Release fabric v1.4.4

Note that release notes are now formatted in markdown syntax.

Change-Id: I9f4b5658e2bf72f0c22dfcb001d0093f4cfd265e
Signed-off-by: David Enyeart <enyeart@us.ibm.com>

CHANGELOG.md

@@ -1,3 +1,66 @@
+## v1.4.4
+Thu Nov 14 14:20:45 EST 2019
+
+* [b8bd253](https://github.com/hyperledger/fabric/commit/b8bd253) Add release notes for v1.4.4
+* [95ffcdc](https://github.com/hyperledger/fabric/commit/95ffcdc) [FAB-15814](https://jira.hyperledger.org/browse/FAB-15814) Add endpoint for versioning metadata
+* [06f4ad8](https://github.com/hyperledger/fabric/commit/06f4ad8) [FAB-17060](https://jira.hyperledger.org/browse/FAB-17060) Remove s390x from multiarch script
+* [707f763](https://github.com/hyperledger/fabric/commit/707f763) [FAB-16544](https://jira.hyperledger.org/browse/FAB-16544) Homogenize orderer endpoint overrides
+* [07db0a8](https://github.com/hyperledger/fabric/commit/07db0a8) Do not require reboot when re-adding consenter
+* [96028fd](https://github.com/hyperledger/fabric/commit/96028fd) [FAB-15389](https://jira.hyperledger.org/browse/FAB-15389) Fix private data dissemination
+* [1989eee](https://github.com/hyperledger/fabric/commit/1989eee) [FAB-17000](https://jira.hyperledger.org/browse/FAB-17000) Warn when cert expiration is nigh
+* [c77496c](https://github.com/hyperledger/fabric/commit/c77496c) Complete chaincode execution on stream termination
+* [5416aef](https://github.com/hyperledger/fabric/commit/5416aef) [FAB-16544](https://jira.hyperledger.org/browse/FAB-16544) IT for orderer endpoint overrides
+* [83e3cb4](https://github.com/hyperledger/fabric/commit/83e3cb4) [FAB-16852](https://jira.hyperledger.org/browse/FAB-16852) Update doc to Go v1.12.12
+* [4b0e995](https://github.com/hyperledger/fabric/commit/4b0e995) Add Info message for delivery client
+* [d7f8962](https://github.com/hyperledger/fabric/commit/d7f8962) [FAB-16852](https://jira.hyperledger.org/browse/FAB-16852) Update Go to v1.12.12
+* [1a1c71a](https://github.com/hyperledger/fabric/commit/1a1c71a) [FAB-16544](https://jira.hyperledger.org/browse/FAB-16544) Backport orderer TLS cert overrides
+* [63e1563](https://github.com/hyperledger/fabric/commit/63e1563) [FAB-16544](https://jira.hyperledger.org/browse/FAB-16544) Fix IT UpdateChannel to match doc
+* [5879cd3](https://github.com/hyperledger/fabric/commit/5879cd3) [FAB-16980](https://jira.hyperledger.org/browse/FAB-16980) add lock to UpdateEndpoints
+* [31f85f6](https://github.com/hyperledger/fabric/commit/31f85f6) [FAB-14819](https://jira.hyperledger.org/browse/FAB-14819) Remove duplicate call to GetTxReadWriteSet
+* [3b7b8f0](https://github.com/hyperledger/fabric/commit/3b7b8f0) [FAB-16948](https://jira.hyperledger.org/browse/FAB-16948) To make same with github
+* [8196d66](https://github.com/hyperledger/fabric/commit/8196d66) [FAB-16948](https://jira.hyperledger.org/browse/FAB-16948) Fabric go cid interface enhancement
+* [0c221f4](https://github.com/hyperledger/fabric/commit/0c221f4) [FAB-16932](https://jira.hyperledger.org/browse/FAB-16932) Typo in Chaincode Command
+* [1485c3d](https://github.com/hyperledger/fabric/commit/1485c3d) Clarify configtx.yaml capability settings
+* [dc14773](https://github.com/hyperledger/fabric/commit/dc14773) [FAB-16922](https://jira.hyperledger.org/browse/FAB-16922) Symbol encoding format error in doc
+* [d0eecba](https://github.com/hyperledger/fabric/commit/d0eecba) [FAB-16885](https://jira.hyperledger.org/browse/FAB-16885) Doc usage of salt for private data
+* [3d49575](https://github.com/hyperledger/fabric/commit/3d49575) Fix Raft UT flake by prolong eventual timeout
+* [76383ac](https://github.com/hyperledger/fabric/commit/76383ac) [FAB-16883](https://jira.hyperledger.org/browse/FAB-16883) fix kafka.rst doc formatting
+* [d6669bf](https://github.com/hyperledger/fabric/commit/d6669bf) [FAB-16873](https://jira.hyperledger.org/browse/FAB-16873) fix cryptogen server TLS to admins
+* [a2bdb34](https://github.com/hyperledger/fabric/commit/a2bdb34) [FAB-16868](https://jira.hyperledger.org/browse/FAB-16868): fix `txn` typo error in documents
+* [76efd6d](https://github.com/hyperledger/fabric/commit/76efd6d) [FAB-16881](https://jira.hyperledger.org/browse/FAB-16881) sample configtx.yaml comment fix
+* [5cbfc4f](https://github.com/hyperledger/fabric/commit/5cbfc4f) Set DOCKER_DYNAMIC_LINK to true
+* [59d4adc](https://github.com/hyperledger/fabric/commit/59d4adc) [FAB-16756](https://jira.hyperledger.org/browse/FAB-16756) kafka migration guide fix
