28 Jan 17:34

denyeart

bebb75f

v2.2.2

v2.2.2 Release Notes - January 27, 2021

Fixes

peer and orderer - Always Finalize the PKCS#11 FindObject Operation

In certain error paths, a PKCS#11 session was not finalized, leaving the session
in a locked state so that it could not be reused.
This fix finalizes session handles even in error paths, so that the session can be reused
by subsequent calls.

FAB-18308: peer and orderer - Restore support for MSPs that contain RSA certificate authorities

While Fabric has never supported RSA for transaction signatures or validation,
certificate authorities included in MSP definitions could be associated with
RSA keys. This ability was inadvertently removed during the development of
release 2.0 and prevented migration of some networks to a 2.x version. With
these changes, version 2.x components will no longer panic when attempting to
initialize MSPs that include CA certificates associated with RSA keys.

orderer - Allow tick interval override via orderer.yaml

If a raft network becomes unstable, sometimes, adjusting the tick
interval duration can be effective to restore it. However, the tick interval is
stored in the channel configuration, so if the network is not operational,
modifying it is very challenging. This fix adds Consensus.TickIntervalOverride
option to orderer.yaml configuration, allowing the channel configuration parameter
to be overridden from the local configuration.

FAB-18192: orderer - Consenter certificate validation fails when MSP is not part of existing configuration

If adding an organization MSP and a Raft consenter in the same configuration update transaction, validation fails
with error "consensus metadata update for channel config update is invalid" "certificate signed by unknown authority".
This fix adds logic to verify consenters based on the updated set of organization MSP root CAs.

FAB-18244: orderer - Single node orderer will not start due to inconsistent state

If using a single node orderer, it was possible to get into an inconsistent state where
a Raft WAL snapshot was taken but an in-flight block at the associated height is not yet written.
This fix resolves the inconsistent state by writing the last block, so that the
single node orderer can start.

orderer - Remove duplicate orderer server TLS root CAs

This fix reduces processing overhead when an ordering service node participates
in many channels.

FAB-18298: orderer - Default values for General.Cluster.ClientCertificate and General.Cluster.ClientPrivateKey

If orderer.yaml configuration options
General.Cluster.ClientCertificate and General.Cluster.ClientPrivateKey are not set,
default them to the server General.TLS.Certificate and General.TLS.PrivateKey values
when the orderer is not configured to use a separate cluster port.
This change simplifies orderer node configuration by not requiring the client certificates to be explicitly set.

peer - incorrect handling of values set to empty byte array in node chaincode

Peer should handle key values set to nil or empty byte arrays as a delete of the key.
While the behavior worked as expected when using Go chaincode and Java chaincode, if using
node chaincode it did not work correctly when setting key values to empty byte arrays.
This fix ensures that peer will interpret empty byte arrays as deletes even for node chaincodes.
If using node chaincode with private data, if you had set private data values to an empty byte array,
the private data hash would have been committed incorrectly to the state database.
To repair the state database, after applying the fix, with the peer stopped,
request that the state database be rebuilt by calling "peer node rebuild-dbs"
or by deleting the state database. Upon the next start, the peer will rebuild the state
database from the already processed block store.
If subsequent transactions had referenced the existence of such a private data hash by
calling GetPrivateDataHash, then the subsequent transactions may have been
processed incorrectly and the peer will need to additionally reprocess blocks,
which can be triggered by calling "peer node reset" instead of "peer node rebuild-dbs".
If using regular channel data only and not private data, the empty byte array will
not have been committed, and therefore no action is required on the peer beyond applying the fix.

Dependencies

Fabric v2.2.2 has been tested with the following dependencies:

Go 1.14.12
CouchDB v3.1.1

Deprecations (existing)

FAB-15754: The 'Solo' consensus type is deprecated.

The 'Solo' consensus type has always been marked non-production and should be in
use only in test environments, however for compatibility it is still available,
but may be removed entirely in a future release.

FAB-16408: The 'Kafka' consensus type is deprecated.

The 'Raft' consensus type was introduced in v1.4.1 and has become the preferred
production consensus type. There is a documented and tested migration path from
Kafka to Raft, and existing users should migrate to the newer Raft consensus type.
For compatibility with existing deployments, Kafka is still supported,
but may be removed entirely in a future release.
Additionally, the fabric-kafka and fabric-zookeeper docker images are no longer updated, maintained, or published.

Fabric CouchDB image is deprecated

v2.2.0 added support for CouchDB 3.1.0 as the recommended and tested version of CouchDB.
If prior versions are utilized, a Warning will appear in peer log.
Note that CouchDB 3.1.0 requires that an admin username and password be set,
while this was optional in CouchDB v2.x. See the
Fabric CouchDB documentation
for configuration details.
Also note that CouchDB 3.1.0 default max_document_size is reduced to 8MB. Set a higher value if needed in your environment.
Finally, the fabric-couchdb docker image will not be updated to v3.1.0 and will no longer be updated, maintained, or published.
Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead.

FAB-7559: Support for specifying orderer endpoints at the global level in channel configuration is deprecated.

Utilize the new 'OrdererEndpoints' stanza within the channel configuration of an organization instead.
Configuring orderer endpoints at the organization level accommodates
scenarios where orderers are run by different organizations. Using
this configuration ensures that only the TLS CA certificates of that organization
are used for orderer communications, in contrast to the global channel level endpoints which
would cause an aggregation of all orderer TLS CA certificates across
all orderer organizations to be used for orderer communications.

FAB-17428: Support for configtxgen flag --outputAnchorPeersUpdate is deprecated.

The --outputAnchorPeersUpdate mechanism for updating anchor peers has always had
limitations (for instance, it only works the first time anchor peers are updated).
Instead, anchor peer updates should be performed through the normal config update flow.

FAB-15406: The fabric-tools docker image is deprecated

The fabric-tools docker image will not be published in future Fabric releases.
Instead of using the fabric-tools docker image, users should utilize the
published Fabric binaries. The Fabric binaries can be used to make client calls
to Fabric runtime components, regardless of where the Fabric components are running.

FAB-15317: Block dissemination via gossip is deprecated

Block dissemination via gossip is deprecated and may be removed in a future release.
Fabric peers can be configured to receive blocks directly from an ordering service
node by using the following configuration:

peer.gossip.orgLeader: true
peer.gossip.useLeaderElection: false
peer.gossip.state.enabled: false

FAB-15061: Legacy chaincode lifecycle is deprecated

The legacy chaincode lifecycle from v1.x is deprecated and will be removed
in a future release. To prepare for the eventual removal, utilize the v2.x
chaincode lifecycle instead, by enabling V2_0 application capability on all
channels, and redeploying all chaincodes using the v2.x lifecycle. The new
chaincode lifecycle provides a more flexible and robust governance model
for chaincodes. For more details see the
documentation for enabling the new lifecycle.

Changes:

bebb75f v2.2.2 release commit
a80c772 Add release notes for v2.2.2 (#2232)
1de0825 Fix the issue of Nil/Zero-length-byte-array value (#2310)
e5ecdef Remove system channel from Test Network tutorial
c25eb86 [FAB-15648] document update: Non-TLS orderer with etcdraft usage (#1678)
a861c00 cherry pick test network doc chaincode deployment fix
10c7839 Remove unreachable and unnecessary code in gossip membership (#2295)
6805515 Orderer deployment tutorial update
fba5d90 [doc] fix broken link
48bad48 [FAB-18170] Endorsement policy page discusses NodeSDK

See More

ee8fcfc [FAB-18392] Clarify scope and limitations of test network
90326b8 [FAB-18252] Documentation should reference Java chaincode support
813be7f Remove anchor peers from confi...

