronously

Downloads

Binaries

Binary Checksum
web3signer.tar.gz Checksum
web3signer.zip Checksum

Docker

docker pull consensys/web3signer:25.12.0

Full Changelog: 25.11.0...25.12.0

Loading

25.12.0-RC1

15 Dec 05:36
@github-actions github-actions
25.12.0-RC1
ae3d399
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
25.12.0-RC1 Pre-release
Pre-release

Breaking Changes

Java25 Docker image

  • Java 25, which is the latest Long-Term Support release, is used in the docker image instead of previous LTS version, Java 21.

/reload Endpoint Response Format Changed

  • Now returns HTTP 202 Accepted (previously 200 OK) with JSON response body
  • Returns 409 Conflict with error message if reload already in progress
  • Migration: Update automation to expect 202 status code instead of 200

Removed Swagger UI CLI Option

Features Added

  • Enhanced /reload endpoint with status monitoring:
    • New GET /reload endpoint to check reload operation status
    • Reports detailed status: idle, running, completed, completed_with_errors, failed
    • Exposes error counts when individual signer configurations fail to load
    • Distinguishes between complete success and partial success (some signers failed)
    • Provides timestamps and error messages for last reload operation
  • Virtual thread-based signer loading for improved performance
  • New file system signer loading configuration:
    • --signer-load-timeout (default: 60 sec) - Timeout per file during parallel processing
    • --signer-load-batch-size (default: 500) - Files processed per batch in parallel mode
    • --signer-load-sequential-threshold (default: 100) - Minimum files to trigger parallel processing
    • --signer-load-parallel (default: true) - Enable/disable parallel processing
  • New /reload endpoint configuration:
    • --reload-timeout (default: 30 min) - Maximum time for entire reload operation
  • Improved reload concurrency control prevents multiple simultaneous reloads
  • Include Log4J JSON Template Layout library that provides predefined event templates such as ECS and GCP layouts in log4j configuration file. PR #1140.

Bugs Fixed

  • Fix memory leak during reload API endpoint. Issue #1073 via PR #1135.
  • Fix race condition in reload flag management when executor initialization fails synchronously

Downloads

Binaries

Binary Checksum
web3signer.tar.gz Checksum
web3signer.zip Checksum

Docker

docker pull consensys/web3signer:25.12.0-RC1

Full Changelog: 25.11.0...25.12.0-RC1

Loading