Skip to content

Releases: hyperledger/fabric-ca

v1.5.0

09 Mar 06:17
@denyeart denyeart
v1.5.0
5fb298c

Choose a tag to compare

View all tags
v1.5.0

v1.5.0 Release Notes - March 9, 2021

All improvements and fixes as of Fabric CA v1.4.9 are included in Fabric CA v1.5.0.
Additionally, the following improvements and fixes are included in Fabric CA v1.5.0.

Improvements

FABC-780: TLS v1.3 support

Add support for TLS v1.3

FABC-735: Docker images with Alpine Linux

Hyperledger Fabric CA Docker image will now use Alpine Linux,
a security-oriented, lightweight Linux distribution.

FABC-909: Check If database exists prior to creating

Prior to creating the Fabric CA database, first determine if it exists in MySQL and Postgres databases.
This change enables using a database user that does not have permission to create the database and assumes the database was previously created by an administrator.

Fixes

FABC-902: Identities query for all types of an affiliation fails

Identities query for all types of an affiliation fails with a SQL error.
This fix passes the correct arguments to the query.

FABC-800: Enlarge PEM column for MySQL database from 4096 to 8192

In some scenarios enrollment may fail with error:
"Certificate signing failure: Failed to insert record into database: Error 1406: Data too long for column 'pem' at row 1".
This fix expands the database column from 4096 to 8192.

FABC-913: Set a primary key on users table for SQLite

When using SQLite, duplicate registration of the same ID could occur depending on timing. Subsequently the ID would not be usable.
This fix sets a primary key of id on users table for SQLite to prevent duplicate entries.

FABC-832: Certificate NotBefore date can not be before CA Cert NotBefore date

Enrollment certificate requests using a NotBefore date prior to the CA certificate NotBefore
date will now get reset to use the CA certificate's NotBefore date.

Dependencies

Fabric CA v1.5.0 includes updated Go dependencies.

Fabric CA v1.5.0 has been tested with the following dependencies:

  • Go 1.15.7
  • Alpine 3.13 (for Docker images)

Changes, Known Issues, and Workarounds

None.

Known Vulnerabilities

  • FABC-174 Commands can be manipulated to delete identities or affiliations

    This vulnerability can be resolved in one of two ways:

    1. Use HTTPS (TLS) so that the authorization header is not in clear text.

    2. The token generation/authentication mechanism was improved to optionally prevent
      token reuse. As of v1.4 a more secure token can be used by setting environment variable:

    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

    However, it cannot be set to false until all clients have
    been updated to generate the more secure token and tolerate
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false.
    The Fabric CA client has been updated in v1.4 to generate the more secure token.
    The Fabric SDKs will be updated by v2.0 timeframe to generate the more secure token,
    at which time the default for Fabric CA server will change to:
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

Resolved Vulnerabilities

None.

Changes:

