Releases: hyperledger-labs/blockchain-explorer
Releases · hyperledger-labs/blockchain-explorer
Release 2.0
New Features
- Health status of peers
- Search by block number, txn id, blockrange
- Display chaincode metadata
- Move container images from dockerhub to ghcr
- move to ghcr registry (#382)
- Migrate CI to github actions
- added github ci (#339)
Bug Fixes and Updates
- updated docker-compose files with ghcr images (#438)
- updated node version in ci files (#437)
- BE-433 | Fix package related breaking issues (#434)
- BE431 | Fix-Test-case Failing (#432)
- Release v2.0.0 (#430)
- BE-422 | UI Responsiveness and Misc (#427)
- update swagger.json (#424)
- BE-420 | Ledger Height and Peers Status is not updating w.r.t multiple channels (#421)
- Integrate SonarCloud (#419)
- BE-417 | resolve sigint bad trap and unexpected error (#418)
- BE-415 | remove duplicate peerStatus api call (#416)
- BE-406 | send channelhash to metadata api (#412)
- Backend- Improper updation of Txn Count and Chaincodes list (#411)
- Display correct chaincode metadata fix in the backend (#410)
- Blocks pagination query fix in the backend (#407)
- BE-399 | Show transaction details for the first Config type transaction (#403)
- fix incorrect default password on README.md (#402)
- bugFixes for the release (#398)
- updates for dashboard UI responsiveness for cards and pie chart (#391)
- Updated run_e2e_test.sh (#380)
- Backend - Pagination implementation for Blocks Tab (#378)
- Chaincode count on Dashboard is incorrect (#377)
- Add validations to search functionality blockId and blockRange (#376)
- Empty org is being displayed while fetching the list of orgs (#374)
- Update Dockerfile (#370)
- Update MAINTAINERS.md (#366)
- maintainers contact (#363)
- BE-346-Added Pagination for Transaction view - Backend (#351)
- added pagination for transactions view frontend (#350)
- fix failing unit test cases (#349)
- BE-340 Display health status of peers and orderers - FrontEnd (#342)
- update CODEOWNERS (#330)
- added github issue form (#325)
- Disable Sonar cloud on PRs
Known Vulnerabilities
package-lock.json
ejs <3.1.7
Severity: critical
ejs template injection vulnerability - https://github.com/advisories/GHSA-phwq-j96m-2c2q
fix available via `npm audit fix --force`
client/package-lock.json
ejs <3.1.7
Severity: critical
ejs template injection vulnerability - https://github.com/advisories/GHSA-phwq-j96m-2c2q
fix available via `npm audit fix --force`
flat <5.0.1
Severity: critical
flat vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-2j2x-2gpw-g8fm
fix available via `npm audit fix --force`
immer <=9.0.5
Severity: critical
Prototype Pollution in immer - https://github.com/advisories/GHSA-c36v-fmgq-m8hx
Prototype Pollution in immer - https://github.com/advisories/GHSA-33f9-j839-rf8h
fix available via `npm audit fix`
loader-utils 2.0.0 - 2.0.3
Severity: critical
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
fix available via `npm audit fix`
shell-quote <=1.7.2
Severity: critical
Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7
fix available via `npm audit fix`
Bug fixes
New Features
- None
Bug Fixes and Updates
- BE-880 Fix incorrect multi-process logging (#260)
- docs: add code snippet for admin cert modification (#257) (#258)
Known Vulnerabilities
package-lock.json
jsrsasign <10.2.0
Severity: critical
RSA signature validation vulnerability - https://npmjs.com/advisories/1672
fix available via `npm audit fix --force`
Will install fabric-network@1.4.1, which is a breaking change
node_modules/jsrsasign
fabric-ca-client *
Depends on vulnerable versions of fabric-common
Depends on vulnerable versions of jsrsasign
node_modules/fabric-ca-client
fabric-common >=2.1.1-snapshot.390
Depends on vulnerable versions of jsrsasign
client/package-lock.json
Bug fixes
New Features
- None
Bug Fixes and Updates
- BE-876 Stop unnecessary discovery request (#255)
- Bugfix: tailing ampersand sign prevents container from restarting (#254)
- BE-857 Change invoking function of lifecycle scc to allow non-admin client access (#252)
- Bugfix: timeout error crashing explorer (#253)
- Bugfix: disable enableAuthentication auth auto login using wrong network key issue (#250)
Known Vulnerabilities
jsrsasign <10.2.0
Severity: critical
RSA signature validation vulnerability - https://npmjs.com/advisories/1672
fix available via `npm audit fix --force`
Will install fabric-network@1.4.1, which is a breaking change
node_modules/jsrsasign
fabric-ca-client *
