Skip to content

v1.4.4 Release Notes - November 14, 2019

What's New in Hyperledger Fabric CA v1.4.4

  • FABC-881 Update all fabric-ca dependencies to make it work with go mod

  • FABC-884 Bump to Go v1.12.12 and baseimage 0.4.18

Fixes

  • FABC-865: Fix setting TLS files by cert/key.file - Make config settings
    operations.tls.cert.file and operations.tls.key.file utilized.

Changes, Known Issues, and Workarounds

None.

Known Vulnerabilities

  • FABC-174 Commands can be manipulated to delete identities or affiliations

    This vulnerability can be resolved in one of two ways:

    1. Use HTTPS (TLS) so that the authorization header is not in clear text.

    2. The token generation/authentication mechanism was improved to optionally prevent
      token reuse. In v1.4 a more secure token can be used by setting environment variable:

    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

    However, it cannot be set to false until all clients have
    been updated to generate the more secure token and tolerate
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false.
    The Fabric CA client has been updated in v1.4 to generate the more secure token.
    The Fabric SDKs will be updated by v2.0 timeframe to generate the more secure token,
    at which time the default for Fabric CA server will change to:
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

Resolved Vulnerabilities

None.

Change log

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric-ca/blob/release-1.4/CHANGELOG.md#v144

Changes:

  • 76f807c [FAB-17073] Release fabric-ca v1.4.4
  • 5abd05e [FAB-17073] Release fabric-ca v1.4.4
  • 7d0432e [FABCI-461] Create release job
  • 7302172 [FABC-884] Upgrade to go 1.12
  • 5ffb381 FABC-873 remove invalid test
  • e9b3492 [FABC-844] address vet issues
  • 1559aa3 FABC-881 Use earlier revision of bccsp
  • 3b8a5c7 FABC-881 Update vendored dependencies
  • 64c7d52 [FABC-874] Add HSM changes to Fabric CA docs (#47)
  • c45a0f6 [FABC-865] Fix setting TLS files by cert/key.file (#42)
See More
  • cc34360 [FABC-880] Add license header to gencst_test.sh
  • 63692a0 Update to baseimage 0.4.16
  • 5b1faaa Fix URL to contribution guide
  • 3db5423 [FABC-877] Reduce scope of tests with ssl off
  • eff05c9 [FABCI-420] Add sudo to apt-clean command
  • 8a3698b [FAB-16489] Add CODEOWNERS
  • d84b685 [FABCI-420] Add AZP yaml for release-1.4
  • 040d68d [FABC-863] Test fail with open pipe in temp dir
  • b7fd4e8 FAB-16415 Prepare for next fabric-ca rel (1.4.4)
  • 4af7a27 Merge "[FAB-16414] Release fabric-ca v1.4.3" into release-1.4
  • 639a8e0 [FABC-855] Doc Node OU Support for admins and orderers
  • 55a322d [FAB-16414] Release fabric-ca v1.4.3
  • 3e29f1a Remove hardcoded ver on multiarch script
  • c49e7d3 [FABCI-401] Disable AnsiColor Wrapper
  • 64bdb20 [FABC-867] Fix GoImports
  • 017cea8 FABC-862 Update mysql driver
  • c66adbe [FAB-16000] Prepare for next fabric-ca rel (1.4.3)
  • 9321ffb [FAB-15999] Release fabric-ca v1.4.2
  • d3e9c35 Merge changes I544241e5,I2be9d152 into release-1.4
  • 396c093 FABC-848 Fix TLS issue with PostgreSQL
  • f88e912 [FABC-853] Adding metrics table LabelHelp support
  • 5bf5d47 [FABC-853] import fabric/gendoc for fabric-ca
  • 477f5a2 FABC-837 Make metrics compatible with multi-root CA
  • 4289522 Update fabric/bccsp and miekg/pkcs11 to latest revs
  • 8b56ee8 [FABC-850] Fix Fabric CA doc wrt OU types
  • f32e113 FAB-15465: Update Jinja2
  • 839c46e [FABC-842] Fabric CA Foc Fix
  • 3004074 FABC-839 Update ca mutiarch publish script
  • 3f449b5 [FAB-14969] Prepare for next fabric-ca rel (1.4.2)
  • 3384a38 [FAB-14968] Release fabric-ca v1.4.1
  • 98f702f Merge "FABC-833 Update Jenkinsfile" into release-1.4
  • a32dd3c FABC-408 Add CORS support
  • 7de4c77 FABC-833 Update Jenkinsfile
  • 39c5fd6 Merge "FABCI-311 Add ci pipeline script" into release-1.4
  • 55f5eb7 Fix --csr.hosts flag for client and server
  • 19441cc FAB-14775 Update fabric-ca to baseimage 0.4.15
  • edb6e08 FABCI-311 Add ci pipeline script
  • aaee55f [FABC-805] Wire DB metrics
  • 197b881 [FABC-804] Create DB Metric Options
  • ea1ebbe [FABC-803] Refactoring DB code
  • 3c36ab5 [FABC-795] Create a CA Server Health Check
  • 8c245c1 [FABC-790] Create an operations server
  • 8d9b622 [FABC-787] Wire in metrics for server APIs
  • 08b1153 [FABC-786] Vendor go-kit
  • 81fa829 [FABC-785] Add metrics for server APIs
  • ec59334 [FABC-783] Add middleware to HTTP router
  • edb65ba [FAB-14174] Update GOVER to 1.11.5 in CA
  • 3dafa32 Remove tcert from swagger
  • d3ef594 [FAB-13558] Prepare fabric-ca for next rel (v1.4.1)
  • 27fbd69 [FAB-13557] Release fabric-ca v1.4.0
  • cd6ed88 FABC-781 Remove fabric-ca sample
  • b191f9c [FAB-13393] Prepare for next release (1.4.0)
  • 6d9eaea [FAB-13392] Release fabric-ca v1.4.0-rc2
  • 236dec5 [FAB-13116] Prepare for next rel (1.4.0 on release-1.4)
  • ef74d7e Merge "[FAB-13115] Release fabric-ca v1.4.0-rc1"
  • b140ba8 Merge "[FABC-774] Fix inability to set environment variable"
  • 45882f2 Merge "[FABC-773] Fix TOC format in user's guide"
  • e52b5cd [FAB-13115] Release fabric-ca v1.4.0-rc1