+* [cea596a](https://github.com/hyperledger/fabric/commit/cea596a) [FAB-16783](https://jira.hyperledger.org/browse/FAB-16783) the cryptogen gen admin cert ou error
+* [81953e5](https://github.com/hyperledger/fabric/commit/81953e5) [FAB-16652](https://jira.hyperledger.org/browse/FAB-16652) check for empty acl api ref
+* [b0de151](https://github.com/hyperledger/fabric/commit/b0de151) [FAB-16241](https://jira.hyperledger.org/browse/FAB-16241) update documentation
+* [0c9848a](https://github.com/hyperledger/fabric/commit/0c9848a) [FAB-16052](https://jira.hyperledger.org/browse/FAB-16052) Fix peerchaincode doc
+* [0acd6e9](https://github.com/hyperledger/fabric/commit/0acd6e9) [FAB-16643](https://jira.hyperledger.org/browse/FAB-16643) - Fix a bug in pvt data reconciliation
+* [6197789](https://github.com/hyperledger/fabric/commit/6197789) [FAB-16651](https://jira.hyperledger.org/browse/FAB-16651) Fix conn leak if certs renewed
+* [54f027d](https://github.com/hyperledger/fabric/commit/54f027d) Fabric update to baseimage 0.4.16
+* [456e9ad](https://github.com/hyperledger/fabric/commit/456e9ad) [FAB-16715](https://jira.hyperledger.org/browse/FAB-16715) Wire orderer endpoint overrides via config
+* [3345371](https://github.com/hyperledger/fabric/commit/3345371) [FAB-16695](https://jira.hyperledger.org/browse/FAB-16695) Enable split admin, cluster ports in IT
+* [0554664](https://github.com/hyperledger/fabric/commit/0554664) [FAB-16729](https://jira.hyperledger.org/browse/FAB-16729) Remove extra "now" typo
+* [a78be91](https://github.com/hyperledger/fabric/commit/a78be91) [IN-68] Add default GitHub SECURITY policy
+* [bbb3616](https://github.com/hyperledger/fabric/commit/bbb3616) [FAB-16728](https://jira.hyperledger.org/browse/FAB-16728) Remove extra unneeded "be"
+* [23de844](https://github.com/hyperledger/fabric/commit/23de844) [FAB-16695](https://jira.hyperledger.org/browse/FAB-16695) Make peerServer singleton a slice
+* [ad1b514](https://github.com/hyperledger/fabric/commit/ad1b514) [FAB-16695](https://jira.hyperledger.org/browse/FAB-16695) Re-use metrics for comm GRPCServer
+* [1a4ff3f](https://github.com/hyperledger/fabric/commit/1a4ff3f) [FAB-16715](https://jira.hyperledger.org/browse/FAB-16715) Wire endpoint override in UpdateEndpoints
+* [994f15c](https://github.com/hyperledger/fabric/commit/994f15c) [FAB-16715](https://jira.hyperledger.org/browse/FAB-16715) Add overrides to ConnectionCriteria
+* [0ac4069](https://github.com/hyperledger/fabric/commit/0ac4069) [FAB-16706](https://jira.hyperledger.org/browse/FAB-16706) remove validate ledger
+* [cdaa9dd](https://github.com/hyperledger/fabric/commit/cdaa9dd) [FAB-16483](https://jira.hyperledger.org/browse/FAB-16483) Improve error message
+* [14e85ce](https://github.com/hyperledger/fabric/commit/14e85ce) [FAB-16274](https://jira.hyperledger.org/browse/FAB-16274) - Add link to off_chain_data sample
+* [7775c13](https://github.com/hyperledger/fabric/commit/7775c13) [FAB-15666](https://jira.hyperledger.org/browse/FAB-15666) Pass NetworkMode in DockerBuildOptions
+* [003c8c5](https://github.com/hyperledger/fabric/commit/003c8c5) Add test for deployImage
+* [1483166](https://github.com/hyperledger/fabric/commit/1483166) [FAB-16687](https://jira.hyperledger.org/browse/FAB-16687) reduce mutex contention in validator
+* [bc2d289](https://github.com/hyperledger/fabric/commit/bc2d289) [FAB-16630](https://jira.hyperledger.org/browse/FAB-16630) Fix comment error
+* [fcfd12e](https://github.com/hyperledger/fabric/commit/fcfd12e) [FAB-16165](https://jira.hyperledger.org/browse/FAB-16165) Change pkcs11 test keystore directory
+* [0abcce8](https://github.com/hyperledger/fabric/commit/0abcce8) [FAB-16650](https://jira.hyperledger.org/browse/FAB-16650) align sentence for eventclient readme
+* [a5d9a93](https://github.com/hyperledger/fabric/commit/a5d9a93) [FAB-16605](https://jira.hyperledger.org/browse/FAB-16605) Add log message for slow WAL
+* [157f500](https://github.com/hyperledger/fabric/commit/157f500) [FAB-16571](https://jira.hyperledger.org/browse/FAB-16571) Fix peer panic when package java chaincode
+* [7f1abdb](https://github.com/hyperledger/fabric/commit/7f1abdb) [FAB-16580](https://jira.hyperledger.org/browse/FAB-16580) Remove Hyperledger Composer references
+* [48a1c86](https://github.com/hyperledger/fabric/commit/48a1c86) [FAB-16413](https://jira.hyperledger.org/browse/FAB-16413) Prepare for next fabric rel (1.4.4)
+* [05479d9](https://github.com/hyperledger/fabric/commit/05479d9) [FAB-16376](https://jira.hyperledger.org/browse/FAB-16376) MSP_1.4.3: support for admincerts
+
 ## v1.4.3
 Mon Aug 26 15:15:42 EDT 2019
 