  • 5fb298c Fabric CA v1.5.0 release commit.
  • c239845 Add Release Pipeline
  • b8bb426 Update Go module dependencies for fabric v1.4.11
  • 4305db7 Add repolinter support
  • 70634d4 Update next version to v1.5.0
  • 8433aeb Bump Go and Alpine Versions
  • d632b73 Change test function to a suitable name
  • b90288c Ensure keystore stays under clientHome in test
  • 2855915 Fix typos
  • 6bc1ddc Remove unused util.ViperUnmarshal function
See More
  • 5689bad Remove unnecessary BCCSP mock
  • 6539de7 Use testify/assert more consistently in util tests
  • 84e9bb7 Update copyright headers in util package
  • e0e3ed4 Address remaining shellcheck items in scripts
  • 3be386c Simplify check_lint and get rid of warning noise
  • 968f49b Remove 'git log' to fix shellcheck quoting issue
  • e89a694 Use year instead of ISO week year in dates
  • 05f2334 Fix changelog generation script
  • 96a3bef Remove unused add-user.ldif from scripts
  • 2c88121 Remove GOPATH and treat as a go module
  • 5b5ab07 Update modules after removing unused code
  • 0bc2b02 Remove unused fvt/docker-compose.yml
  • bf44985 Remove references to GOPATH from scripts/fvt
  • 3d3a776 Remove GOPATH from top-level scripts
  • 50cdfc6 Remove dead ServerInfoResponseNet struct
  • d6eb77f Unexport attr.Exists
  • 6b5f9c1 Remove duplicate LICENSE file
  • 2f6cd0c Unexport cert decoder storeCert, remove dead code
  • 3b50c81 Unexport internal utility functions
  • 85fe102 Move StrContained and IsSubsetOf to callers
  • 41ef8f8 Unexport util.DecodeToken
  • 0a45b2e Remove "temporarily" commented out tests
  • 455dcaf Remove unused util.RemoveQuotes
  • e3ed604 Remove unused util.ECDSASignature structure
  • d3b8a69 Move revocation reason codes to consumer
  • 1415917 Remove unreferenced scripts in fvt/utils
  • 87868e2 Remove unreferenced files in scripts/fvt/staging
  • 392b9bb Remove duplicated generated file logic in checks
  • 7839ea5 Remove unused scripts/multiarch.sh
  • 5b83955 Remove unused run_safesql_scan script
  • e39ba36 Use _ for set-before-ref arg flagged by linting
  • 9e3616c Remove unused argument from test helper
  • e8e2935 Address unconditional break flagged by linting
  • bfb0431 Use switch w/fallthrough for migration logic
  • 98121cc Address ineffectual assignments flagged by linting
  • 59ac6ff Simplify code patterns highlighted by linting
  • 3ad1b02 Remove or use references flagged unused by linting
  • 30ab42d Remove dead code flagged by linting
  • 82d2fb4 Remove integration folder as code does not compile
  • 09aeebd Remove commented out utility code
  • b2a82b9 Convert errorTest to closure within test func
  • c827213 Remove unnecessary mspDir const from test
  • e284da2 Remove fabric-ca-load-tester
  • d510ff3 Move tests back to _test package, simplify stubs
  • c54a7c7 [FABC-909] Check If DB Exists
  • 09623fd Corrected Typo
  • 7e290c8 changes in certificate tests
  • 9ea6836 certificate NotBefore date can not be before CA Cert NotBefore date
  • 0392afe Op guide fixes (#204)
  • 7b4f347 Update vendored dependencies (#202)
  • 87591fb Fix link for swagger online editor
  • 43ec76b Move to Go 1.15.5
  • d0dca45 small clarification on org msp folder
  • 6c8c516 Fix a typo in users-guide (#196)
  • 41d4b3f Allow reenroll to reuse existing private key
  • a07c3fe Edits to use a CA
  • 8a07eef [FABC-920] Modify cdr command in README
  • 517b16c Simplify profiling links in README.md
  • b40b0eb Move StartNonceSweeper out of NonceManager constructor
  • 808e3a3 Remove duplicate error log when deleting expired nonces
  • 5fda489 Fix the indentation in the NodeOU source code
  • 3a1323d [FAB-17702] Use a CA
  • fc84b4f [FABC-912] Remove label and pin from logs
  • 6350514 Run unit tests with and without pkcs11 tags
  • 5180751 [FABC-829] Add hf.AffiliationMgr and hf.GenCRL attributes to migrated (#159)
  • 2a83d33 [FABC-913] Set a primary key to users table for SQLite
  • 240cee8 Bump Go and Alpine Versions
  • e95ef80 CI should be exercising integration tests
  • e69e4df Remove unnecessary docker make vars and doc update
  • 0df7b51 Remove unused env vars in fabric-ca_setup.sh
  • 53b7e62...
Read more
Loading

v1.4.9

30 Sep 20:06
@lindluni lindluni
v1.4.9
44fffab

Choose a tag to compare

View all tags
v1.4.9

v1.4.9 Release Notes - September 30, 2020

Fixes

FABC-914: fabric-ca-client - Allow reenroll request to utilize existing private key

fabric-ca-client reenroll command always generated a new private key in the certificate signing request.
This fix allows reenroll command to use the existing private key by setting the
--csr.keyrequest.reusekey flag. This may be important if the previously issued certificate is going to be expired soon
and needs to be re-issued, without updating the public key within the certificate.
Note that reenroll will fail if the previously issued certificate has already expired.

