github.com/osdi23p228/fabric@v0.0.0-20221218062954-77808885f5db/release_notes/v2.2.2.md (about)

     1  v2.2.2 Release Notes - January 27, 2021
     2  =======================================
     3  
     4  Fixes
     5  -----
     6  
     7  **peer and orderer - Always Finalize the PKCS#11 FindObject Operation**
     8  
     9  In certain error paths, a PKCS#11 session was not finalized, leaving the session
    10  in a locked state so that it could not be reused.
    11  This fix finalizes session handles even in error paths, so that the session can be reused
    12  by subsequent calls.
    13  
    14  **FAB-18308: peer and orderer - Restore support for MSPs that contain RSA certificate authorities**
    15  
    16  While Fabric has never supported RSA for transaction signatures or validation,
    17  certificate authorities included in MSP definitions could be associated with
    18  RSA keys. This ability was inadvertently removed during the development of
    19  release 2.0 and prevented migration of some networks to a 2.x version. With
    20  these changes, version 2.x components will no longer panic when attempting to
    21  initialize MSPs that include CA certificates associated with RSA keys.
    22  
    23  **orderer - Allow tick interval override via orderer.yaml**
    24  
    25  If a raft network becomes unstable, sometimes, adjusting the tick
    26  interval duration can be effective to restore it. However, the tick interval is
    27  stored in the channel configuration, so if the network is not operational,
    28  modifying it is very challenging. This fix adds Consensus.TickIntervalOverride
    29  option to orderer.yaml configuration, allowing the channel configuration parameter
    30  to be overridden from the local configuration.
    31  
    32  **FAB-18192: orderer - Consenter certificate validation fails when MSP is not part of existing configuration**
    33  
    34  If adding an organization MSP and a Raft consenter in the same configuration update transaction, validation fails
    35  with error "consensus metadata update for channel config update is invalid" "certificate signed by unknown authority".
    36  This fix adds logic to verify consenters based on the updated set of organization MSP root CAs.
    37  
    38  **FAB-18244: orderer - Single node orderer will not start due to inconsistent state**
    39  
    40  If using a single node orderer, it was possible to get into an inconsistent state where
    41  a Raft WAL snapshot was taken but an in-flight block at the associated height is not yet written.
    42  This fix resolves the inconsistent state by writing the last block, so that the
    43  single node orderer can start.
    44  
    45  **orderer - Remove duplicate orderer server TLS root CAs**
    46  
    47  This fix reduces processing overhead when an ordering service node participates
    48  in many channels.
    49  
    50  **FAB-18298: orderer - Default values for General.Cluster.ClientCertificate and General.Cluster.ClientPrivateKey**
    51  
    52  If orderer.yaml configuration options
    53  `General.Cluster.ClientCertificate` and `General.Cluster.ClientPrivateKey` are not set,
    54  default them to the server `General.TLS.Certificate` and `General.TLS.PrivateKey` values
    55  when the orderer is not configured to use a separate cluster port.
    56  This change simplifies orderer node configuration by not requiring the client certificates to be explicitly set.
    57  
    58  **peer - incorrect handling of values set to empty byte array in node chaincode**
    59  
    60  Peer should handle key values set to nil or empty byte arrays as a delete of the key.
    61  While the behavior worked as expected when using Go chaincode and Java chaincode, if using
    62  node chaincode it did not work correctly when setting key values to empty byte arrays.
    63  This fix ensures that peer will interpret empty byte arrays as deletes even for node chaincodes.
    64  If using node chaincode with private data, if you had set private data values to an empty byte array,
    65  the private data hash would have been committed incorrectly to the state database.
    66  To repair the state database, after applying the fix, with the peer stopped,
    67  request that the state database be rebuilt by calling "peer node rebuild-dbs"
    68  or by deleting the state database. Upon the next start, the peer will rebuild the state
    69  database from the already processed block store.
    70  If subsequent transactions had referenced the existence of such a private data hash by
    71  calling GetPrivateDataHash, then the subsequent transactions may have been
    72  processed incorrectly and the peer will need to additionally reprocess blocks,
    73  which can be triggered by calling "peer node reset" instead of "peer node rebuild-dbs".
    74  If using regular channel data only and not private data, the empty byte array will
    75  not have been committed, and therefore no action is required on the peer beyond applying the fix.