README.md

@@ -28,6 +28,7 @@ open source architecture; Hyperledger Fabric is your starting point.
 
 ## Releases
 
+- [v1.4.4 - November 14, 2019](https://github.com/hyperledger/fabric/releases/tag/v1.4.4)
 - [v1.4.3 - August 26, 2019](https://github.com/hyperledger/fabric/releases/tag/v1.4.3)
 - [v1.4.2 - July 17, 2019](https://github.com/hyperledger/fabric/releases/tag/v1.4.2)
 - [v1.4.1 - April 11, 2019](https://github.com/hyperledger/fabric/releases/tag/v1.4.1)

docs/source/install.rst

@@ -48,12 +48,12 @@ the binaries and images.
 
 .. note:: If you want a specific release, pass a version identifier for Fabric,
           Fabric-ca and thirdparty Docker images.
-          The command below demonstrates how to download **Fabric v1.4.3**
+          The command below demonstrates how to download **Fabric v1.4.4**
 
 .. code:: bash
 
   curl -sSL http://bit.ly/2ysbOFE | bash -s -- <fabric_version> <fabric-ca_version> <thirdparty_version>
-  curl -sSL http://bit.ly/2ysbOFE | bash -s -- 1.4.3 1.4.3 0.4.15
+  curl -sSL http://bit.ly/2ysbOFE | bash -s -- 1.4.4 1.4.4 0.4.18
 
 .. note:: If you get an error running the above curl command, you may
           have too old a version of curl that does not handle

docs/source/whatsnew.rst

@@ -174,10 +174,12 @@ with a link to the full release change log.
 * `Fabric v1.4.1 release notes <https://github.com/hyperledger/fabric/releases/tag/v1.4.1>`_.
 * `Fabric v1.4.2 release notes <https://github.com/hyperledger/fabric/releases/tag/v1.4.2>`_.
 * `Fabric v1.4.3 release notes <https://github.com/hyperledger/fabric/releases/tag/v1.4.3>`_.
+* `Fabric v1.4.4 release notes <https://github.com/hyperledger/fabric/releases/tag/v1.4.4>`_.
 * `Fabric CA v1.4.0 release notes <https://github.com/hyperledger/fabric-ca/releases/tag/v1.4.0>`_.
 * `Fabric CA v1.4.1 release notes <https://github.com/hyperledger/fabric-ca/releases/tag/v1.4.1>`_.
 * `Fabric CA v1.4.2 release notes <https://github.com/hyperledger/fabric-ca/releases/tag/v1.4.2>`_.
 * `Fabric CA v1.4.3 release notes <https://github.com/hyperledger/fabric-ca/releases/tag/v1.4.3>`_.
+* `Fabric CA v1.4.4 release notes <https://github.com/hyperledger/fabric-ca/releases/tag/v1.4.4>`_.
 