Dependencies

Fabric CA v1.4.9 has been tested with the following dependencies:

  • Go 1.13.12
  • Fabric baseimage 0.4.21

Changes, Known Issues, and Workarounds

None.

Known Vulnerabilities

  • FABC-174 Commands can be manipulated to delete identities or affiliations

    This vulnerability can be resolved in one of two ways:

    1. Use HTTPS (TLS) so that the authorization header is not in clear text.

    2. The token generation/authentication mechanism was improved to optionally prevent
      token reuse. In v1.4 a more secure token can be used by setting environment variable:

    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

    However, it cannot be set to false until all clients have
    been updated to generate the more secure token and tolerate
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false.
    The Fabric CA client has been updated in v1.4 to generate the more secure token.
    The Fabric SDKs will be updated by v2.0 timeframe to generate the more secure token,
    at which time the default for Fabric CA server will change to:
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

Resolved Vulnerabilities

None.

Change log

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric-ca/blob/release-1.4/CHANGELOG.md#v149

Changes:

  • 44fffab Release commit for Fabric-CA v1.4.9
  • e709511 Add v1.4.9 release notes.
  • 8ac7348 Allow reenroll to reuse existing private key
  • 4d53ed8 Edits to use a CA

This list of changes was auto generated.

Loading

v1.4.8

31 Jul 13:03
@lindluni lindluni
v1.4.8
7653f06

Choose a tag to compare

View all tags
v1.4.8

v1.4.8 Release Notes - July 31, 2020

Fixes

FABC-829: Newly introduced attributes should be given to admin users

Fabric CA version v1.1.0 added attributes hf.AffiliationMgr and hf.GenCRL, however
these attributes have never been assigned to users. This fix provides registrar users
(users with a hf.Registrar.Roles attribute) the hf.AffiliationMgr and hf.GenCRL attributes,
so that the user has the corresponding permissions.

FABC-911: Suppress duplicate error messages

Unnecessary repeated error message "Failed to remove expired nonces from DB" is now suppressed.

FABC-911: Remove PKCS11 label and pin fields from Fabric CA debug

Remove PKCS11 sensitive label and pin information from Fabric CA debug logs.

Dependency updates

  • Bump Go to 1.13.12.
  • Bump Fabric baseimage to 0.4.21.

Changes, Known Issues, and Workarounds

None.

Known Vulnerabilities

  • FABC-174 Commands can be manipulated to delete identities or affiliations

    This vulnerability can be resolved in one of two ways:

    1. Use HTTPS (TLS) so that the authorization header is not in clear text.

    2. The token generation/authentication mechanism was improved to optionally prevent
      token reuse. In v1.4 a more secure token can be used by setting environment variable:

    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

    However, it cannot be set to false until all clients have
    been updated to generate the more secure token and tolerate
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false.
    The Fabric CA client has been updated in v1.4 to generate the more secure token.
    The Fabric SDKs will be updated by v2.0 timeframe to generate the more secure token,
    at which time the default for Fabric CA server will change to:
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

Resolved Vulnerabilities

None.

Change log

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric-ca/blob/release-1.4/CHANGELOG.md#v148

Changes:

  • 7653f06 Release commit for Fabric CA v1.4.8
  • 146b8be Bump Go to 1.13.12
  • f8b233c Move StartNonceSweeper out of NonceManager constructor (bp #181) (#182)
  • b6aa376 [FABC-912] Remove label and pin from logs
  • f96ceb9 Fix the indentation in the NodeOU source code
  • b10a159 [FAB-17702] Use a CA
  • fcda8bb [FABC-829] Add hf.AffiliationMgr and hf.GenCRL attributes to migrated (#159)
  • f9a3427 Prepare for Fabric CA v1.4.8

This list of changes was auto generated.

