7.0.0-dev13

Added

• Added time-based snapshot scheduling. Snapshots can now be triggered after a configurable wall-clock interval (snapshots.time_interval) elapses, in addition to the existing transaction-count threshold (snapshots.tx_count). A new snapshots.min_tx_count option (default 2) sets the minimum number of transactions required before a time-based snapshot fires. Snapshot timing state is replicated to backups via a new public:ccf.internal.snapshot_status internal table (#7731).
• Added support for endpoints that defer their HTTP response until the submitted transaction reaches a terminal consensus state (committed or invalidated). Endpoint authors can call set_consensus_committed_function() when installing an endpoint to register a callback that is invoked once the transaction is globally committed or invalidated. The callback receives the ccf::TxID and a ccf::FinalTxStatus (either Committed or Invalid), and may inspect or modify the response before it is sent. A built-in ccf::endpoints::default_respond_on_commit_func is provided that returns the original response on commit, or an error on invalidation. See the logging sample app (/log/blocking/private) for example usage (#7562).

Fixed

• Fixed the Turin SEV-SNP CPUID mapping used for product detection. (#7748)

6.0.25

Added

• Support for COSE-only receipts in snapshots to support (#7711, #7712)
• Support for Turin attestations (#7295, #7264, #7449, #7748, #7749)

7.0.0-dev12

Added

• Backup nodes can now be configured to automatically fetch snapshots from the primary when snapshot evidence is detected. This is controlled by the snapshots.backup_fetch configuration section, with enabled, max_attempts, retry_interval, max_size and target_rpc_interface options. Note that the target RPC interface selected must have the SnapshotRead operator feature enabled.
• Added ccf::IdentityHistoryNotFetched exception type to distinguish identity-history-fetching errors from other logic errors in the network identity subsystem (#7708).
• Added ccf::describe_cose_receipt_v1(receipt) to obtain COSE receipts with Merkle proof in unprotected header for non-signature TXs, and empty unprotected header for signature TXs (#7700).
• NetworkIdentitySubsystemInterface now exposes get_trusted_keys(), returning all trusted network identity keys as a TrustedKeys map (#7690).
• Added support for self-transparent code update policies (#7681).

Changed

• On recovery, the UVM descriptor SVN is now set to the minimum of the previously stored value in the KV and the value found in the new node's startup endorsements. On start, the behaviour is unchanged (#7716).
• Refactored the user facing surface of self-healing-open and local sealing. The whole feature is now sealing-recovery with self-healing-open now referred to as the recovery-decision-protocol (#7679).
• Local sealing is enabled by setting the sealing-recovery config field (for both the sealing node, and the unsealing recovery node).
• The local sealing identity is under sealing-recovery.location.name.
• The recovery-decision-protocol is configured via sealing-recovery.recovery_decision_protocol.
• Snapshots now carry COSE receipts, JSON receipts are no longer included (#7711).

6.0.24

Fixed

• Fix race condition when initialising a ledger secret's commit secret (#7689)
• Add missing cases for FailedInvalidCPUID and FailedInvalidTcbVersion in quote verification error handling (#7696).
• On recovery, the UVM descriptor SVN is now set to the minimum of the previously stored value in the KV and the value found in the new node's startup endorsements. On start, the behaviour is unchanged (#7716).

7.0.0-dev11

Changed

• When fetch_recent_snapshot is enabled, snapshot fetching now occurs in response to a StartupSeqnoIsOld error during join, rather than eagerly at startup. Fetched snapshots are verified before use, and corrupt local snapshots are skipped. See documentation (#7630).

7.0.0-dev10

Added

• GET and HEAD /node/ledger-chunk?since={seqno} and /node/ledger-chunk/{chunk_name} endpoints, gated by the LedgerChunkDownload RPC interface operator feature. See documentation for more detail.
• GET and HEAD /node/ledger-chunk/{chunk_name} and /node/snapshot/{snapshot_name} now support the Want-Repr-Digest request header and return the Repr-Digest response header accordingly (RFC 9530). Supported algorithms are sha-256, sha-384, and sha-512. If no supported algorithm is requested, the server defaults to sha-256 (#7650).
• ETag and If-None-Match support on GET /node/ledger-chunk/{chunk_name}, using SHA-256 by default for the ETag response header. Clients can supply If-None-Match with sha-256, sha-384, or sha-512 digest ETags to avoid re-downloading unchanged content (#7652).

Changed

• ccf::crypto::HashProvider::Hash() has been renamed to ccf::crypto::HashProvider::hash() for consistency with the rest of the API (#7660).

Fixed

• Only rollback uncommittable indices during become_leader (#7620)
• x509 parsing now correctly handles times validity beyond 2262. To support this, some public function signatures (ccf::ds::time_point_from_string(), ccf::crypto::Verifier::remaining_seconds()) now use time_points from ccf::nonstd::SystemClock rather than std::chrono::system_clock (#7648)

6.0.23

Changed

• Updated the Python cryptography package constraint to allow 46.x versions (< 47).

6.0.22

Fixed

• x509 parsing now correctly handles times validity beyond 2262. To support this, some public function signatures (ccf::ds::time_point_from_string(), ccf::crypto::Verifier::remaining_seconds()) now use time_points from ccf::nonstd::SystemClock rather than std::chrono::system_clock (#7648)

6.0.21

Fixed

• Snapshot fetching requests now handle either inclusive-end or exclusive-end content-range headers, for compatibility with 7.x nodes.
• Primaries now indicate all of their chunk-ending transactions in the transaction header, for better interop with 7.x nodes. Upgrades must create a snapshot from the network after it has upgraded to this version, and provide that to joining 7.x nodes.

6.0.20

Fixed

• Join client now sets SNI correctly (#7622)