 .. Licensed under Creative Commons Attribution 4.0 International License
-   https://creativecommons.org/licenses/by/4.0/
+   https://creativecommons.org/licenses/by/4.0/

release_notes/v1.4.4.md

@@ -0,0 +1,156 @@
+v1.4.4 Release Notes - November 14, 2019
+========================================
+
+What's New in Hyperledger Fabric v1.4.4
+---------------------------------------
+
+The following enhancements are included in this release:
+
+- **FAB-16715, FAB-16544: Orderer endpoint override**
+
+  Ordering networks whose addresses or TLS root certificates change will cause problems for new
+  peers joining channels because the channel genesis block will contain the outdated orderer
+  information. A new configuration option for orderer endpoint overrides allows administrators
+  to configure peers to translate old orderer addresses and certificates to the updated
+  orderer addresses and certificate pools.
+
+- **FAB-17000: Provide notification to users if certs are about to expire**
+
+  Peers and orderers now log a warning to the log a week before the enrollment certificate or
+  TLS certificate expire. Example log entries:
+
+  `[certmonitor] trackCertExpiration -> WARN 011 The server TLS certificate expires within one week`
+
+  `[certmonitor] trackCertExpiration -> WARN 011 The enrollment certificate expires within 2 days and 5 hours`
+
+- **FAB-15814: Add operations endpoint to expose peer/orderer version**
+
+  Adds a /version endpoint to the operations server that serves peer/orderer metadata
+  including Version number and CommitSHA.
+
+- **FAB-16852** Bump to Go v1.12.12 and baseimage 0.4.18
+
+- **FABB-128** Bump node.js to 8.16.1 and npm to 6.11.3 in 0.4.18 baseimage
+
+Fixes
+-----
+
+- **FAB-13552: Re-addition of a removed OSN in a channel** - Prior to the fix, if a Raft orderer was
+  removed from the consenter set in the channel configuration, it would not check to see if was added
+  back and a reboot was required.
+
+- **FAB-15026: Segmentation violation in peer chaincode install** -  Prior to the fix, the tar processing
+  during chaincode package install could trigger a panic while looking up user info when run with
+  certain versions of libc. The calls to libc are no longer made.
+
+- **FAB-15389: Endorsing peer is not honoring maxPeerCount for private data dissemination** - Prior
+  to the fix, there was a chance that peers chosen for private data dissemination at endorsement time
+  could potentially be counted twice towards maxPeerCount, leading to disseminating private data to
+  fewer peers than expected.
+
+- **FAB-15666: NetworkMode does not get passed to chaincode image build**
+  Prior to the fix, the peer's configured docker NetworkMode was not getting passed
+  upon chaincode image build.
+
+- **FAB-16571: Fix panic in peer chaincode package command** - Prior to the fix, the peer
+  chaincode package command could panic when traversing the chaincode location.
+
+- **FAB-16610: Commit block to ledger hang when chaincode crash** - Prior to the fix, if a chaincode
+  terminated abnormally during an invocation, a lock would prevent blocks from committing until the
+  execution timeout (core.chaincode.executetimeout property) was triggered. The fix ensures that the
+  lock is released immediately on exit.
+
+- **FAB-16643: Nil pointer during reconciliation of deleted private data** - Prior to the fix,
+  if a peer is trying to reconcile missing private data, and the private data key has since been
+  deleted, the peer will panic with a nil pointer exception.
+
+- **FAB-16651: Fix connection leak if certificates renewed** - Prior to the fix, peers that have changed
+  their enrollment certificate without changing their endpoint caused connections to leak over time.
+
+- **FAB-16695: Separate listeners causes panic** - Prior to the fix, configuring separate
+  listeners for the peer admin service or for the orderer cluster service would cause a
+  panic on startup if Prometheus metrics were enabled.
+
+- **FAB-16948: Nil pointer exception in CID GetID() when using Idemix** - GetID now returns an error
+  when invoked on a chaincode request from an Idemix identity.
+
+
+Changes, Known Issues, and Workarounds
+--------------------------------------
+
+- **FAB-12134: Same chaincode source receiving fingerprint mismatch error** -
