Update v2.3.0 release notes

Add v2.3.0 fixes to release notes.

Signed-off-by: David Enyeart <enyeart@us.ibm.com>

release_notes/v2.3.0.md

@@ -8,17 +8,58 @@ What's New in Hyperledger Fabric v2.3
 Fixes
 -----
 
+All fixes as of v2.2.1 have also been applied to v2.3.0. Additionally the following fixes have been made.
+
+**FAB-18244: orderer - Single node orderer will not start due to inconsistent state**
+
+If using a single node orderer, it was possible to get into an inconsistent state where
+a Raft WAL snapshot was taken but an in-flight block at the associated height is not yet written.
+This fix resolves the inconsistent state by writing the last block, so that the
+single node orderer can start.
+
+**FAB-18192: orderer - Consenter certificate validation fails when MSP is not part of existing configuration**
+
+If adding an organization MSP and a Raft consenter in the same configuration update transaction, validation fails
+with error "consensus metadata update for channel config update is invalid" "certificate signed by unknown authority".
+This fix adds logic to verify consenters based on the updated set of organization MSP root CAs.
+
+**peer and orderer PKCS#11 - Always Finalize the PKCS#11 FindObject Operation**
+
+In certain error paths, a PKCS#11 session was not finalized, leaving the session
+in a locked state so that it could not be reused.
+This fix finalizes session handles even in error paths, so that the session can be reused
+by subsequent calls.
+
+**orderer - Allow tick interval override via orderer.yaml**
+
+If a raft network becomes unstable, sometimes, adjusting the tick
+interval duration can be effective to restore it.  However, the tick interval is
+stored in the channel configuration, so if the network is not operational,
+modifying it is very challenging. This fix adds `Consensus.TickIntervalOverride`
+option to orderer.yaml configuration, allowing the channel configuration parameter
+to be overridden from the local configuration.
+
+Improvements
+------------
+
+**FAB-18298: orderer - Default values for `General.Cluster.ClientCertificate` and `General.Cluster.ClientPrivateKey`**
+
+If orderer.yaml configuration options
+`General.Cluster.ClientCertificate` and `General.Cluster.ClientPrivateKey` are not set,
+default them to the server `General.TLS.Certificate` and `General.TLS.PrivateKey` values.
+This change simplifies orderer node configuration by not requiring the client certificates to be explicitly set.
+
 
 Changes
 -------
 
-- **Require orderer file ledger location to be set**
+**Require orderer file ledger location to be set**
 
-  The Orderer.FileLedger.Location must now be set. Utilizing the 
-  Orderer.FileLedger.Prefix to generate a new temporary directory 
-  with the specified prefix every time the orderer is restarted
-  is no longer supported. The orderer will panic if a location is 
-  not provided.
+The Orderer.FileLedger.Location must now be set. Utilizing the
+Orderer.FileLedger.Prefix to generate a new temporary directory
+with the specified prefix every time the orderer is restarted
+is no longer supported. The orderer will panic if a location is
+not provided.
 
 
 Dependency updates

sampleconfig/orderer.yaml

@@ -47,11 +47,15 @@ General:
         # Consensus messages are dropped if the buffer is full, and transaction
         # messages are waiting for space to be freed.
         SendBufferSize: 10
+
         # ClientCertificate governs the file location of the client TLS certificate
         # used to establish mutual TLS connections with other ordering service nodes.
+        # If not set, the server General.TLS.Certificate is re-used.
         ClientCertificate:
         # ClientPrivateKey governs the file location of the private key of the client TLS certificate.
+        # If not set, the server General.TLS.PrivateKey is re-used.
         ClientPrivateKey:
+
         # The below 4 properties should be either set together, or be unset together.
         # If they are set, then the orderer node uses a separate listener for intra-cluster
         # communication. If they are unset, then the general orderer listener is used.