Loading

v1.4.7

14 May 19:34
@lindluni lindluni
v1.4.7
1960b3f

Choose a tag to compare

View all tags
v1.4.7

v1.4.7 Release Notes - May 14, 2020

Enhancements

  • FABC-904: Add Version Endpoint

    Add a /version endpoint to the operations server which returns the current version of the CA.

Dependency updates

  • Bump Go to 1.13.9.
  • Bump Fabric baseimage to 0.4.20.
  • Bump SQLite to January 2020 revision 9bdaffc12bf8be15afceb51bb60851edd4afdff5.
  • Bump Fabric BCCSP to April 2020 revision 1f0a0dd5316310d299a02f0588db3f7ec50c965e.

Changes, Known Issues, and Workarounds

None.

Known Vulnerabilities

  • FABC-174 Commands can be manipulated to delete identities or affiliations

    This vulnerability can be resolved in one of two ways:

    1. Use HTTPS (TLS) so that the authorization header is not in clear text.

    2. The token generation/authentication mechanism was improved to optionally prevent
      token reuse. In v1.4 a more secure token can be used by setting environment variable:

    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

    However, it cannot be set to false until all clients have
    been updated to generate the more secure token and tolerate
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false.
    The Fabric CA client has been updated in v1.4 to generate the more secure token.
    The Fabric SDKs will be updated by v2.0 timeframe to generate the more secure token,
    at which time the default for Fabric CA server will change to:
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

Resolved Vulnerabilities

None.

Change log

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric-ca/blob/release-1.4/CHANGELOG.md#v147

Changes:

  • 1960b3f Update CI publish target
  • a1c4796 Release Fabric CA v1.4.7
  • c1e4403 [FAB-17438] Fabric CA Deployment Guide
  • 287ea31 Add operations guide to the toc in the release-1.4 branch
  • 0a6179f Add support for .md files and variable replacement in /docs
  • 56e16da [FABC-904] Add Version Endpoint
  • 1dcf373 Back port Operations Guide to release-1.4 branch
  • 47c3854 Move AZP file to correct place
  • 03f35b4 [FABC-907] Update Go to 1.13
  • 5c1b961 Replace LabelHelp with info in doc template
See More
  • 15d676f Add metrics doc generation to docs make target
  • a4e6a01 Pin fabric dependencies to specific releases
  • 789f83c Cleanup vendor.json and bring in bccsp from 1.4
  • 5616f18 Update release make targets
  • 505df12 Remove call to InitFactories (#108)
  • 4e2a19a Prepare for fabric-ca v1.4.7

This list of changes was auto generated.

Loading

v1.4.6

25 Feb 22:43
@lindluni lindluni
v1.4.6
8d3a701

Choose a tag to compare

View all tags
v1.4.6

v1.4.6 Release Notes - February 25, 2020

Fixes

  • fabric-ca-server encounters error when starting with SQLite3 DB

    v1.4.5 added the fabric-ca-server binary to the github release package.
    The sqlite3 package used by fabric-ca-server was not correctly cross
    compilable by the go build process and the server failed to start up
    correctly when using sqlite3 as the DB. The SQLite3 package was updated
    and fabric-ca-server binaries will now correctly exist as part of GitHub
    release tarball.

Changes, Known Issues, and Workarounds

None.

Known Vulnerabilities

  • FABC-174 Commands can be manipulated to delete identities or affiliations

    This vulnerability can be resolved in one of two ways:

    1. Use HTTPS (TLS) so that the authorization header is not in clear text.

    2. The token generation/authentication mechanism was improved to optionally prevent
      token reuse. In v1.4 a more secure token can be used by setting environment variable:

    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

    However, it cannot be set to false until all clients have
    been updated to generate the more secure token and tolerate
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false.
    The Fabric CA client has been updated in v1.4 to generate the more secure token.
    The Fabric SDKs will be updated by v2.0 timeframe to generate the more secure token,
    at which time the default for Fabric CA server will change to:
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

Resolved Vulnerabilities

None.