  • 45c9934 Merge "[FABC-772] Added testcase for panic handling"
  • c1c2b72 [FABC-774] Fix inability to set environment variable
  • 5b4c3e5 [FABC-773] Fix TOC format in user's guide
  • e682189 Merge "FABC-771 Update multiarch script"
  • 604ab46 [FABC-772] Added testcase for panic handling
  • e20d7db Merge "[FABC-768] Doc: Better Markup"
  • 4e4b1c2 FABC-771 Update multiarch script
  • e064dcc [FABC-769] Add the ability to recover from panic
  • a0ebc50 [FABC-765] Vendor fabric/bccsp/idemix
  • b2a3132 [FABC-768] Doc: Better Markup
  • b959937 Merge "[FABC-752] Vendor gomega and ginkgo"
  • 93bf90f Merge "[FABC-767] Failing goimports"
  • 8a8f1b3 [FABC-752] Vendor gomega and ginkgo
  • 7b5f2b6 [FABC-767] Failing goimports
  • 8c5bc35 [FABC-757] add charset to mysql tables
  • afa77f9 Merge "[FABC-748]Incorrect version description of Go"
  • 2ebd68e [FABC-467] - Print TLS key used
  • 6848469 Merge "[FAB-9938] Add req method and uri to sig payload"
  • fbac2aa Merge changes I30277c48,I47345396
  • d80509b [FABC-748]Incorrect version description of Go
  • 99517e9 [FAB-9938] Add req method and uri to sig payload
  • b7a5590 [FABC-741] Update user doc for HSM configuration
  • b270271 [FABC-723] Brute force attack
  • a88ff53 [FAB-8475] Run migration logic only if db level is old
  • ebbd2ed [FAB-7347] Flag and env var for logging level
  • bd7f997 [FABC-744] Revendor certificate-transparency-go
  • 787b98e Merge "[FABC-492] Superfluous checks for deleting identity"
  • 3c1585b [FABC-459] Optimize GetCertificate request
  • bbe7b65 [FAB-12444] Update fabric-ca to baseimage 0.4.14
  • 15209a3 [FABC-740] Update to Go 1.11.1
  • cb7353f [FABC-736] Use proper golint pkg
  • 11cc823 FABC-737 Fix goimports errors
  • 959cd51 [FABC-730] Update fabric-ca to baseimage 0.4.13
  • 0de6679 [FABC-492] Superfluous checks for deleting identity
  • 72d2f80 Merge "[FABC-703] Improved TLS error message"
  • 16877b8 [FAB-12141] Prepare for next release (1.4.0 on master)
  • edb0015 [FAB-12138] Release fabric-ca v1.3.0-rc1
  • 360f46e [FABC-703] Improved TLS error message
  • c1ed308 Merge "FABC-722 remove default hybrid image generation"
  • ab184f1 FABC-722 remove default hybrid image generation
  • cf19cbe Merge "FABC-563 Update Postgres version to 9.6 in s390x"
  • 1e8b541 Merge "[FABC-709] Fix error message for LDAP converter"
  • 2eda2f6 FABC-563 Update Postgres version to 9.6 in s390x
  • 8ecada3 FABC-720 update baseimage to 0.4.12
  • d530993 Merge "[FABC-716] Use current version for Base version"
  • 67dd000 [FABC-718] NPE when listing all affiliations
  • 95daa61 Merge "[FAB-11992] idemix role from boolean to int"
  • d47dbf6 [FAB-11992] idemix role from boolean to int
  • 6efd5e2 FABC-719 Upgrade go version to 1.10.4
  • 8d700d7 [FABC-716] Use current version for Base version
  • 7cb4d81 [FABC-709] Fix error message for LDAP converter
  • 15e18aa Merge "FABC-713 Update Baseimage to 0.4.11"
  • 236689d Merge "[FABC-711] Registration with LDAP throws better error"
  • 785ebd6 [FABC-711] Registration with LDAP throws better error
  • 0a5ff43 Merge "[FABC-710] Omit duplicate if statement"
  • f32901e FABC-713 Update Baseimage to 0.4.11
  • b0e037c [FABC-712] Updating fabric-amcl
  • b6196b1 [FABC-710] Omit duplicate if statement
  • 2603374 [FABC-708] Revendor BCCSP
  • 54f3bcf [FABC-706] Remove unused "fabric-ca" in gitignore
  • 70b854e [FABC-704] Fix attribute name
  • 4b1f26c Merge "[FAB-11232] Fix removing expired nonces SQL"
  • 47198ea Merge "[FAB-11200] Create an errors package"
  • 3a0a86a Merge "[FAB-10474] Changed IsAdmin attr type to bool"