Assets 5

28 Jan 17:43

denyeart

v1.4.10

7d1ee82

v1.4.10

v1.4.10 Release Notes - January 27, 2021

Fixes

peer and orderer PKCS#11 - Always Finalize the PKCS#11 FindObject Operation

orderer - Allow tick interval override via orderer.yaml

FAB-18244: orderer - Single node orderer will not start due to inconsistent state

orderer - Remove duplicate orderer server TLS root CAs

This fix reduces processing overhead when an ordering service node participates
in many channels.

peer - incorrect handling of values set to empty byte array in node chaincode

Dependencies

Fabric v1.4.10 has been tested with the following dependencies:

Go 1.14.12
Fabric baseimage 0.4.22
CouchDB v2.3.1

Changes, Known Issues, and Workarounds

FAB-12134: Same chaincode source receiving fingerprint mismatch error -
Chaincode installed in different ways may result in "chaincode fingerprint
mismatch data mismatch" error upon instantiation. This may happen when
installing chaincode by using different SDKs. To workaround the problem,
package the chaincode prior to installation and instantiation, by using
the "peer chaincode package" command.

Known Vulnerabilities

FAB-8664: Peer should detect and react when its org has been removed
This is a relatively low severity problem, because it requires a significant
conspiracy of network admins, but it will be addressed in a future release.

Resolved Vulnerabilities

None.

Deprecations (existing)

The following functions are deprecated and are targeted for removal in a future release.

Support for automatically vendoring the chaincode shim into user chaincodes

The fabric-ccenv image which is used to build chaincode, currently includes
the github.com/hyperledger/fabric/core/chaincode/shim ("shim") package.
This is convenient, as it provides the ability to package chaincode
without the need to include the "shim". However, this may cause issues in future
releases (and/or when trying to use packages which are included by the "shim").
In order to avoid any issues, users are advised to manually vendor the "shim"
package with their chaincode prior to using the peer CLI for packaging and/or
for installing chaincode.
Support removed in v2.0. For more details see FAB-5177.

Support for CAR chaincode package format

Support for packaging chaincode using the CAR format will be removed in
a future release.
Support removed in v2.0. For more details see FAB-14720.

Support for invoking system chaincodes from user chaincodes.

System chaincodes, for example QSCC, are intended to be invoked by
a client rather than by a user chaincode. Invoking from a user chaincode
may cause deadlocks.
Support removed in v2.0. For more details see FAB-15285.

Support for user chaincodes to utilize the chaincode shim's logger via NewLogger()

Chaincodes that used the shim's NewLogger() will need to shift to their own preferred
logging mechanism.
Support removed in v2.0. For more details see FAB-15366.

Support for peer's Admin service

The peer's Admin service exposes APIs such as GetLogSpec() and SetLogSpec().
Instead of using these services, utilize the HTTP operations service that was
introduced in v1.4.0.
Support removed in v2.0. For more details see FAB-15390.

Support for specifying orderer endpoints at the global level in channel configuration.

Utilize the new 'OrdererEndpoints' stanza within the channel configuration of
an organization instead.
For more details see FAB-7559.

The 'Solo' consensus type is deprecated.

With the introduction of Raft-based ordering service in v1.4.1, it is possible
to deploy a single-node (non-production) or multi-node
Raft-based ordering service with no external dependencies.
For single-node (non-production) ordering services, utilize Raft-based ordering
service with a single node instead of Solo ordering service.
For more details see FAB-15754.

The 'Kafka' consensus type is deprecated

fabric-couchdb docker image no longer updated, maintained, or published

The fabric-couchdb docker image will no longer be updated, maintained, or published.
Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead.

Change log

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric/blob/release-1.4/CHANGELOG.md#v1410

Changes:

7d1ee82 v1.4.10 release commit
adfdd61 Add v1.4.10 release notes
3813607 Fix the issue of Nil/Zero-length-byte-array value (#2312)
e95a134 Remove unreachable and unnecessary code in gossip membership (#2296)
51a3a52 [FAB-17039] CherryPick: Skip retrieving pvtdata from transient store when txid is missing (bp #2183) (#2203)
746b7e9 [FAB-18323] CherryPick: remove ephemeral from BCCSP SW options (#1553)
25d99ba Update endorsementpolicies.md
7004000 Bump Go to 1.14.12
2dbf8d6 Bump version of golang.org/x/tools
e876e64 [FAB-13370] increase go env timeout from 10s to 1m

See More

1d7b876 Increase Eventually Timeout
a25b63f Prepare for go 1.14 (#755)
b5a12de Log TLS hanshake duration
56d7b84 Deduplicate orderer server TLS root CAs (#2030)
cf344b5 FAB-18244 single node catches up with snapshot (#2022)
83c833c [FAB-18270] Disable debug of CouchDB response body
75f9fe7 [FAB-18265] Always Use DummyKeystore For PKCS11 BCCSP Provider
a40f9d2 Allow tick interval override via orderer.yaml
db1abf6 Always Finalize the PKCS11 FindObject Operation (#1978)
df50dea Update devmode doc to note TLS must be disabled (release-1.4)
4af8308 Prepare for next release v1.4.10
da55272 Release commit for v1.4.9
5146a9f Remove No Longer Relevant Release Note
4924294 Update release notes with FAB-18250
56a81f7 [FAB-18250] Check Error Before Returning Session to Pool (#1938)
17e171b Remove escc and vscc from list of system chaincodes
2d63281 Remove GetSessionInfo Call
4f1e340 Add release notes for v1....

Assets 5

18 Nov 19:35

lindluni

v2.3.0

ec81f3e

v2.3.0

v2.3.0 Release Notes - November 18, 2020

What's New in Hyperledger Fabric v2.3

Hyperledger Fabric v2.3 introduces two new features for improved orderer and peer operations:

Orderer channel management without a system channel
Ledger snapshot

See the What's New documentation for more details about these new features.

Fixes

All fixes as of v2.2.1 have also been applied to v2.3.0. Additionally the following fixes have been made.

FAB-18244: orderer - Single node orderer will not start due to inconsistent state

FAB-18192: orderer - Consenter certificate validation fails when MSP is not part of existing configuration

FAB-18308: peer and orderer - Restore support for MSPs that contain RSA certificate authorities

peer and orderer PKCS#11 - Always Finalize the PKCS#11 FindObject Operation

orderer - Allow tick interval override via orderer.yaml

If a raft network becomes unstable, sometimes, adjusting the tick
interval duration can be effective to restore it. However, the tick interval is
stored in the channel configuration, so if the network is not operational,
modifying it is very challenging. This fix adds Consensus.TickIntervalOverride
option to orderer.yaml configuration, allowing the channel configuration parameter
to be overridden from the local configuration.

Changes

Require orderer file ledger location to be set

The Orderer.FileLedger.Location must now be set. Utilizing the
Orderer.FileLedger.Prefix to generate a new temporary directory
with the specified prefix every time the orderer is restarted
is no longer supported. The orderer will panic if a location is
not provided.

FAB-18298: orderer - Default values for General.Cluster.ClientCertificate and General.Cluster.ClientPrivateKey

Dependency updates

Bump Go to 1.14.12.

CouchDB 3.1.1 is now the tested CouchDB version.

Changes:

ec81f3e Release commit for v2.3.0 (#2144)
2ff4e0e Clarify clientRootCAs guidance in core.yaml
4c4ddfc Clarify clientRootCAs guidance in core.yaml and TLS docs (#2142)
bc33cbb [FAB-18322] Check panic message in TestInitializeServerConfig (#2140)
504caaf What's New documentation for v2.3.0 (#2126)
e7b81ba Update core.yaml, orderer.yaml and docs for TLS (#2141)
d5ed80d Add release note for RSA CA changes
a09f0e7 Add integration test for MSPs with RSA CA certs
52f511d Restore RSA support for x509 public key import
c545195 Deploy production ordering service doc