+  Chaincode installed in different ways may result in "chaincode fingerprint
+  mismatch data mismatch" error upon instantiation. This may happen when
+  installing chaincode by using different SDKs. To workaround the problem,
+  package the chaincode prior to installation and instantiation, by using
+  the "peer chaincode package" command.
+
+
+Known Vulnerabilities
+---------------------
+
+- **FAB-8664: Peer should detect and react when its org has been removed**
+  This is a relatively low severity problem, because it requires a significant
+  conspiracy of network admins, but it will be addressed in a future release.
+
+
+Resolved Vulnerabilities
+------------------------
+None.
+
+
+Deprecations
+------------
+The following functions are deprecated and are targeted for removal in a future release.
+
+- Support for automatically vendoring the chaincode shim into user chaincodes.
+  The fabric-ccenv image which is used to build chaincode, currently includes
+  the github.com/hyperledger/fabric/core/chaincode/shim ("shim") package.
+  This is convenient, as it provides the ability to package chaincode
+  without the need to include the "shim". However, this may cause issues in future
+  releases (and/or when trying to use packages which are included by the "shim").
+  In order to avoid any issues, users are advised to manually vendor the "shim"
+  package with their chaincode prior to using the peer CLI for packaging and/or
+  for installing chaincode.
+  For more details see FAB-5177.
+
+- Support for CAR chaincode package format
+  Support for packaging chaincode using the CAR format will be removed in
+  a future release.
+  For more details see FAB-14720.
+
+- Support for specifying orderer endpoints at the global level in channel configuration.
+  Utilize the new 'OrdererEndpoints' stanza within the channel configuration of
+  an organization instead.
+  For more details see FAB-7559.
+
+- Support for invoking system chaincodes from user chaincodes.
+  System chaincodes, for example QSCC, are intended to be invoked by
+  a client rather than by a user chaincode. Invoking from a user chaincode
+  may cause deadlocks.
+  For more details see FAB-15285.
+
+- Support for user chaincodes to utilize the chaincode shim's logger via NewLogger().
+  Chaincodes that used the shim's NewLogger() will need to shift to their own preferred
+  logging mechanism.
+  For more details see FAB-15366.
+
+- Support for peer's Admin service.
+  The peer's Admin service exposes APIs such as GetLogSpec() and SetLogSpec().
+  Instead of using these services, utilize the HTTP operations service that was
+  introduced in v1.4.0.
+  For more details see FAB-15390.
+
+- Support for Solo ordering service.
+  With the introduction of Raft-based ordering service in v1.4.1, it is possible
+  to deploy a single-node (non-production) or multi-node
+  Raft-based ordering service with no external dependencies.
+  For single-node (non-production) ordering services, utilize Raft-based ordering
+  service with a single node instead of Solo ordering service.
+  For more details see FAB-15754.
+
+
+Change log
+----------
+For the full list of changes, refer to the release change log:
+https://github.com/hyperledger/fabric/blob/release-1.4/CHANGELOG.md#v144

scripts/bootstrap.sh

@@ -6,11 +6,11 @@
 #
 
 # if version not passed in, default to latest released version
-export VERSION=1.4.3
+export VERSION=1.4.4
 # if ca version not passed in, default to latest released version
-export CA_VERSION=1.4.3
+export CA_VERSION=1.4.4
 # current version of thirdparty images (couchdb, kafka and zookeeper) released
-export THIRDPARTY_IMAGE_VERSION=0.4.15
+export THIRDPARTY_IMAGE_VERSION=0.4.18
 export ARCH=$(echo "$(uname -s|tr '[:upper:]' '[:lower:]'|sed 's/mingw64_nt.*/windows/')-$(uname -m | sed 's/x86_64/amd64/g')")
 export MARCH=$(uname -m)
 
@@ -23,8 +23,8 @@ printHelp() {
   echo "-s : bypass fabric-samples repo clone"
   echo "-b : bypass download of platform-specific binaries"
   echo
-  echo "e.g. bootstrap.sh 1.4.3 -s"
-  echo "would download docker images and binaries for version 1.4.3"
+  echo "e.g. bootstrap.sh 1.4.4 -s"
+  echo "would download docker images and binaries for version 1.4.4"
 }
 
 dockerFabricPull() {