Change log

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric-ca/blob/release-1.4/CHANGELOG.md#v146

Changes:

  • 8d3a701 Update Release notes for 1.4.6
  • 2799a7b Update sqlite3 dependency and simplify release target
  • ce91e5d Release fabric-ca v1.4.6
  • c00700f Prepare for next fabric-ca release v1.4.6

This list of changes was auto generated.

Loading

v1.4.5

19 Feb 21:25
@lindluni lindluni
v1.4.5
3d18b03
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.4.5

v1.4.5 Release Notes - February 19, 2020

Fixes

  • FABC-806: Do not honor client expiry request

    It was possible for the client to set the expiry for a certificate (due to
    the embedded use of a cfssl type). With this change, the expiry will come
    from the CA profile of the request or the default profile if no profile is
    set or a matching profile cannot be found.

  • FABC-891: Create missing index on postgres db

    Add a missing primary key index on users table for Postgres database.

  • Support reading Operations TLS settings from file

    Previously, the unmarshal of server's configuration file
    did not pull operations config in correctly. Operations
    config for "operations.tls.cert.file" and "operations.tls.cert.key"
    are now read correctly.

Changes, Known Issues, and Workarounds

None.

Known Vulnerabilities

  • FABC-174 Commands can be manipulated to delete identities or affiliations

    This vulnerability can be resolved in one of two ways:

    1. Use HTTPS (TLS) so that the authorization header is not in clear text.

    2. The token generation/authentication mechanism was improved to optionally prevent
      token reuse. In v1.4 a more secure token can be used by setting environment variable:

    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

    However, it cannot be set to false until all clients have
    been updated to generate the more secure token and tolerate
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false.
    The Fabric CA client has been updated in v1.4 to generate the more secure token.
    The Fabric SDKs will be updated by v2.0 timeframe to generate the more secure token,
    at which time the default for Fabric CA server will change to:
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

Resolved Vulnerabilities

None.

Change log

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric-ca/blob/release-1.4/CHANGELOG.md#v145

Changes:

  • 3d18b03 Release fabric-ca v1.4.5 (#94)
  • 93f6863 Support reading Operations TLS settings from file
  • a891cd1 [FABC-891] Create missing index on postgres db
  • e3fd520 [FABC-890] Fix responses in swagger.json
  • 292781e FABC-806 Do not honor client expiry request
  • 8a6a112 Merge pull request #69 from denyeart/d_preparev145
  • a3c0171 [FAB-17074] Prepare for next fabric-ca rel v1.4.5

This list of changes was auto generated.

Loading

v1.4.4

15 Nov 17:10
@lindluni lindluni
v1.4.4
76f807c

Choose a tag to compare

View all tags
v1.4.4

v1.4.4 Release Notes - November 14, 2019

What's New in Hyperledger Fabric CA v1.4.4

  • FABC-881 Update all fabric-ca dependencies to make it work with go mod

  • FABC-884 Bump to Go v1.12.12 and baseimage 0.4.18

Fixes

  • FABC-865: Fix setting TLS files by cert/key.file - Make config settings
    operations.tls.cert.file and operations.tls.key.file utilized.

Changes, Known Issues, and Workarounds

None.

Known Vulnerabilities

  • FABC-174 Commands can be manipulated to delete identities or affiliations

    This vulnerability can be resolved in one of two ways:

    1. Use HTTPS (TLS) so that the authorization header is not in clear text.

    2. The token generation/authentication mechanism was improved to optionally prevent
      token reuse. In v1.4 a more secure token can be used by setting environment variable:

    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

    However, it cannot be set to false until all clients have
    been updated to generate the more secure token and tolerate
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false.
    The Fabric CA client has been updated in v1.4 to generate the more secure token.
    The Fabric SDKs will be updated by v2.0 timeframe to generate the more secure token,
    at which time the default for Fabric CA server will change to:
    FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

Resolved Vulnerabilities

None.