See More

5f2034f Add check for invalid key before hitting couchdb (#2133)
1f6fb08 Chan.Part.API: Onboarding and follower CFT IT (#2094)
39a8545 Fab-18337 Ch.Part.API: Test join system channel with app channels (#2128)
ab55d50 Add persistent volume note to peer deploy guide
cb683e5 Chan.Part.API: avoid flakiness after removing system channel (#2111)
48bf409 [FAB-18319] Ch.Part.API: IT Remove and rejoin channel from orderer (#2085)
7055007 Nominate Will Lahti as Fabric Maintainer
c174728 [FAB-18179] Channel Participation API Tutorial
c08c5e3 Update v2.3.0 release notes
09c0d75 Revert "[FAB-18179] Channel Participation API tutorial"
40e845b [FAB-18179] Channel Participation API tutorial
1f59e41 Remove unused type (#2120)
d997115 Update Contribution guide to point to RFC process
01bfbba Update Go to 1.14.12
4a7efe9 Remove custom errors from pvtdata store
5dcdf81 Remove custom error types from txmgr package
24868e9 Remove custom error types (#2110)
cd99b4e Enforce Admin.TLS.ClientAuthRequired in orderer config (#2107)
a01cda4 Allow osnadmin to connect without TLS (#2106)
7f6b5dd [FAB-18315] Ch.Part.API: Add remove failure metric for chain status (#2108)
b9a8338 Add snapshots to peer deploy checklist (#2109)
4f1e093 kvledger/test for snapshot generation and bootstrap
e5ebb7b Remove the temp folder on error during snapshot generation (#2104)
941f0af Document additional snapshot considerations
f1058a8 [FAB-18333] Fix panic in cluster/comm#TestRenewCertificates
4e7201b Revert "Allow BCCSP config to be set using env var (#1900)" (#2093)
b8f76ae Remove Jira screenshots (#2103)
ca26271 Redirect integration test logs to GinkgoWriter
cd623d7 Update Jira instructions in contributing guide
01394c7 Chan.Part.API: Rename pendingops/joinblock to pendingops/join
45afdbd Update channel_update_tutorial.rst with joinbysnapshot
421dddf Remove unimplemented funcitons
c590e37 Prevent race that occurs after test timeout
901fe6c [FAB-18329] Fix data race in cluster/comm_test#TestRenewCertificates (#2089)
73853ef Chan.Part.API: join system channel using config block IT (#2082)
1e90c88 osnadmin command reference (#2077)
4b134cf Chan.Part.API: Rename cluster relation to consensus relation (#2086)
d54ed92 Chan.Part.API: channel participation relation/status metrics (#2025)
cc77194 Ch.Part.API: Allow retry of failed removals (#2083)
1f372da [FAB-18318] IT: verify DUPLICATE_TXID error when resubmitting old tx on a peer bootstrapped from snapshot (#2084)
6a56a06 Update configtxgen log messages for app chan genesis block (#2076)
7f6ead9 [FAB-18132] Ch.Part.API: Remove ledger resources asynchronously (#2027)
17f075c Add function TxIDExists and use in validation path
d620ab3 [FAB-18298] Default cluster cert and key
636c361 Rename cluster relation member to consenter (#2079)
348e2c7 Add default snapshot directory to core.yaml (#2068)
4db7e4c Add osnadmin to Makefile
2b1b989 [FAB-18290] Add channel name to pvtdata reconciler log msgs
c15e44e Minor refactoring
a37ea5c Minor Refactoring
bf57390 Optimize importing snapshot data into pvtdatastore
596f720 [FAB-18307] IT: set deprioritizedDataReconcilerInterval to prevent CI flake (#2070)
32da54c [FAB-17953] IT: add tests to verify channel config can be retrieved on a peer bootstrapped from snapshot (#20...

Assets 5

30 Sep 20:04

lindluni

v2.2.1

344fda6

v2.2.1

v2.2.1 Release Notes - September 30, 2020

What's New in Hyperledger Fabric v2.2.1

Hyperledger Fabric v2.2.1 provides important improvements and fixes, with a focus on the following areas:

Management of certificate expirations
Hardware security module (HSM) efficiency
Upgrade to v2.x

Fixes

FAB-18163: orderer certificate expiration - TLSHandshakeTimeShift without separate cluster port

If the TLS certificates of the ordering service nodes expire and are not replaced in time,
communication between them cannot be established, making it impossible to send
new transactions to the ordering service. To recover from such a scenario, it is possible
to configure a backwards timeshift that ordering service nodes will utilize for TLS
handshakes so that transactions can be processed.
If the Raft cluster service is sharing the orderer’s main gRPC server port,
configure the new orderer.yaml General.TLS.TLSHandshakeTimeShift property.
If using a separate cluster listener port,
configure the orderer.yaml General.Cluster.TLSHandshakeTimeShift property.

FAB-18205: orderer certificate expiration - Permit peer CLI to communicate with orderers with expired TLS certificates

The change allows peer CLI to communicate with ordering service nodes with expired TLS certificates
by setting the --tlsHandshakeTimeShift flag to a desired backwards timeshift.
The change applies to the peer channel fetch and peer channel update commands to allow
fetching configuration blocks and updating the channel configuration for orderers with expired TLS certificates.

FAB-18171: orderer certificate expiration - Disregard certificate validity period in intra-orderer communication

This change makes the orderer cluster authentication infrastructure
disregard validity periods when comparing certificates, and only regard public keys.
With this change, an expiring Raft TLS certificate can be replaced
with a new certificate that has the same public key, without requiring channel configuration updates.

FAB-18188: peer and orderer certificate expiration - Log expiration date upon startup

The enrollment, TLS server, and TLS client certificate expiration dates are now logged upon peer and orderer startup.

peer and orderer PKCS#11 - Add object handle cache

With this change, object handles are cached in the PKCS#11 implementation.
In support of this change, in addition to pooling idle sessions, the
provider tracks active sessions. If some condition occurs that results
in all sessions being closed, cached object handles are no longer valid
so the handle cache is purged.

FAB-18250: peer and orderer PKCS#11 - Introduce error checking for evicting invalid PKCS#11 sessions

FAB-17722 introduced a call to the pkcs11 GetSessionInfo function for retrieving the current state of
the PKCS11 session. The result of this function was used to determine whether a session was still
valid to perform HSM operations or if it should be evicted from the session pool. Performance tests
showed that the call to GetSessionInfo was computationally prohibitively expensive. FAB-18242 reverted
this change and FAB-18250 introduced a new method for determining if the PKCS11 session is invalid.
Now when an HSM operation fails, we check the resultant error against the known session error codes and
evict the session from the pool if the error was the result of an invalid session.

FAB-18208: peer - Do not sign gossip message if membership is empty

This change suppresses the signing of gossip messages if the message will not get
sent regardless due to an empty gossip membership. The change reduces CPU consumption
and eliminates unnecessary calls to an HSM.

peer and orderer PKCS#11 - Add log message if a key cannot be found

A debug message is now provided in the bccsp_p11 logger if a key cannot be found in the HSM.

FAB-18194: peer - Fix service discovery for legacy installed chaincodes

The service discovery endorsers query may fail with errors
"failed constructing descriptor for chaincodes" and
"required chaincodes are not installed on sufficient peers", even
when a chaincode is installed on a sufficient number of peers.
The peer initialization has been fixed so that chaincodes installed with the legacy chaincode
lifecycle are correctly recognized by service discovery.

FAB-18191: peer - Remove contents of leveldb directory instead of the directory when dropping databases

The peer upgrade-dbs, rebuild-dbs, reset, and rollback commands each drop a peer's
leveldb databases so that they can be rebuilt upon the next peer startup.
The commands now remove all contents of the leveldb directories, rather than dropping the
directory itself. This fix is required if mounting one of the leveldb directories in addition
to the overall peer data directory as specified in core.yaml peer.fileSystemPath.

FAB-15810: peer - Deprioritize fetching of missing private data

The private data reconciler attempts to retrieve missing private data from other
peers in a channel that belong to the same private data collection based on the interval
configured in core.yaml peer.gossip.pvtData.reconcileSleepInterval
(by default every one minute). If private data cannot be reconciled, it will be attempted
every interval and may block the reconciliation of other private data. This fix places
private data that can't be reconciled in a depriorized queue so that other private data
can be reconciled. The depriorized entries will be re-attempted less often based on the
interval configured in core.yaml ledger.pvtdataStore.deprioritizedDataReconcilerInterval
(by default every 60 minutes).

orderer - Check suspect info once per suspect interval when using Raft

The Raft-based ordering service node was checking to see if it was evicted too often.
This fix ensures that the ordering service node only checks once per suspect interval,
which is every 10 minutes by default.

cryptogen - Duplicate alternate names in multi-domain certificates

When using cryptogen to generate certificates, the X509v3 Subject Alternative Name field contained duplicate entries.
The Subject Alternative Name now contains one entry per alternate name.