  • de22585 Merge "[FAB-8868] Fixed env var for key request"
  • 1eb786b [FAB-11200] Create an errors package
  • ddc9c3d [FAB-11232] Fix removing expired nonces SQL
  • 49d3936 [FAB-10319] Idemix FVT test with postgres & mysql
  • be1b7dc [FAB-8726] Revoke one's own certificate
  • db9a6a6 Merge "[FAB-8092] Return 403 for authorization failures"
  • 0a3e8f1 [FAB-8092] Return 403 for authorization failures
  • e5bdbec [FAB-10498] Fix Idemix SQL Query to Update Handle
  • ee73a8e Merge "[FAB-10386] Revoked ID using Idemix should fail"
  • ccc20de Merge "[FAB-8033] Optimize DB queries"
  • 901d150 [FAB-10386] Revoked ID using Idemix should fail
  • 4563457 [FAB-8868] Fixed env var for key request
  • 6b86289 [FAB-10485] Revendor Idemix Library
  • ae7a91a [FAB-8033] Optimize DB queries
  • 9e11a65 Merge "Prepare fabric-ca for 1.3.0 development"
  • 964be03 Merge "[FAB-10671] Re-enable idemix routes"
  • 334f7f0 Prepare fabric-ca for 1.3.0 development
  • 0334c90 Merge "FAB-10821 make multiarch.sh executable"
  • e44bf12 [FAB-10906] Fix failing TestGetCertificatesDB
  • 10b5711 FAB-10821 make multiarch.sh executable
  • b00c1cb FAB-10753 prepare for next release
  • f8d7544 Merge "FAB-10752 prepare for v1.2.0-rc1 release"
  • fb250d5 Merge "FAB-10775 Multiarch support for fabric-ca images"
  • 6f0aa93 FAB-10752 prepare for v1.2.0-rc1 release
  • c210515 FAB-10775 Multiarch support for fabric-ca images
  • 8e852bc [FAB-10737] Fix release-all target
  • ab90eed [FAB-10474] Changed IsAdmin attr type to bool
  • 4cd67f0 [FAB-10671] Re-enable idemix routes
  • 744e032 Merge "FAB-10294 add script to publish multiarch manifest"
  • 53ba474 Merge "[FAB-8548] Fix CA started with wrong cert path"
  • 2a2eed8 Merge "[FAB-10411] Use default version when not set"
  • 5ec5e4e Merge "[FAB-8123] Error out if --cacount is set for int CA"
  • 70d1117 Merge "[FAB-10097] Support for ecert flag in config.yaml"
  • f768ef0 Merge "[FAB-10517] Disabled idemix routes"
  • 2697db3 [FAB-10097] Support for ecert flag in config.yaml
  • aaa51c1 FAB-10294 add script to publish multiarch manifest
  • 1f1fe2b [FAB-10411] Use default version when not set
  • 260e1c3 [FAB-8548] Fix CA started with wrong cert path
  • 24bb938 [FAB-8123] Error out if --cacount is set for int CA
  • b28fdfd Merge "[FAB-10419] Incorrect filtering on affiliation"
  • 133c961 Merge "[FAB-10494] Fix formatting in user's guide"
  • c4fa85a Merge "[FAB-10321] Test Certificates API with MySQL"
  • 7803158 Merge "[FAB-10224] Test Certificates API with PostgreSQL"
  • 34feb10 Merge "[FAB-10384] Modify the document according to the code"
  • 5e4106b [FAB-10321] Test Certificates API with MySQL
  • 62259cc [FAB-10224] Test Certificates API with PostgreSQL
  • 7aa2298 [FAB-9938] Add alert about not using TLS
  • 1e28190 [FAB-10494] Fix formatting in user's guide
  • 128b612 [FAB-10517] Disabled idemix routes
  • 5702371 [FAB-10419] Incorrect filtering on affiliation
  • 7c3fc1a Merge "[FAB-10380] Create keystore dir if does not exist"
  • 44eccfc Merge "[FAB-10372] Store revocation keys on the disk"
  • f5c0f37 Merge "FAB-10435 Update Makefile to support custom DOCKER_NS"
  • 2e1fdf9 [FAB-10380] Create keystore dir if does not exist
  • fb732d6 [FAB-10372] Store revocation keys on the disk
  • 82053d3 Merge "[FAB-10341] Identity load fails with only Idemix"
  • adcf66b FAB-10435 Update Makefile to support custom DOCKER_NS
  • 9b49be6 [FAB-10341] Identity load fails with only Idemix
  • db9ecd3 FAB-10410 Update Dockerfiles to use DOCKER_NS
  • d16dab1 [FAB-10405] Fix resp props for /cainfo in swagger doc
  • ac9e3cb [FAB-10384] Modify the document according to the code
  • 37ba2c7 [ FAB-6299 ] Remove getDNFromCert() method
  • a7a4075 [FAB-10324] Add issuer revocation pub key to cainfo
  • 69d5be1 [FAB-10101] Verify token based on idemix cred
  • 2032d77 [FAB-7534] Use strong ciphers for TLS
  • bedd37c [FAB-10100] Client changes for getting CRI
  • 77dc5a6 [FAB-9938] Remove method and uri from token
  • c583d33 Merge changes Iff558c9d,Ic2589690,Ib3fcba28
  • 2bfea2d Merge "[FAB-9244] 6. Revendored idemix package"
  • 195bd70 Merge "[FAB-9244] 5.Client changes to get Idemix credential"
  • 97cb449 Merge "[FAB-9999] Update baseimage version"
  • 59ffc4f [FAB-9999] Update baseimage version
  • fc97373 [FAB-10099] Server changes for getting CRI
  • 9091eb0 [FAB-10098] API for getting CRI
  • f798e0d [FAB-9244] 7. Add CRI to the idemix enroll response
  • 6a41a5a [FAB-9244] 6. Revendored idemix package
  • c44f5e1 [FAB-9244] 5.Client changes to get Idemix credential
  • 84653b2 [FAB-9244] 4. Refactor issuer code to issuer.go
  • 33900e7 [FAB-9244] 3.Changes for nonce management
  • 1d632b8 [FAB-9244] 2.Server changes to get Idemix credential
  • 71aac26 Merge "[FAB-10043] 5. Add flag to store certificates"
  • a9644b4 [FAB-10043] 5. Add flag to store certificates
  • f5853c4 Merge " [FAB-9244] 1. API for getting idemix credential"
  • 6a1fdfa Merge "[FAB-9887] Generate docs for client commands"
  • 8585598 Merge "[FAB-7238] 4. DB query to get certificates"
  • 3ed8d36 Merge "[FAB-9243] Add ability to get CA's idemix public key"
  • 1b8abc1 Merge "[FAB-9938] Add req method and uri to sig payload"
  • e1d4490 [FAB-9887] Generate docs for client commands
  • b053b4f [FAB-7238] 4. DB query to get certificates
  • 02858a7 [FAB-9938] Add req method and uri to sig payload
  • 53322cf [FAB-9958] Handle colons in revoke command input
  • f616de8 [FAB-7238] Vendor certificate printing package
  • f3bd5b9 [FAB-9244] 1. API for getting idemix credential
  • f718bb5 [FAB-9243] Add ability to get CA's idemix public key
  • 534af8c Merge "[FAB-7882] Need wildcard for bootstrap user"
  • 5ca7782 Merge "[FAB-9957] Skip license check for generated files"
  • bd52dc4 [FAB-9957] Skip license check for generated files
  • 43bc8b2 Merge "FAB-9861 fix broken links"
  • 2b5ed40 [FAB-7882] Need wildcard for bootstrap user
  • 45653f2 [FAB-7238] 3. CLI Input Validation, Time Parsing, Auth
  • ba1fb5b FAB-9861 fix broken links
  • 9869b94 [FAB-7238] 2. CLI for listing certificates
  • 4214e5c Merge "[FAB-1446] Adding the run_safesql_scan script"
  • 910cfac Merge "[FAB-7238] 1. Define the API for listing certs"
  • 34d5148 [FAB-9243] Vendored idemix and amcl packages
  • 25e9d11 [FAB-7238] 1. Define the API for listing certs
  • 403f2f7 [FAB-9392] Refactor client CLI code
  • 6e186ea Merge "[FAB-9258] Create interface to help with unit-tests"
  • 3d9dbb7 [FAB-1446] Adding the run_safesql_scan script
  • 0183722 Merge "[FAB-6299] Update certificate-transparency-go pkg"
  • 6b16ad8 [FAB-9258] Create interface to help with unit-tests
  • e2f93e0 [FAB-6299] Update certificate-transparency-go pkg
  • 06a411f Merge "FAB-9194 Add tox.ini for building docs in CI"
  • 3754d15 FAB-9352 add CODE_OF_CONDUCT.md
  • e83ff5b FAB-9078 Update go version to 1.10
  • 2fa2174 FAB-9194 Add tox.ini for building docs in CI
  • 196fdfc Merge "[FAB-9080] Prepare fabric-ca for 1.2 development"
  • 3601d59 [FAB-8859] Include checks for empty certificate

This list of changes was auto generated.

Assets 5
You can’t perform that action at this time.