github.com/osdi23p228/fabric@v0.0.0-20221218062954-77808885f5db/release_notes/v2.2.2.md (about) 1 v2.2.2 Release Notes - January 27, 2021 2 ======================================= 3 4 Fixes 5 ----- 6 7 **peer and orderer - Always Finalize the PKCS#11 FindObject Operation** 8 9 In certain error paths, a PKCS#11 session was not finalized, leaving the session 10 in a locked state so that it could not be reused. 11 This fix finalizes session handles even in error paths, so that the session can be reused 12 by subsequent calls. 13 14 **FAB-18308: peer and orderer - Restore support for MSPs that contain RSA certificate authorities** 15 16 While Fabric has never supported RSA for transaction signatures or validation, 17 certificate authorities included in MSP definitions could be associated with 18 RSA keys. This ability was inadvertently removed during the development of 19 release 2.0 and prevented migration of some networks to a 2.x version. With 20 these changes, version 2.x components will no longer panic when attempting to 21 initialize MSPs that include CA certificates associated with RSA keys. 22 23 **orderer - Allow tick interval override via orderer.yaml** 24 25 If a raft network becomes unstable, sometimes, adjusting the tick 26 interval duration can be effective to restore it. However, the tick interval is 27 stored in the channel configuration, so if the network is not operational, 28 modifying it is very challenging. This fix adds Consensus.TickIntervalOverride 29 option to orderer.yaml configuration, allowing the channel configuration parameter 30 to be overridden from the local configuration. 31 32 **FAB-18192: orderer - Consenter certificate validation fails when MSP is not part of existing configuration** 33 34 If adding an organization MSP and a Raft consenter in the same configuration update transaction, validation fails 35 with error "consensus metadata update for channel config update is invalid" "certificate signed by unknown authority". 36 This fix adds logic to verify consenters based on the updated set of organization MSP root CAs. 37 38 **FAB-18244: orderer - Single node orderer will not start due to inconsistent state** 39 40 If using a single node orderer, it was possible to get into an inconsistent state where 41 a Raft WAL snapshot was taken but an in-flight block at the associated height is not yet written. 42 This fix resolves the inconsistent state by writing the last block, so that the 43 single node orderer can start. 44 45 **orderer - Remove duplicate orderer server TLS root CAs** 46 47 This fix reduces processing overhead when an ordering service node participates 48 in many channels. 49 50 **FAB-18298: orderer - Default values for General.Cluster.ClientCertificate and General.Cluster.ClientPrivateKey** 51 52 If orderer.yaml configuration options 53 `General.Cluster.ClientCertificate` and `General.Cluster.ClientPrivateKey` are not set, 54 default them to the server `General.TLS.Certificate` and `General.TLS.PrivateKey` values 55 when the orderer is not configured to use a separate cluster port. 56 This change simplifies orderer node configuration by not requiring the client certificates to be explicitly set. 57 58 **peer - incorrect handling of values set to empty byte array in node chaincode** 59 60 Peer should handle key values set to nil or empty byte arrays as a delete of the key. 61 While the behavior worked as expected when using Go chaincode and Java chaincode, if using 62 node chaincode it did not work correctly when setting key values to empty byte arrays. 63 This fix ensures that peer will interpret empty byte arrays as deletes even for node chaincodes. 64 If using node chaincode with private data, if you had set private data values to an empty byte array, 65 the private data hash would have been committed incorrectly to the state database. 66 To repair the state database, after applying the fix, with the peer stopped, 67 request that the state database be rebuilt by calling "peer node rebuild-dbs" 68 or by deleting the state database. Upon the next start, the peer will rebuild the state 69 database from the already processed block store. 70 If subsequent transactions had referenced the existence of such a private data hash by 71 calling GetPrivateDataHash, then the subsequent transactions may have been 72 processed incorrectly and the peer will need to additionally reprocess blocks, 73 which can be triggered by calling "peer node reset" instead of "peer node rebuild-dbs". 