FAB-18245: peer - Large values retrieved from chaincode may be incorrect when using CouchDB

Chaincode values larger than 64kb are saved to CouchDB,
but not saved to the peer's CouchDB cache.
However, chaincode still attempted to retrieve from the cache,
and therefore an incorrect value may be retrieved.
The fix ensures that for values larger than 64kb, the data will be retrieved from CouchDB.

Deprecations (existing)

FAB-15754: The 'Solo' consensus type is deprecated.

FAB-16408: The 'Kafka' consensus type is deprecated.

Fabric CouchDB image is deprecated

FAB-7559: Support for specifying orderer endpoints at the global level in channel configuration is deprecated.

FAB-17428: Support for configtxgen flag --outputAnchorPeersUpdate is deprecated.

FAB-15406: The fabric-tools docker image is deprecated

**FAB-15317: Block dissemination via gossip is ...

Assets 5

30 Sep 19:43

lindluni

v1.4.9

da55272

v1.4.9

v1.4.9 Release Notes - September 30, 2020

What's New in Hyperledger Fabric v1.4.9

Hyperledger Fabric v1.4.9 provides important improvements and fixes, with a focus on the following areas:

Management of certificate expirations
Hardware security module (HSM) efficiency

Fixes

FAB-18163: orderer certificate expiration - TLSHandshakeTimeShift without separate cluster port

FAB-18205: orderer certificate expiration - Permit peer CLI to communicate with orderers with expired TLS certificates

FAB-18171: orderer certificate expiration - Disregard certificate validity period in intra-orderer communication

FAB-18188: peer and orderer certificate expiration - Log expiration date upon startup

The enrollment, TLS server, and TLS client certificate expiration dates are now logged upon peer and orderer startup.

peer and orderer PKCS#11 - Add object handle cache

FAB-18208: peer - Do not sign gossip message if membership is empty

FAB-18250: peer and orderer PKCS#11 - Introduce error checking for evicting invalid PKCS#11 sessions

FAB-17539: peer - Always remember gossip anchor peers in membership

Gossip removes a peer from its membership cache if no new heartbeats are received from the peer within a timely manner.
If a network partition persists for too long, peers of different organizations never re-establish communication because all membership is purged.
With the fix, anchor peers are no longer removed from the membership cache even if they are offline.
Therefore, after the network partition is healed, peers among different organizations can reestablish communication as long as anchor peers are reachable.

peer - Verify user chaincodes are called with a channel context

While system chaincodes can be called without a channel context, user
chaincodes always require a channel context. This fix ensures that
a channel context is available for calls to user chaincodes, and
returns an error if the client did not pass a channel name.

Dependencies

Fabric v1.4.9 has been tested with the following dependencies:

Go 1.13.12
Fabric baseimage 0.4.21
CouchDB v2.3.1

Changes, Known Issues, and Workarounds

Known Vulnerabilities

Resolved Vulnerabilities

None.

Deprecations (existing)

The following functions are deprecated and are targeted for removal in a future release.

Support for automatically vendoring the chaincode shim into user chaincodes

Support for CAR chaincode package format

Support for packaging chaincode using the CAR format will be removed in
a future release.
Support removed in v2.0. For more details see FAB-14720.

Support for invoking system chaincodes from user chaincodes.

Support for user chaincodes to utilize the chaincode shim's logger via NewLogger()

Chaincodes that used the shim's NewLogger() will need to shift to their own preferred
logging mechanism.
Support removed in v2.0. For more details see FAB-15366.

Support for peer's Admin service

Support for specifying orderer endpoints at the global level in channel configuration.

Utilize the new 'OrdererEndpoints' stanza within the channel configuration of
an organization instead.
For more details see FAB-7559.

The 'Solo' consensus type is deprecated.

The 'Kafka' consensus type is deprecated

fabric-couchdb docker image no longer updated, maintained, or published

The fabric-couchdb docker image will no longer be updated, maintained, or published.
Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead.

Change log

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric/blob/release-1.4/CHANGELOG.md#v149

Changes:

da55272 Release commit for v1.4.9
5146a9f Remove No Longer Relevant Release Note
4924294 Update release notes with FAB-18250
56a81f7 [FAB-18250] Check Error Before Returning Session to Pool (#1938)
17e171b Remove escc and vscc from list of system chaincodes
2d63281 Remove GetSessionInfo Call
4f1e340 Add release notes for v1.4.9
40abeec [FAB-18237] always update stateInfo message upon chaincode update (#1915)
693cae5...

Assets 5

22 Jul 19:34

lindluni

v1.4.8

29e1e77

v1.4.8

v1.4.8 Release Notes - July 22, 2020

Fixes

Ordering Service: Check suspect info once per suspect interval when using Raft

The raft-based ordering service node was checking to see if it was evicted too often.
This fix ensures that the ordering service node only checks once per suspect interval,
every 10 minutes by default.

Dependency updates

Bump Go to 1.13.12.
Bump Fabric baseimage to 0.4.21.
Fabric v1.4.8 has been tested with CouchDB v2.3.1.

Changes, Known Issues, and Workarounds

core.yaml chaincode.builder property updated to pull correct fabric-ccenv image

The sample core.yaml configuration that gets included in fabric-peer docker
image now sets chaincode.builder property to $(DOCKER_NS)/fabric-ccenv:$(TWO_DIGIT_VERSION)
instead of $(DOCKER_NS)/fabric-ccenv:latest, since fabric-ccenv:latest tag
has been retired from dockerhub. This change ensures that v1.4.x peers using the default
configuration will pull the latest v1.4 fabric-ccenv image from dockerhub to build chaincode,
if the local fabric-ccenv image is not found.

Known Vulnerabilities

Resolved Vulnerabilities

None.

Deprecations

The following functions are deprecated and are targeted for removal in a future release.

Support for automatically vendoring the chaincode shim into user chaincodes

Support for CAR chaincode package format

Support for packaging chaincode using the CAR format will be removed in
a future release.
For more details see FAB-14720.

Support for specifying orderer endpoints at the global level in channel configuration.

Utilize the new 'OrdererEndpoints' stanza within the channel configuration of
an organization instead.
For more details see FAB-7559.

Support for invoking system chaincodes from user chaincodes.

System chaincodes, for example QSCC, are intended to be invoked by
a client rather than by a user chaincode. Invoking from a user chaincode
may cause deadlocks.
For more details see FAB-15285.

Support for user chaincodes to utilize the chaincode shim's logger via NewLogger()

Chaincodes that used the shim's NewLogger() will need to shift to their own preferred
logging mechanism.
For more details see FAB-15366.

Support for peer's Admin service

The 'Solo' consensus type is deprecated.

The 'Kafka' consensus type is deprecated

fabric-couchdb docker image no longer updated, maintained, or published

The fabric-couchdb docker image will no longer be updated, maintained, or published.
Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead.