Change log

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric-ca/blob/release-1.4/CHANGELOG.md#v144

Changes:

  • 76f807c [FAB-17073] Release fabric-ca v1.4.4
  • 5abd05e [FAB-17073] Release fabric-ca v1.4.4
  • 7d0432e [FABCI-461] Create release job
  • 7302172 [FABC-884] Upgrade to go 1.12
  • 5ffb381 FABC-873 remove invalid test
  • e9b3492 [FABC-844] address vet issues
  • 1559aa3 FABC-881 Use earlier revision of bccsp
  • 3b8a5c7 FABC-881 Update vendored dependencies
  • 64c7d52 [FABC-874] Add HSM changes to Fabric CA docs (#47)
  • c45a0f6 [FABC-865] Fix setting TLS files by cert/key.file (#42)
See More
  • cc34360 [FABC-880] Add license header to gencst_test.sh
  • 63692a0 Update to baseimage 0.4.16
  • 5b1faaa Fix URL to contribution guide
  • 3db5423 [FABC-877] Reduce scope of tests with ssl off
  • eff05c9 [FABCI-420] Add sudo to apt-clean command
  • 8a3698b [FAB-16489] Add CODEOWNERS
  • d84b685 [FABCI-420] Add AZP yaml for release-1.4
  • 040d68d [FABC-863] Test fail with open pipe in temp dir
  • b7fd4e8 FAB-16415 Prepare for next fabric-ca rel (1.4.4)
  • 4af7a27 Merge "[FAB-16414] Release fabric-ca v1.4.3" into release-1.4
  • 639a8e0 [FABC-855] Doc Node OU Support for admins and orderers
  • 55a322d [FAB-16414] Release fabric-ca v1.4.3
  • 3e29f1a Remove hardcoded ver on multiarch script
  • c49e7d3 [FABCI-401] Disable AnsiColor Wrapper
  • 64bdb20 [FABC-867] Fix GoImports
  • 017cea8 FABC-862 Update mysql driver
  • c66adbe [FAB-16000] Prepare for next fabric-ca rel (1.4.3)
  • 9321ffb [FAB-15999] Release fabric-ca v1.4.2
  • d3e9c35 Merge changes I544241e5,I2be9d152 into release-1.4
  • 396c093 FABC-848 Fix TLS issue with PostgreSQL
  • f88e912 [FABC-853] Adding metrics table LabelHelp support
  • 5bf5d47 [FABC-853] import fabric/gendoc for fabric-ca
  • 477f5a2 FABC-837 Make metrics compatible with multi-root CA
  • 4289522 Update fabric/bccsp and miekg/pkcs11 to latest revs
  • 8b56ee8 [FABC-850] Fix Fabric CA doc wrt OU types
  • f32e113 FAB-15465: Update Jinja2
  • 839c46e [FABC-842] Fabric CA Foc Fix
  • 3004074 FABC-839 Update ca mutiarch publish script
  • 3f449b5 [FAB-14969] Prepare for next fabric-ca rel (1.4.2)
  • 3384a38 [FAB-14968] Release fabric-ca v1.4.1
  • 98f702f Merge "FABC-833 Update Jenkinsfile" into release-1.4
  • a32dd3c FABC-408 Add CORS support
  • 7de4c77 FABC-833 Update Jenkinsfile
  • 39c5fd6 Merge "FABCI-311 Add ci pipeline script" into release-1.4
  • 55f5eb7 Fix --csr.hosts flag for client and server
  • 19441cc FAB-14775 Update fabric-ca to baseimage 0.4.15
  • edb6e08 FABCI-311 Add ci pipeline script