74 If using regular channel data only and not private data, the empty byte array will 75 not have been committed, and therefore no action is required on the peer beyond applying the fix. 76 77 78 Dependencies 79 ------------ 80 Fabric v2.2.2 has been tested with the following dependencies: 81 * Go 1.14.12 82 * CouchDB v3.1.1 83 84 85 Deprecations (existing) 86 ----------------------- 87 88 **FAB-15754: The 'Solo' consensus type is deprecated.** 89 90 The 'Solo' consensus type has always been marked non-production and should be in 91 use only in test environments, however for compatibility it is still available, 92 but may be removed entirely in a future release. 93 94 **FAB-16408: The 'Kafka' consensus type is deprecated.** 95 96 The 'Raft' consensus type was introduced in v1.4.1 and has become the preferred 97 production consensus type. There is a documented and tested migration path from 98 Kafka to Raft, and existing users should migrate to the newer Raft consensus type. 99 For compatibility with existing deployments, Kafka is still supported, 100 but may be removed entirely in a future release. 101 Additionally, the fabric-kafka and fabric-zookeeper docker images are no longer updated, maintained, or published. 102 103 **Fabric CouchDB image is deprecated** 104 105 v2.2.0 added support for CouchDB 3.1.0 as the recommended and tested version of CouchDB. 106 If prior versions are utilized, a Warning will appear in peer log. 107 Note that CouchDB 3.1.0 requires that an admin username and password be set, 108 while this was optional in CouchDB v2.x. See the 109 [Fabric CouchDB documentation](https://hyperledger-fabric.readthedocs.io/en/v2.2.0/couchdb_as_state_database.html#couchdb-configuration) 110 for configuration details. 111 Also note that CouchDB 3.1.0 default max_document_size is reduced to 8MB. Set a higher value if needed in your environment. 112 Finally, the fabric-couchdb docker image will not be updated to v3.1.0 and will no longer be updated, maintained, or published. 113 Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead. 114 115 **FAB-7559: Support for specifying orderer endpoints at the global level in channel configuration is deprecated.** 116 117 Utilize the new 'OrdererEndpoints' stanza within the channel configuration of an organization instead. 118 Configuring orderer endpoints at the organization level accommodates 119 scenarios where orderers are run by different organizations. Using 120 this configuration ensures that only the TLS CA certificates of that organization 121 are used for orderer communications, in contrast to the global channel level endpoints which 122 would cause an aggregation of all orderer TLS CA certificates across 123 all orderer organizations to be used for orderer communications. 124 125 **FAB-17428: Support for configtxgen flag `--outputAnchorPeersUpdate` is deprecated.** 126 127 The `--outputAnchorPeersUpdate` mechanism for updating anchor peers has always had 128 limitations (for instance, it only works the first time anchor peers are updated). 129 Instead, anchor peer updates should be performed through the normal config update flow. 130 131 **FAB-15406: The fabric-tools docker image is deprecated** 132 133 The fabric-tools docker image will not be published in future Fabric releases. 134 Instead of using the fabric-tools docker image, users should utilize the 135 published Fabric binaries. The Fabric binaries can be used to make client calls 136 to Fabric runtime components, regardless of where the Fabric components are running. 137 138 **FAB-15317: Block dissemination via gossip is deprecated** 139 140 Block dissemination via gossip is deprecated and may be removed in a future release. 141 Fabric peers can be configured to receive blocks directly from an ordering service 142 node by using the following configuration: 143 ``` 144 peer.gossip.orgLeader: true 145 peer.gossip.useLeaderElection: false 146 peer.gossip.state.enabled: false 147 ``` 148 149 **FAB-15061: Legacy chaincode lifecycle is deprecated** 150 151 The legacy chaincode lifecycle from v1.x is deprecated and will be removed 152 in a future release. To prepare for the eventual removal, utilize the v2.x 153 chaincode lifecycle instead, by enabling V2_0 application capability on all 154 channels, and redeploying all chaincodes using the v2.x lifecycle. The new 155 chaincode lifecycle provides a more flexible and robust governance model 156 for chaincodes. For more details see the 157 [documentation for enabling the new lifecycle](https://hyperledger-fabric.readthedocs.io/en/release-2.2/enable_cc_lifecycle.html).