Change log

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric/blob/release-1.4/CHANGELOG.md#v148

Changes:

29e1e77 Release commit for v1.4.8 (#1625)
112c6d9 Add release notes for v1.4.8
ae1395b Tag built docker images with BASE_VERSION and TWO_DIGIT_VERSION
81f32de Fix latest tag on ccenv
caf5b56 Raft: Check suspect info once per suspect interval (#1602)
66349cc Print channel name in learnAnchorPeers
a7eb1f7 [FAB-18043] Correct the code comments (#1530)
34294ad Only canonize ECDSA signatures in MSP:IsWellFormed (#1495)
c2ea18f Bump Go to 1.13.12 and Third-Party Images to 0.4.21 (#1492)
d34fd05 Fix wrong link sampleconfig

See More

4a193ed Set http header entries before writing header
9d2258c Update gotools mockery path for release-1.4 (#1417)
65e7353 FAB-17161 improve error message
52ee947 Fix the installed binary list in the document
877cadd [DocUpdate] configtxlator decode/common.ConfigUpdate
38b40b5 Prepare for Fabric v1.4.8 release
e0afaa7 Release Fabric v1.4.7
51138b8 Add release notes for v1.4.7
a178051 [FAB-17728] Add 100ms delay to pkcs11 create session loop (#1253)
ea185b8 Correct HSM environment variables
8ff5d16 Bump baseimage version
6112b99 [FAB-17821] fix: use keyword as variable name
1964a1b [FAB-17778] MSP.IsWellFormed: Only allow canonical CA signatures
5066919 [FAB-17778] Force sanitized signatures be canonically built
c66c3c4 add the sample policy to remove the test warning info
e1db649 FAB-17552: add unit test for createKeyStore
f27803f FAB-17752: following review guide
c403374 FAB-17752: return errors when creating keystore
2f740c4 [FAB-17732] Port HSM updates to release-1.4 branch (#1110)
1f0a0dd Validate session and get new if invalid
b03b3d9 [FAB-17540] Fix for race read/write tlsconfig (#1050)
856f215 FAB-15461 Fix election adapter to return correct peers
f9e80e8 [FAB-16879] Add stack trace to couchdb http errors (#1048)
c68ee5c [FABB-148, FABB-149]
9007739 Properly handle malformed gossip envelopes (#1037)
780b16f Fix organizations typo
5c2a996 Update to go 1.13
3b5b58b Fix deadline logging test
be925f8 [FAB-16810] comm test changes to support go 1.13
7cf38b5 [FAB-16810] bccsp test changes for go 1.13
9461ba2 [FAB-17696] Fixed Wiki Link to Contributor meetings
1e51225 [FAB-17109] Retrieve ReconnectBackoffThreshold as duration
afbc42f [FAB-16951] Alternative mechanisms to find pkcs11 key
ca93be5 BCCSP initialization cleanup
2bb6415 [FAB-17517] Only Initialize specified provider
defb36c Add MSP Key concepts topic to release-1.4 branch
609ddf8 Prepare for fabric v1.4.7 release (#743)
635fa7b Update release notes for v1.4.6
af2b462 Release fabric v1.4.6
87df051 [FAB-17515] Support configuring BlockValidation policy for orderer group
29c58ac [FAB-17431] Decouple javaenv from Fabric version
ac6305e [FAB-17523] Endorsing peer was not honoring RequiredPeerCount (#716) (#733)
0c421c8...

Assets 5

09 Jul 13:48

lindluni

v2.2.0

5ea85bc

v2.2.0

v2.2.0 Release Notes - July 9, 2020

v2.2 is the first long-term support (LTS) release of Fabric v2.x. Fixes will be provided on the v2.2.x release stream until after the next LTS release is announced.

What's New in Hyperledger Fabric v2.2

FAB-13460: Add Support for TLS 1.3

TLS 1.3 is now supported and will be utilized automatically if client supports TLS 1.3.

FAB-17401: Add function to query the details of the approved chaincode definition

Add support to query an organization's approved chaincode definition from its peer.
The function is available by using peer CLI command peer lifecycle chaincode queryapproved.

Fixes

Return Error From PKCS11 CreateSession

The prior implementation of BCCSP performed a fatal
logging function in the event it could not open a session
with the HSM. It was possible for the fatal log to occur when an expected error
occurred, i.e., the HSM had reached its maximum session handles.
Instead of issuing a fatal log call, an error is returned so that
the error can be properly handled.

FAB-17819: Discovery returns user friendly errors

Service discovery endorsement service error message "cannot satisfy any principal combination" is
improved to return a more specific message, either "no peer combination can satisfy the endorsement policy"
or "required chaincodes are not installed on sufficient peers".

FAB-17774: Support orderer restart without system channel genesis block

When BootstrapMethod was set to 'file', the system channel genesis block
was required to be passed for every orderer service start. The system
channel genesis block is now only required for the initial orderer start.

FAB-17844: External builder fails to copy symlinks from build output into persistent directory

Previously, the external builder code did not check for symlinks in build output when copying them.
This resulted in the resolved files being copied as files instead of symlinks. The external builder
now copies them as symlinks instead of copying them as files into the destination directory.

Errors should be checked when orderer gRPC server is serving requests

gRPC errors are now checked when servicing the orderer atomic broadcast gRPC service.

FAB-17900: Fix environment variable override bug

Integer config values for peer and orderer could not be overridden with environment variables.

FAB-17951: Fetch correct node id for orderer consenter validation

Config update validator may incorrectly reject updates if some nodes are inactive.

FAB-17875: Fix ordering service node leader election failure

Previously with Raft consensus, when one ordering service node was deleted
from a channel and rejoined later, it would be assigned a new Raft id.
However, in some cases the ordering service node still used the old Raft
id. Other ordering service nodes including the leader are using the latest view and believe
that the rejoined node would use a new Raft id. This may result in leader election failure and no new
transactions would be accepted. The fix ensures the correct Raft id is used after tracking the latest config block.

Private data performance optimization: purge transient store in background

Private data performance is improved by purging entries present in the transient store in the background.

FAB-17933: Fix cache update logic for installed chaincode info when an empty or uninstalled package ID is specified

Previous cache update logic for install chaincode info did not work properly when an empty or uninstalled package ID was specified.

FAB-17539: Always remember gossip anchor peers in membership

Note: Fixes included in v2.1.1 release notes are also included in v2.2.

Changes

FAB-17786: upgrade_dbs peer command now drops state CouchDB databases

Previously the upgrade_dbs command did not automatically drop state CouchDB
databases and therefore a separate step was required to drop CouchDB data
when upgrading to v2.x. upgrade_dbs command now automatically drops
state CouchDB databases. CouchDB state database will get rebuilt on the first
peer start after the upgrade to v2.x. CouchDB database service
must be available when running upgrade_dbs command. Similarly,
rebuild-dbs also drops state CouchDB data now, so that state database
can be rebuilt on the next peer start.

FAB-17869: Allow TLS CAs with overlapping issuers

The client root TLS CA certificate pool construction didn't allow different issuers
with the same subject name to exist in the CA cert pool. Different issuers with
the same subject name are now allowed.

Fabric CouchDB tests have been updated from CouchDB 2.3.1 to CouchDB 3.1.0

Support is added for CouchDB 3.1.0 as the recommended and tested version of CouchDB.
If prior versions are utilized, a Warning will appear in peer log.
Note that CouchDB 3.1.0 requires that an admin username and password be set,
while this was optional in CouchDB v2.x. See the
Fabric CouchDB documentation
for configuration details.
Also note that CouchDB 3.1.0 default max_document_size is reduced to 8MB. Set a higher value if needed in your environment.
Finally, the fabric-couchdb docker image will not be updated to v3.1.0 and will no longer be updated, maintained, or published.
Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead.

FAB-17917: Peer CouchDB default maxRetriesOnStartup property has been updated

Peer property peer.ledger.state.couchDBConfig.maxRetriesOnStartup default has
changed from 12 to 10. The time between retries doubles after each attempt.
Therefore if CouchDB is not yet started, the peer start will now retry
for about 2 minutes rather than 16 minutes before retries are exhausted.

FAB-16435: Peer gossip defaults have been updated

Block dissemination via gossip may be removed in a future release,
since it is more straightforward for peers to simply pull blocks from ordering service.
The gossip defaults have been updated to prepare users for this possible change, so that peers by default
pull blocks from ordering service, do not use leader election, and do not use block transfer across peers.
Additionally, two block cache default sizes have been lowered to reduce the memory
used by a peer when it has joined many channels.
The new defaults are as follows:

peer.gossip.orgLeader: true
peer.gossip.useLeaderElection: false
peer.gossip.state.enabled: false
peer.gossip.maxBlockCountToStore: 10
peer.gossip.state.blockBufferSize: 20

Default configuration values are included in the peer docker image, therefore if you apply
the new peer image the new defaults will be effective unless you specifically override them
in your configuration.

Build Your First Network sample and tutorial has been removed

Users are recommended to use the test network introduced in v2.0 instead,
and to review the new deployment guides.

FAB-18028: Replace environmentWhiteList peer property with propagateEnvironment

Peer configuration property peer.chaincode.externalBuilders.environmentWhiteList has been replaced with peer.chaincode.externalBuilders.propagateEnvironment.
environmentWhiteList continues to work but is deprecated.