Depends on vulnerable versions of fabric-common
Depends on vulnerable versions of jsrsasign
node_modules/fabric-ca-client
fabric-common >=2.1.1-snapshot.390
Depends on vulnerable versions of jsrsasign
node_modules/fabric-common
fabric-network >=1.4.19-snapshot.1
Depends on vulnerable versions of fabric-common
node_modules/fabric-network
4 critical severity vulnerabilities
Bug fixes and some improvements for internal processes and UI
New Features
- BE-871 Introduce dropdown to put together icons (#247)
- BE-870 display direct trans link (#237)
- Add typescript compilation on main.sh install (#234)
- BE-865 repolinter codeofconduct (#231)
Bug Fixes and Updates
- BE-855 Stop unnecessary sync process triggered by FabricEvent (#240)
- BE-855 Add try catch block to handle block in-process exception (#239)
Known Vulnerabilities
jsrsasign <10.2.0
Severity: critical
RSA signature validation vulnerability - https://npmjs.com/advisories/1672
fix available via `npm audit fix --force`
Will install fabric-network@1.4.1, which is a breaking change
node_modules/jsrsasign
fabric-ca-client *
Depends on vulnerable versions of fabric-common
Depends on vulnerable versions of jsrsasign
node_modules/fabric-ca-client
fabric-common >=2.1.1-snapshot.390
Depends on vulnerable versions of jsrsasign
node_modules/fabric-common
fabric-network >=1.4.19-snapshot.1
Depends on vulnerable versions of fabric-common
node_modules/fabric-network
4 critical severity vulnerabilities
Bug fixes and some improvements for code quality
Bug fixes and some improvements for code quality
New Features
- Upgrade fabric version supported by Explorer (#208)
- Admin User Panel lists all users, allows admin to delete users (#188)
Bug Fixes and Updates
- Resolve race condition of discovery request (#212)
- Fix to get RWset for config TX synced correctly (#211)
- Add examples for fabric CA enabled network (#210)
- Migrate gui e2e-test framework to PlayWright (#207)
- Fix memory leak issue of sync process (#206)
- Distinguish each node with both IP and Port (#203)
- walletstore location docker-compose (#202)
- Single Line TLSCA Cert PEM in CA (#200)
- Fix url of the fabric official tuto (#199)
- Fix discovery error on mutual TLS (#197)
- Change to useful log in initialize (#198)
- Fix transaction creator certificate sync (#196)
- Configure eslint for typescript (#195)
- Transform SQL queries to parameterized queries (prepared statements) (#192)
Bug fixes and some improvements for code quality
Add multiple user authentication and bugfixs
New Features
- Add user management feature/API
- Please refer README-CONFIG.md
- Reduce container image size (#148)
- Add fabric 1.4.8 / 2.2.0 support (#150)
- Change default encode of value in TX details (#157)
- Please refer README-CONFIG.md
- Update example of connection profile for docker setup (#165)
Bug Fixes and Updates
Add some features and fix bugs
New Features
- Publish new simple landing page on Github (#134)
- Add another README for detail of each configuration (#139)
- Add configuration for mutual TLS support (#138)
- Add PEM string format support for connection profile (#137)
- Add Fabric CA support to retrieve credential for admin access to fabric network (#135)
Bug Fixes and Updates
- Fix an issue of authentication (#140)
- Fix an issue the targets of discovery service are always mapped to localhost (#142)
- Fix calculation of block hash (#141)
Known Vulnerabilities
client/package.json
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-scripts │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ react-scripts > webpack-dev-server > yargs > yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1500 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 2141 scanned packages
1 vulnerability requires manual review. See the full report for details.
Support for Hyperledger Fabric 2.1.1
New Features
- Support for Hyperledger Fabric v2.1.1
- Support for Hyperledger Fabric v1.4.6 as well in same codebase
Bug Fixes and Updates
- Fix segfault in Explorer container
- Making Hyperledger Explorer compatible to Amazon Managed Blockchain Network
Instruction of migration from Explorer v1.0 to v1.1
- Peers array for organisation is now mandatory in a connection profile as follow
e.g. app/platform/fabric/connection-profile/first-network.json - If you have already had existing wallet for the previous version of Explorer, you need to migrate your wallet with the steps described in the following page
Step for fabric wallet migration