Release commit for v1.5.8

Add release notes for v1.5.8.

Signed-off-by: David Enyeart <enyeart@us.ibm.com>

Makefile

@@ -32,7 +32,7 @@ PROJECT_NAME = fabric-ca
 GO_VER = 1.21.5
 UBUNTU_VER ?= 20.04
 DEBIAN_VER ?= stretch
-BASE_VERSION ?= v1.5.7
+BASE_VERSION ?= v1.5.8
 
 ARCH=$(shell go env GOARCH)
 PLATFORM=$(shell go env GOOS)-$(shell go env GOARCH)

lib/metadata/version.go

@@ -29,7 +29,7 @@ const (
 
 // Version specifies fabric-ca-client/fabric-ca-server version
 // It is defined by the Makefile and passed in with ldflags
-var Version = "1.5.7"
+var Version = "1.5.8"
 
 // GetVersionInfo returns version information for the fabric-ca-client/fabric-ca-server
 func GetVersionInfo(prgName string) string {

release_notes/v1.5.7.md

@@ -8,7 +8,7 @@ Improvements
 
 SignerConfig struct now exports the RevocationHandle.
 The way the revocation handle is encoded has changed to align to what the Idemix library expects.
-[#363](https://github.com/hyperledger/fabric/pull/363)
+[#363](https://github.com/hyperledger/fabric-ca/pull/363)
 
 Dependencies
 ------------

release_notes/v1.5.8.md

@@ -0,0 +1,62 @@
+v1.5.8 Release Notes - December 20, 2023
+========================================
+
+Fixes
+-----
+
+**Fix s390x build**
+
+Update github.com/IBM/mathlib to fix compilation issue on s390x.
+[#387](https://github.com/hyperledger/fabric-ca/pull/387)
+
+
+Improvements
+------------
+
+**Log expiry overrides**
+
+If certificate expiry during enrollment gets overridden due to the CA's own expiry,
+log a warning message about the override.
+[#384](https://github.com/hyperledger/fabric-ca/pull/384)
+
+
+Dependencies
+------------
+
+Fabric CA v1.5.8 has been tested with the following dependencies:
+- Go 1.21.5
+- Ubuntu 20.04 (for Docker images)
+- Databases
+    - PostgreSQL 13
+    - MySQL 8.0
+
+
+Changes, Known Issues, and Workarounds
+--------------------------------------
+
+None.
+
+Known Vulnerabilities
+---------------------
+- FABC-174 Commands can be manipulated to delete identities or affiliations
+
+  This vulnerability can be resolved in one of two ways:
+
+    1) Use HTTPS (TLS) so that the authorization header is not in clear text.
+
+    2) The token generation/authentication mechanism was improved to optionally prevent
+       token reuse. As of v1.4 a more secure token can be used by setting environment variable:
+
+  FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false
+
+  However, it cannot be set to false until all clients have
+  been updated to generate the more secure token and tolerate
+  FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false.
+  The Fabric CA client has been updated in v1.4 to generate the more secure token.
+  The Fabric SDKs will be updated by v2.0 timeframe to generate the more secure token,
+  at which time the default for Fabric CA server will change to:
+  FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false
+
+Resolved Vulnerabilities
+------------------------
+None.