Dependency updates

Fabric project now uses Go modules for vendoring code dependencies.

Bump Go gRPC to 1.29.1.

Bump Go to 1.14.4.

Bump Alpine to 3.12 in Fabric images.

CouchDB 3.1.0 is now the tested CouchDB version.

Deprecations

FAB-15754: The 'Solo' consensus type is deprecated.

FAB-16408: The 'Kafka' consensus type is deprecated.

FAB-7559: Support for specifying orderer endpoints at the global level in channel configuration is deprecated.

Assets 5

01 Jun 12:59

lindluni

v2.1.1

6393adb

v2.1.1

v2.1.1 Release Notes - June 1, 2020

Fixes

FAB-17778: Fix policy support of multiple signatures from single organization

Fix de-duplication logic to ensure sufficient number of signatures are received to satisfy
policies that require multiple signatures from the same organization.
This problem is rare since most users have policies that require signatures from different
organizations, not policies that require multiple signatures from the same organization.

FAB-17722: Validate HSM session and get new if invalid

Previously the pkcs11 code was set to have a session cache and reuse sessions
if available in cache. If a session went bad (due to connection issues with HSM),
the session was not evicted from cache and would be reused.
If all sessions went bad, the client would never be able to recover and keep using bad sessions.

FAB-17728: Add delay to pkcs11 create session loop

Previously there was no backoff when attempting to create a new session if one was not
available in the HSM session cache. This fix introduces a hardcoded backoff of 100ms
after each attempt up to 10.

FAB-17784: Clarify error message when legacy chaincode install fails during build

When a legacy chaincode install fails due to an error building the
chaincode, the chaincode will remain installed on the peer. This change clarifies
the error message so that users understand the behavior:
"chaincode installed to peer but could not build chaincode".

FAB-17844: Copy symlinks as-is in external builder output

Previously, the external builder code did es not check for symlinks in build output
when copying them. This resulted in the resolved files being copied as files
instead of symlinks. This commit changes the external builder code so that
it tests for symlinks, and copies them as symlinks instead of copying them as
files into the destination directory.

External builder switch from os.Stat to exec.LookPath

Replace call to os.Stat to check for the presence of the bin/release script with exec.LookPath.
The LookPath function, when provided with a relative path, will look for the presence of the
executable and determine if it's executable. On non-unix platforms, it will also handle looking
for executable suffixes as appropriate.

FAB-17907: New chaincode lifecycle should ignore previous build failure during install

When a chaincode build previously failed while installing the chaincode, the new lifecycle
would not attempt to rebuild the chaincode on the next install attempt, rather the prior
build error message was returned to the client. This change ensures that the subsequent
install attempt rebuilds the chaincode.

FAB-17733: Validate TLS certs during raft consenter addition

Validate the client/server TLS certs against the orderer organizations while adding a raft consenter.

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric/blob/release-2.1/CHANGELOG.md#v211

Changes:

6393adb Release commit for Fabric v2.1.1
e8bfb68 Add release notes for v2.1.1
7be9c62 _lifecycle ignore previous build failure during install
4cbaeb4 Validate TLS certs during raft consenter addition (#1342)
02fc373 Fixed write_first_app.rst typo
6b7177b Ensure backward compatibility of range query rwset
d39afc8 Update Prereqs for Fabric users
f485b83 [FAB-10879] Adding instructions for modifying Commands Reference
389d616 Switch from os.Stat to exec.LookPath
fe7e948 Fix script help text in the test network document

See More

dff43d2 fix test network docs typo
c705510 Fix the installed binary list in the document
716dc7e [FAB-17844] Copy symlinks as-is in external builder output
f2bfb58 Add export to deploy CC tutorial
6dc13f0 Remove adding PWD to path in tutorials
e197020 Cherry pick test network tutorial improvements to 2.1
6eec309 Clarify error message when lscc chaincode install fails during build
bd61a92 Merge first component of create channel tutorial
e765962 [FAB-17438] Add links to CA deployment Guide from Fabric Deployment Guide
2cac1e2 Replace link to removed topic with link to relavent image
2052dd2 [FAB-17728] Add 100ms delay to pkcs11 create session loop
9ce5aeb Validate session and get new if invalid (#1255)
ba86e48 Fix misleading doc statement
c66bcda Correct HSM environment variables
d1e1cbd Update enable_cc_lifecycle.md
bde493c Update old link in command wrappers
971add2 Add link to Go contract API to smart contract processing topic
2909e71 Doc that Init is not required if you use the contract API
d25e8ce Replace erroneous double dash
e87c350 Add statement about compliance to HSM docs
a3d4168 [FAB-17778] Force sanitized signatures be canonically built
407afa7 Remove typo from commercial paper tutorial
4abbf5a Add upgrade steps and troubleshooting to deployCC tutorial
6189c3b Let users know that anchor peer tx is deprecated
5cf1f96 [FAB-17700] Fix wrong docker rmi in documents
aee43e6 [FAB-17732] HSM clarifications (#1108)
1bdf975 Fabric v2.1.0 release commit
6cfea8b Add release notes for v2.1.0
4fbbc88 [FAB-17719] Upgrade docs for 2.1
d50e8f4 [FAB-17724] Fix configtxgen cannot find etcdraft default config
c2e8534 [FAB-17716] Fix test flake due to too many requests for /protos.Deliver
5358d6e Properly handle malformed gossip envelopes (#1039)
0602969 [FAB-17540] Fix for race read/write tlsconfig (#967) (#1052)
10ed627 Add release note for FAB-17725
08df2e1 Omit go.{mod,sum} from pkg when not in module mode
d0d4a3f Clear {U,G}name fields in package tar entries
53eda41 Fix typo
6334d22 Fix organizations typo
0f23dad [FAB-16879] Add stack trace to couchdb http errors (#1015)
6f4b196 Update chaincode lifecycle topic
2f13c6c Update tutorials overview for test network
32533a8 3 small fixes that documentation matches samples
a28ef41 Set default keepalive options for peer clients (#987)
c740f39 Update doc for Go v1.14.1
99d3a8d Remove Config Transaction Package from release-2.1
30e5862 Fix missing export instruction in docs/deploy_chaincode.md
534ed60 Move comm pkg to internal
7919e72 [FAB-17109] Retrieve and use ReConnectBackoffThreshold as duration (#951)
f293f92 mv encoding util to consumer (pvtdatastorage)
25e3386 Fix code block typo in add org tutorial
20dca4d Clarify instructions for CouchDB state database upgrade.
8704abf Add discussion of MSP folder to test net doc
5148730 [FAB-17687] Rename AddValue() to SetValue() (#946)
0491bcd Refactor MSP-related pkg/config functions
4d7d4ac [FAB-17638] Support retrieving application configuration from an existing config
84e2338 [FAB-17658] Separate config package examples into groups
eb4623f [FAB-17408] Move first app tutorial (fabcar) to test network
1cdd885 Update commercial_paper.md
cce54ab [FAB-17664] Add/Remove channel policies
424807d Add jq to the vagrant development environment
8ab138e Address comments from #928
b8e2e83 [FAB-17611] IT: discover all peers before endorsement
8a012a0 Consistently use ubuntu-18.04
fa29042 Move to go 1.14.1 (#934)
69da72e Remove x509 Utility
4db1939 Remove Clone Utility
1a3dab1 Remove DirMissingOrEmpty Util Function
d7c1796...