    76  
    77  
    78  Dependencies
    79  ------------
    80  Fabric v2.2.2 has been tested with the following dependencies:
    81  * Go 1.14.12
    82  * CouchDB v3.1.1
    83  
    84  
    85  Deprecations (existing)
    86  -----------------------
    87  
    88  **FAB-15754: The 'Solo' consensus type is deprecated.**
    89  
    90  The 'Solo' consensus type has always been marked non-production and should be in
    91  use only in test environments, however for compatibility it is still available,
    92  but may be removed entirely in a future release.
    93  
    94  **FAB-16408: The 'Kafka' consensus type is deprecated.**
    95  
    96  The 'Raft' consensus type was introduced in v1.4.1 and has become the preferred
    97  production consensus type.  There is a documented and tested migration path from
    98  Kafka to Raft, and existing users should migrate to the newer Raft consensus type.
    99  For compatibility with existing deployments, Kafka is still supported,
   100  but may be removed entirely in a future release.
   101  Additionally, the fabric-kafka and fabric-zookeeper docker images are no longer updated, maintained, or published.
   102  
   103  **Fabric CouchDB image is deprecated**
   104  
   105  v2.2.0 added support for CouchDB 3.1.0 as the recommended and tested version of CouchDB.
   106  If prior versions are utilized, a Warning will appear in peer log.
   107  Note that CouchDB 3.1.0 requires that an admin username and password be set,
   108  while this was optional in CouchDB v2.x. See the
   109  [Fabric CouchDB documentation](https://hyperledger-fabric.readthedocs.io/en/v2.2.0/couchdb_as_state_database.html#couchdb-configuration)
   110  for configuration details.
   111  Also note that CouchDB 3.1.0 default max_document_size is reduced to 8MB. Set a higher value if needed in your environment.
   112  Finally, the fabric-couchdb docker image will not be updated to v3.1.0 and will no longer be updated, maintained, or published.
   113  Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead.
   114  
   115  **FAB-7559: Support for specifying orderer endpoints at the global level in channel configuration is deprecated.**
   116  
   117  Utilize the new 'OrdererEndpoints' stanza within the channel configuration of an organization instead.
   118  Configuring orderer endpoints at the organization level accommodates
   119  scenarios where orderers are run by different organizations. Using
   120  this configuration ensures that only the TLS CA certificates of that organization
   121  are used for orderer communications, in contrast to the global channel level endpoints which
   122  would cause an aggregation of all orderer TLS CA certificates across
   123  all orderer organizations to be used for orderer communications.
   124  
   125  **FAB-17428: Support for configtxgen flag `--outputAnchorPeersUpdate` is deprecated.**
   126  
   127  The `--outputAnchorPeersUpdate` mechanism for updating anchor peers has always had
   128  limitations (for instance, it only works the first time anchor peers are updated).
   129  Instead, anchor peer updates should be performed through the normal config update flow.
   130  
   131  **FAB-15406: The fabric-tools docker image is deprecated**
   132  
   133  The fabric-tools docker image will not be published in future Fabric releases.
   134  Instead of using the fabric-tools docker image, users should utilize the
   135  published Fabric binaries. The Fabric binaries can be used to make client calls
   136  to Fabric runtime components, regardless of where the Fabric components are running.
   137  
   138  **FAB-15317: Block dissemination via gossip is deprecated**
   139  
   140  Block dissemination via gossip is deprecated and may be removed in a future release.
   141  Fabric peers can be configured to receive blocks directly from an ordering service
   142  node by using the following configuration:
   143  ```
   144  peer.gossip.orgLeader: true
   145  peer.gossip.useLeaderElection: false
   146  peer.gossip.state.enabled: false
   147  ```
   148  
   149  **FAB-15061: Legacy chaincode lifecycle is deprecated**
   150  
   151  The legacy chaincode lifecycle from v1.x is deprecated and will be removed
   152  in a future release. To prepare for the eventual removal, utilize the v2.x
   153  chaincode lifecycle instead, by enabling V2_0 application capability on all
   154  channels, and redeploying all chaincodes using the v2.x lifecycle. The new
   155  chaincode lifecycle provides a more flexible and robust governance model
   156  for chaincodes. For more details see the
   157  [documentation for enabling the new lifecycle](https://hyperledger-fabric.readthedocs.io/en/release-2.2/enable_cc_lifecycle.html).