  • aaee55f [FABC-805] Wire DB metrics
  • 197b881 [FABC-804] Create DB Metric Options
  • ea1ebbe [FABC-803] Refactoring DB code
  • 3c36ab5 [FABC-795] Create a CA Server Health Check
  • 8c245c1 [FABC-790] Create an operations server
  • 8d9b622 [FABC-787] Wire in metrics for server APIs
  • 08b1153 [FABC-786] Vendor go-kit
  • 81fa829 [FABC-785] Add metrics for server APIs
  • ec59334 [FABC-783] Add middleware to HTTP router
  • edb65ba [FAB-14174] Update GOVER to 1.11.5 in CA
  • 3dafa32 Remove tcert from swagger
  • d3ef594 [FAB-13558] Prepare fabric-ca for next rel (v1.4.1)
  • 27fbd69 [FAB-13557] Release fabric-ca v1.4.0
  • cd6ed88 FABC-781 Remove fabric-ca sample
  • b191f9c [FAB-13393] Prepare for next release (1.4.0)
  • 6d9eaea [FAB-13392] Release fabric-ca v1.4.0-rc2
  • 236dec5 [FAB-13116] Prepare for next rel (1.4.0 on release-1.4)
  • ef74d7e Merge "[FAB-13115] Release fabric-ca v1.4.0-rc1"
  • b140ba8 Merge "[FABC-774] Fix inability to set environment variable"
  • 45882f2 Merge "[FABC-773] Fix TOC format in user's guide"
  • e52b5cd [FAB-13115] Release fabric-ca v1.4.0-rc1
  • 45c9934 Merge "[FABC-772] Added testcase for panic handling"
  • c1c2b72 [FABC-774] Fix inability to set environment variable
  • 5b4c3e5 [FABC-773] Fix TOC format in user's guide
  • e682189 Merge "FABC-771 Update multiarch script"
  • 604ab46 [FABC-772] Added testcase for panic handling
  • e20d7db Merge "[FABC-768] Doc: Better Markup"
  • 4e4b1c2 FABC-771 Update multiarch script
  • e064dcc [FABC-769] Add the ability to recover from panic
  • a0ebc50 [FABC-765] Vendor fabric/bccsp/idemix
  • b2a3132 [FABC-768] Doc: Better Markup
  • b959937 Merge "[FABC-752] Vendor gomega and ginkgo"
  • 93bf90f Merge "[FABC-767] Failing goimports"
  • 8a8f1b3 [FABC-752] Vendor gomega and ginkgo
  • 7b5f2b6 [FABC-767] Failing goimports
  • 8c5bc35 [FABC-757] add charset to mysql tables
  • afa77f9 Merge "[FABC-748]Incorrect version description of Go"
  • 2ebd68e [FABC-467] - Print TLS key used
  • 6848469 Merge "[FAB-9938] Add req method and uri to sig payload"
  • fbac2aa Merge changes I30277c48,I47345396
  • d80509b [FABC-748]Incorrect version description of Go
  • 99517e9 [FAB-9938] Add req method and uri to sig payload
  • b7a5590 [FABC-741] Update user doc for HSM configuration
  • b270271 [FABC-723] Brute force attack
  • a88ff53 [FAB-8475] Run migration logic only if db level is old
  • ebbd2ed [FAB-7347] Flag and env var for logging level
  • bd7f997 [FABC-744] Revendor certificate-transparency-go
  • 787b98e Merge "[FABC-492] Superfluous checks for deleting identity"
  • 3c1585b [FABC-4...
Read more
Loading