Assets 5

14 May 17:43

lindluni

v1.4.7

e0afaa7

v1.4.7

v1.4.7 Release Notes - May 14, 2020

Fixes

FAB-17517: Only Initialize specified BCCSP provider

This fix ensures that only specified provider is initialized
based on ProviderName.
This fixes "Failed initializing PKCS11.BCCSP %!s()" error
when the code compiled with PKCS11 or PLUGINS enabled expected
configuration to not be nil even when Provider is set to SW.
FAB-16951: Alternative mechanisms to find pkcs11 key

This modification adds a parameter called AltID to the PKCS11 BCCSP configuration.
This change is required in situations where the HSM does not allow
modification of the CKA_ID after creation, for example when using AWS CloudHSM.
FAB-17726: Properly handle malformed gossip envelopes

If a malformed envelope is read from the stream, an error is propagated
synchronously up the stack.
Under very rare circumstances a race condition caused a nil pointer peer panic.
FAB-16879: Add stack trace to couchdb http errors

If there was an http error calling couchdb, no context was provided in the error message.
This change adds stack trace in addition to the http error message,
so that administrators can identify where the error was hit.
FAB-17722: Validate HSM session and get new if invalid

Previously the pkcs11 code was set to have a session cache and reuse sessions
if available in cache. If a session went bad (due to connection issues with HSM),
the session was not evicted from cache and would be reused.
If all sessions went bad, the client would never be able to recover and keep using bad sessions.
FAB-17752: Return errors when creating keystore

An error is now returned if BCCSP is not able to create keystore directory.
FAB-17778: Fix policy support of multiple signatures from single organization

Fix de-duplication logic to ensure sufficient number of signatures are received to satisfy
policies that require multiple signatures from the same organization.
This problem is rare since most users have policies that require signatures from different
organizations, not policies that require multiple signatures from the same organization.
FAB-17728: Add delay to pkcs11 create session loop

Previously there was no backoff when attempting to create a new session if one was not
available in the HSM session cache. This fix introduces a hardcoded backoff of 100ms
after each attempt up to 10.

Dependency updates

Bump Go to 1.13.9.
Bump Fabric baseimage to 0.4.20.

Changes, Known Issues, and Workarounds

FAB-12134: Same chaincode source receiving fingerprint mismatch error -
Chaincode installed in different ways may result in "chaincode fingerprint
mismatch data mismatch" error upon instantiation. This may happen when
installing chaincode by using different SDKs. To workaround the problem,
package the chaincode prior to installation and instantiation, by using
the "peer chaincode package" command.

Known Vulnerabilities

FAB-8664: Peer should detect and react when its org has been removed
This is a relatively low severity problem, because it requires a significant
conspiracy of network admins, but it will be addressed in a future release.

Resolved Vulnerabilities

None.

Deprecations

The following functions are deprecated and are targeted for removal in a future release.

Support for automatically vendoring the chaincode shim into user chaincodes

The fabric-ccenv image which is used to build chaincode, currently includes
the github.com/hyperledger/fabric/core/chaincode/shim ("shim") package.
This is convenient, as it provides the ability to package chaincode
without the need to include the "shim". However, this may cause issues in future
releases (and/or when trying to use packages which are included by the "shim").
In order to avoid any issues, users are advised to manually vendor the "shim"
package with their chaincode prior to using the peer CLI for packaging and/or
for installing chaincode.
For more details see FAB-5177.
Support for CAR chaincode package format

Support for packaging chaincode using the CAR format will be removed in
a future release.
For more details see FAB-14720.
Support for specifying orderer endpoints at the global level in channel configuration.

Utilize the new 'OrdererEndpoints' stanza within the channel configuration of
an organization instead.
For more details see FAB-7559.
Support for invoking system chaincodes from user chaincodes.

System chaincodes, for example QSCC, are intended to be invoked by
a client rather than by a user chaincode. Invoking from a user chaincode
may cause deadlocks.
For more details see FAB-15285.
Support for user chaincodes to utilize the chaincode shim's logger via NewLogger()

Chaincodes that used the shim's NewLogger() will need to shift to their own preferred
logging mechanism.
For more details see FAB-15366.
Support for peer's Admin service

The peer's Admin service exposes APIs such as GetLogSpec() and SetLogSpec().
Instead of using these services, utilize the HTTP operations service that was
introduced in v1.4.0.
For more details see FAB-15390.
Support for Solo ordering service

With the introduction of Raft-based ordering service in v1.4.1, it is possible
to deploy a single-node (non-production) or multi-node
Raft-based ordering service with no external dependencies.
For single-node (non-production) ordering services, utilize Raft-based ordering
service with a single node instead of Solo ordering service.
For more details see FAB-15754.

Change log

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric/blob/release-1.4/CHANGELOG.md#v147

Changes:

e0afaa7 Release Fabric v1.4.7
51138b8 Add release notes for v1.4.7
a178051 [FAB-17728] Add 100ms delay to pkcs11 create session loop (#1253)
ea185b8 Correct HSM environment variables
8ff5d16 Bump baseimage version
6112b99 [FAB-17821] fix: use keyword as variable name
1964a1b [FAB-17778] MSP.IsWellFormed: Only allow canonical CA signatures
5066919 [FAB-17778] Force sanitized signatures be canonically built
c66c3c4 add the sample policy to remove the test warning info
e1db649 FAB-17552: add unit test for createKeyStore

See More

f27803f FAB-17752: following review guide
c403374 FAB-17752: return errors when creating keystore
2f740c4 [FAB-17732] Port HSM updates to release-1.4 branch (#1110)
1f0a0dd Validate session and get new if invalid
b03b3d9 [FAB-17540] Fix for race read/write tlsconfig (#1050)
856f215 FAB-15461 Fix election adapter to return correct peers
f9e80e8 [FAB-16879] Add stack trace to couchdb http errors (#1048)
c68ee5c [FABB-148, FABB-149]
9007739 Properly handle malformed gossip envelopes (#1037)
780b16f Fix organizations typo
5c2a996 Update to go 1.13
3b5b58b Fix deadline logging test
be925f8 [FAB-16810] comm test changes to support go 1.13
7cf38b5 [FAB-16810] bccsp test changes for go 1.13
9461ba2 [FAB-17696] Fixed Wiki Link to Contributor meetings
1e51225 [FAB-17109] Retrieve ReconnectBackoffThreshold as duration
afbc42f [FAB-16951] Alternative mechanisms to find pkcs11 key
ca93be5 BCCSP initialization cleanup
2bb6415 [FAB-17517] Only Initialize specified provider
defb36c Add MSP Key concepts topic to release-1.4 branch
609ddf8 Prepare for fabric v1.4.7 release (#743)
635fa7b Update release notes for v1.4.6
af2b462 Release fabric v1.4.6
87df051 [FAB-17515] Support configuring BlockValidation policy for orderer group
29c58ac [FAB-17431] Decouple javaenv from Fabric version
ac6305e [FAB-17523] Endorsing peer was not honoring RequiredPeerCount (#716) (#733)
0c421c8 Fix nil dereference in etcdraft config parsing (#724)
9072299 Add ending braces to ReadWrite set.
a0b7584 Optimize inquire.IsSubset (#713)
60c8ab9 Prepare for next fabric rel v1.4.6
11ff991 Release fabric v1.4.5 (#695)
1893808 Remove rollback code from private data store
f354c81 [FAB-17472] Clarify doc and samples for NodeOU Certificate
d45bac4...

Assets 5

15 Apr 21:00

lindluni

v2.1.0

1bdf975

v2.1.0

v2.1.0 Release Notes - April 15, 2020

What's New in Hyperledger Fabric v2.1

FAB-17357: Add endorser metric for simulation failure

Added metric endorser_proposal_simulation_failures.

FAB-14761: Limit concurrent requests to endorser and deliver services

Limits can now be placed on the number of endorser and deliver requests
that a peer will process at any one time. If a peer is already processing its
limit of requests, subsequent requests in excess of the limit will return an error,
and the client will need to retry the call. The limits are configured using the
following core.yaml properties:

peer.limits.concurrency.endorserService
peer.limits.concurrency.deliverService

FAB-17463: Allow peer to override implicit collection dissemination properties

The following config properties have been added to peer's core.yaml
for implicit private data collection dissemination:

peer.gossip.pvtData.ImplicitCollectionDisseminationPolicy.requiredPeerCount
peer.gossip.pvtData.ImplicitCollectionDisseminationPolicy.maxPeerCount

When a peer endorses a transaction that writes to its own organization's
implicit private data collection, the new properties will dictate how
many other peers in the organization the endorsing peer will attempt to
disseminate to (maxPeerCount), and how many peers must acknowledge receipt
of the private data before endorsement succeeds (requiredPeerCount).
These properties are applicable to all channels the peer has joined. The implication
is that requiredPeerCount has to be smaller than the number of peers in a channel
that has the lowest numbers of peers from the organization.

