Skip to content

Commit

Permalink
Add release notes for v2.2.2 (#2232)
Browse files Browse the repository at this point in the history
Add release notes for v2.2.2

Signed-off-by: David Enyeart <enyeart@us.ibm.com>
  • Loading branch information
denyeart authored Jan 27, 2021
1 parent 1de0825 commit a80c772
Showing 1 changed file with 68 additions and 15 deletions.
83 changes: 68 additions & 15 deletions release_notes/v2.2.2.md
Original file line number Diff line number Diff line change
@@ -1,26 +1,17 @@
v2.2.2 Release Notes - Date TBD
=========================================

What's New in Hyperledger Fabric v2.2.2
---------------------------------------


Fixes
-----

**FAB-18192: orderer certificate update - consenter cert validation fails when
MSP is not part of existing configuration**
**peer and orderer - Always Finalize the PKCS#11 FindObject Operation**

v2.2.0 introduced validation of the consenter certificates against the orderer
MSP configuration when adding a node to the consenters set. However, it
did not allow for updating the consenters set using new MSP configuration
included in a single config update and required two separate updates - one for
the MSP configuration and then one for the consenter that referenced the new
MSP configuration. This fix resolves this by validating new consenter certs
against the simulated config to ensure it factors in any simultaneous
config updates.
In certain error paths, a PKCS#11 session was not finalized, leaving the session
in a locked state so that it could not be reused.
This fix finalizes session handles even in error paths, so that the session can be reused
by subsequent calls.

**FAB-18308: Restore support for MSPs that contain RSA certificate authorities**
**FAB-18308: peer and orderer - Restore support for MSPs that contain RSA certificate authorities**

While Fabric has never supported RSA for transaction signatures or validation,
certificate authorities included in MSP definitions could be associated with
Expand All @@ -29,6 +20,68 @@ release 2.0 and prevented migration of some networks to a 2.x version. With
these changes, version 2.x components will no longer panic when attempting to
initialize MSPs that include CA certificates associated with RSA keys.

**orderer - Allow tick interval override via orderer.yaml**

If a raft network becomes unstable, sometimes, adjusting the tick
interval duration can be effective to restore it. However, the tick interval is
stored in the channel configuration, so if the network is not operational,
modifying it is very challenging. This fix adds Consensus.TickIntervalOverride
option to orderer.yaml configuration, allowing the channel configuration parameter
to be overridden from the local configuration.

**FAB-18192: orderer - Consenter certificate validation fails when MSP is not part of existing configuration**

If adding an organization MSP and a Raft consenter in the same configuration update transaction, validation fails
with error "consensus metadata update for channel config update is invalid" "certificate signed by unknown authority".
This fix adds logic to verify consenters based on the updated set of organization MSP root CAs.

**FAB-18244: orderer - Single node orderer will not start due to inconsistent state**

If using a single node orderer, it was possible to get into an inconsistent state where
a Raft WAL snapshot was taken but an in-flight block at the associated height is not yet written.
This fix resolves the inconsistent state by writing the last block, so that the
single node orderer can start.

**orderer - Remove duplicate orderer server TLS root CAs**

This fix reduces processing overhead when an ordering service node participates
in many channels.

**FAB-18298: orderer - Default values for General.Cluster.ClientCertificate and General.Cluster.ClientPrivateKey**

If orderer.yaml configuration options
`General.Cluster.ClientCertificate` and `General.Cluster.ClientPrivateKey` are not set,
default them to the server `General.TLS.Certificate` and `General.TLS.PrivateKey` values
when the orderer is not configured to use a separate cluster port.
This change simplifies orderer node configuration by not requiring the client certificates to be explicitly set.

**peer - incorrect handling of values set to empty byte array in node chaincode**

Peer should handle key values set to nil or empty byte arrays as a delete of the key.
While the behavior worked as expected when using Go chaincode and Java chaincode, if using
node chaincode it did not work correctly when setting key values to empty byte arrays.
This fix ensures that peer will interpret empty byte arrays as deletes even for node chaincodes.
If using node chaincode with private data, if you had set private data values to an empty byte array,
the private data hash would have been committed incorrectly to the state database.
To repair the state database, after applying the fix, with the peer stopped,
request that the state database be rebuilt by calling "peer node rebuild-dbs"
or by deleting the state database. Upon the next start, the peer will rebuild the state
database from the already processed block store.
If subsequent transactions had referenced the existence of such a private data hash by
calling GetPrivateDataHash, then the subsequent transactions may have been
processed incorrectly and the peer will need to additionally reprocess blocks,
which can be triggered by calling "peer node reset" instead of "peer node rebuild-dbs".
If using regular channel data only and not private data, the empty byte array will
not have been committed, and therefore no action is required on the peer beyond applying the fix.


Dependencies
------------
Fabric v2.2.2 has been tested with the following dependencies:
* Go 1.14.12
* CouchDB v3.1.1


Deprecations (existing)
-----------------------

Expand Down

0 comments on commit a80c772

Please sign in to comment.