v1.4.3 Release Notes - August 26, 2019

15 Nov 17:39
@lindluni lindluni
v1.4.3
4af7a27

Choose a tag to compare

View all tags
v1.4.3 Release Notes - August 26, 2019 
--------------------------------------

What's New in Hyperledger Fabric CA v1.4.3
------------------------------------------

No new features.

Important Fixes
---------------

None.

Changes, Known Issues, and Workarounds
--------------------------------------

Go MySQL driver updated to version 2019-05-10T10:23:35Z.

Known Vulnerabilities
---------------------
FABC-174 Commands can be manipulated to delete identities or affiliations

This vulnerability can be resolved in one of two ways:

1) Use HTTPS (TLS) so that the authorization header is not in clear text.

2) The token generation/authentication mechanism was improved to optionally prevent
token reuse. In v1.4 a more secure token can be used by setting environment variable:

FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

However, it cannot be set to false until all clients have
been updated to generate the more secure token and tolerate
FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false.
The Fabric CA client has been updated in v1.4 to generate the more secure token.
The Fabric SDKs will be updated by v2.0 timeframe to generate the more secure token,
at which time the default for Fabric CA server will change to:
FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

Resolved Vulnerabilities
------------------------
None.

For the full list of improvements and fixes, refer to the release change log:
https://github.com/hyperledger/fabric-ca/blob/release-1.4/CHANGELOG.md#v143
Loading

v1.4.2 Release Notes - July 17, 2019

15 Nov 17:39
@lindluni lindluni
v1.4.2
9321ffb

Choose a tag to compare

View all tags
v1.4.2 Release Notes - July 17, 2019 
------------------------------------

What's New in Hyperledger Fabric CA v1.4.2
------------------------------------------

No new features.

Important Fixes
---------------
FABC-848 create table fails using Postgres with tls
Prior to the fix, when using Fabric CA with tls configured for Postres
database, the creation of the required tables fails upon initial
Fabric CA start.

FABC-837 Fabric CA panics when setup for multiple CAs
Prior to the fix, Fabric CA would panic upon start if configured
for multiple CAs (using --cafiles) and metric gathering.

Changes, Known Issues, and Workarounds
--------------------------------------

None.

Known Vulnerabilities
---------------------
FABC-174 Commands can be manipulated to delete identities or affiliations

This vulnerability can be resolved in one of two ways:

1) Use HTTPS (TLS) so that the authorization header is not in clear text.

2) The token generation/authentication mechanism was improved to optionally prevent
token reuse. In v1.4 a more secure token can be used by setting environment variable:

FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

However, it cannot be set to false until all clients have
been updated to generate the more secure token and tolerate
FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false.
The Fabric CA client has been updated in v1.4 to generate the more secure token.
The Fabric SDKs will be updated by v2.0 timeframe to generate the more secure token,
at which time the default for Fabric CA server will change to:
FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

Resolved Vulnerabilities
------------------------
None.

For the full list of improvements and fixes, refer to the release change log:
https://github.com/hyperledger/fabric-ca/blob/release-1.4/CHANGELOG.md#v142
Loading

v1.4.1 Release Notes - April 11, 2019

15 Nov 17:38
@lindluni lindluni
v1.4.1
3384a38

Choose a tag to compare

View all tags
v1.4.1 Release Notes - April 11, 2019 
-------------------------------------

What's New in Hyperledger Fabric CA v1.4.1
------------------------------------------

FABC-408 Add support for CORS
CORS can be enabled in Fabric CA server using new server flags:
--cors.enabled   Enable CORS for the fabric-ca-server
--cors.origins   Comma-separated list of Access-Control-Allow-Origin domains

FABC-782
Fabric CA API operational metrics

FABC-789
Fabric CA database operations metrics

FABC-743
Fabric CA health check

Changes, Known Issues, and Workarounds
--------------------------------------

None.

Known Vulnerabilities
---------------------
FABC-174 Commands can be manipulated to delete identities or affiliations

This vulnerability can be resolved in one of two ways:

1) Use HTTPS (TLS) so that the authorization header is not in clear text.

2) The token generation/authentication mechanism was improved to optionally prevent
token reuse. In v1.4 a more secure token can be used by setting environment variable:

FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

However, it cannot be set to false until all clients have
been updated to generate the more secure token and tolerate
FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false.
The Fabric CA client has been updated in v1.4 to generate the more secure token.
The Fabric SDKs will be updated by v2.0 timeframe to generate the more secure token,
at which time the default for Fabric CA server will change to:
FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false

Resolved Vulnerabilities
------------------------
None.

Other improvements and fixes
----------------------------
Updated to Go version 1.11.15
Updated baseimage version to 0.4.15

For the full list of improvements and fixes, refer to the release change log:
https://github.com/hyperledger/fabric-ca/blob/release-1.4/CHANGELOG.md#v141
Loading