FAB-17279: Support collection level endorsement policies for discovery

v2.0 added an option to specify an endorsement policy at a chaincode's private
data collection level. Service discovery now supports this feature when the
collection name is passed to the discovery endorsers query.

Discover CLI now supports SEC 1 formatted private keys
Private keys that are generated with openssl ecparam (SEC 1 format) are now supported
with the discover CLI, in addition to the PKCS8 private keys that were already supported.

Dependency updates

Bump docker images to Alpine 3.11.
Bump Go to 1.14.1.
Bump Go grpc to 1.28.0.

Fixes

All fixes in v2.0.1 have also been applied to v2.1.0. Additionally the following fixes have been made.

FAB-17441: approveformyorg lifecycle command should allow update of only package ID

approveformyorg lifecycle command now allows only the package ID to be updated.

Fix nil dereference in etcdraft config parsing

The etcdraft config parsing code checked that the consensus
metadata was not nil, but it failed to check that the options were not nil.
The additional nil checks have been added.

FAB-17517: Only Initialize specified BCCSP provider

When Fabric is built with GO_TAGS="pkcs11",
BCCSP attempted to initialize PKCS11 even when BCCSP is configured for software.
This resulted in error
"Failed to initialize local MSP: could not initialize BCCSP Factories: Failed initializing PKCS11.BCCSP"

FAB-17672: Prevent gossip probes from registering as long lasting connections

This fix helps to more quickly establish gossip connections when
peers are starting at the same time.

FAB-17726: Properly handle malformed gossip envelopes

Fix rare nil pointer panic at:
github.com/hyperledger/fabric/gossip/comm.interceptAcks.func1(0x0)
/opt/gopath/src/github.com/hyperledger/fabric/gossip/comm/ack.go:66 +0x2e

FAB-17725: Omit go.mod and go.sum from package when not in module mode

In certain environments, it's possible to package chaincode that is structured
as a module from an active GOPATH. This often happens when the path provided
to the package command is an import path resolvable from the GOPATH instead of
a file system path.

If the package can successfully build in the packaging environment from the
import path, the chaincode dependencies are calculated and packaged from the
GOPATH for compilation as a traditional go package.

In this scenario where the code at the import path is structured as a module,
the go.mod would be included in the chaincode package as packaging always
includes all non-hidden files in the top level folder of the import path.

On the server, the presence of the go.mod implies that the build process
should execute in module mode. When the dependencies have been vendored in the
module, the build uses -mod=vendor flag to indicate the module requirements
should be satisfied from the vendor folder. Unfortunately, since the
chaincode dependencies were packaged using GOPATH mode instead of module mode,
there are some metadata files missing from the vendor folder that are expected
by the module mode build process.

To help prevent this from occurring, we will explicitly omit go.mod and go.sum
from top level folder of chaincode that is not packaged in module mode.

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric/blob/release-2.1/CHANGELOG.md#v210

Changes:

1bdf975 Fabric v2.1.0 release commit
6cfea8b Add release notes for v2.1.0
4fbbc88 [FAB-17719] Upgrade docs for 2.1
d50e8f4 [FAB-17724] Fix configtxgen cannot find etcdraft default config
c2e8534 [FAB-17716] Fix test flake due to too many requests for /protos.Deliver
5358d6e Properly handle malformed gossip envelopes (#1039)
0602969 [FAB-17540] Fix for race read/write tlsconfig (#967) (#1052)
10ed627 Add release note for FAB-17725
08df2e1 Omit go.{mod,sum} from pkg when not in module mode
d0d4a3f Clear {U,G}name fields in package tar entries

See More

53eda41 Fix typo
6334d22 Fix organizations typo
0f23dad [FAB-16879] Add stack trace to couchdb http errors (#1015)
6f4b196 Update chaincode lifecycle topic
2f13c6c Update tutorials overview for test network
32533a8 3 small fixes that documentation matches samples
a28ef41 Set default keepalive options for peer clients (#987)
c740f39 Update doc for Go v1.14.1
99d3a8d Remove Config Transaction Package from release-2.1
30e5862 Fix missing export instruction in docs/deploy_chaincode.md
534ed60 Move comm pkg to internal
7919e72 [FAB-17109] Retrieve and use ReConnectBackoffThreshold as duration (#951)
f293f92 mv encoding util to consumer (pvtdatastorage)
25e3386 Fix code block typo in add org tutorial
20dca4d Clarify instructions for CouchDB state database upgrade.
8704abf Add discussion of MSP folder to test net doc
5148730 [FAB-17687] Rename AddValue() to SetValue() (#946)
0491bcd Refactor MSP-related pkg/config functions
4d7d4ac [FAB-17638] Support retrieving application configuration from an existing config
84e2338 [FAB-17658] Separate config package examples into groups
eb4623f [FAB-17408] Move first app tutorial (fabcar) to test network
1cdd885 Update commercial_paper.md
cce54ab [FAB-17664] Add/Remove channel policies
424807d Add jq to the vagrant development environment
8ab138e Address comments from #928
b8e2e83 [FAB-17611] IT: discover all peers before endorsement
8a012a0 Consistently use ubuntu-18.04
fa29042 Move to go 1.14.1 (#934)
69da72e Remove x509 Utility
4db1939 Remove Clone Utility
1a3dab1 Remove DirMissingOrEmpty Util Function
d7c1796 [FAB-17663] Update a consortium group's channel creation policy value
23ebd79 Update grpc to v1.28.0
e06bb3f [FAB-17675] Prevent gossip probe from registering as a connection (#925)
b5be754 [FAB-17637] Support adding and removing capability
222f99a [FAB-17639] Add/Remove ACLs from channel config.
4d515e0 [FAB-17619] Fix exported ConfigTx functions to retrieve/set correct field
79fb075 [FAB-17619] encapsulate config proto in new type
441fd13 [FAB-17650] fix incorrect word
edd5908 Update MSP config for application org
cdc2f68 Cleanup followup comments from FAB-17568
4b9302e Ignore containers that are not part of the network (#909)
aa80495 U...

Assets 5

Releases: hyperledger/fabric

v2.2.2

v2.2.2 Release Notes - January 27, 2021

Fixes

Dependencies

Deprecations (existing)

Changes:

v1.4.10

v1.4.10 Release Notes - January 27, 2021

Fixes

Dependencies

Changes, Known Issues, and Workarounds

Known Vulnerabilities

Resolved Vulnerabilities

Deprecations (existing)

Change log

Changes:

v2.3.0

v2.3.0 Release Notes - November 18, 2020

What's New in Hyperledger Fabric v2.3

Fixes

Changes

Dependency updates

Changes:

v2.2.1

v2.2.1 Release Notes - September 30, 2020

What's New in Hyperledger Fabric v2.2.1

Fixes

Deprecations (existing)

v1.4.9

v1.4.9 Release Notes - September 30, 2020

What's New in Hyperledger Fabric v1.4.9

Fixes

Dependencies

Changes, Known Issues, and Workarounds

Known Vulnerabilities

Resolved Vulnerabilities

Deprecations (existing)

Change log

Changes:

v1.4.8

v1.4.8 Release Notes - July 22, 2020

Fixes

Dependency updates

Changes, Known Issues, and Workarounds

Known Vulnerabilities

Resolved Vulnerabilities

Deprecations

Change log

Changes:

v2.2.0

v2.2.0 Release Notes - July 9, 2020

What's New in Hyperledger Fabric v2.2

Fixes

Changes

Dependency updates

Deprecations

v2.1.1

v2.1.1 Release Notes - June 1, 2020

Fixes

Changes:

v1.4.7

v1.4.7 Release Notes - May 14, 2020

Fixes

Dependency updates

Changes, Known Issues, and Workarounds

Known Vulnerabilities

Resolved Vulnerabilities

Deprecations

Change log

Changes:

v2.1.0

v2.1.0 Release Notes - April 15, 2020

What's New in Hyperledger Fabric v2.1

Fixes

Changes: