6.0.0-dev2

Added

• Introduced ccf::describe_cose_endorsements_v1(receipt) for COSE-endorsements chain of previous service identities (#6500).
• Ignore time when resolving did:x509 against x5chain, resolution establishes a point-in-time endorsement, not ongoing validity (#6575).

5.0.7

• Ignore time when resolving did:x509 against x5chain, resolution establishes a point-in-time endorsement, not ongoing validity (#6575).

6.0.0-dev1

Changed

• Output of ccf::describe_merkle_proof_v1(receipt) has been updated, and is now described by ccf-tree-alg schema.
• Improved error message when attempting to obtain receipts for a past epoch during a recovery (#6507).

4.0.22

Base image

• Updated container base image.

6.0.0-dev0

Changed

• The set_jwt_issuer governance action has been updated, and no longer accepts key_filter or key_policy arguments (#6450).
• Nodes started in Join mode will shut down if they receive an unrecoverable condition such as StartupSeqnoIsOld or InvalidQuote when attempting to join (#6471, #6489).
• In configuration, attestation.snp_endorsements_servers can specify a max_retries_count. If the count has been exhausted without success for all configured servers, the node will shut down (#6478).
• When deciding which nodes are allowed to join, only UVM roots of trust defined in public:ccf.gov.nodes.snp.uvm_endorsements are considered (#6489).

Removed

• SGX Platform support.

Added

• Provided API for getting COSE signatures and Merkle proofs (#6477).
• Exposed COSE signature in historical API via TxReceiptImpl.
• Introduced ccf::describe_merkle_proof_v1(receipt) for Merkle proof construction in CBOR format.
• Added COSE signatures over the Merkle root to the KV (#6449).
• Signing is done with service key (different from raw signatures, which remain unchanged and are still signed by the node key).
• New signature reside in public:ccf.internal.cose_signatures.

5.0.6

Bug fixes

• Added COSE signature verification to consume signature transactions from upgraded primary (#6495).

5.0.5

Bug fix

• Nodes can be started in recovery mode from a snapshot alone (#6472)

4.0.21

Base image

• Updated container base image.

5.0.4

Bug fix

• JWT authentication correctly parses certificates that contain other certificates (#6440)

5.0.3

Changed

• Improved JWT authentication error messages (#6427).

Bug fix

• In GET gov/service/javascript-app, openApi now correctly returns the schema set for the endpoint (#6430)