Releases: microsoft/CCF
Releases · microsoft/CCF
3.0.8
2.0.17
3.0.7
3.0.6
Changed
- Additional logging of historical query flow in
UNSAFEbuilds. - Historical query system will re-request entries if the host fails to provide them within a fixed time.
Dependencies
- Upgraded OpenEnclave to 0.18.5.
- Upgraded t_cose from v1.1 to v1.1.1. v1.1.1 can optionally allow unknown critical header parameters in COSE_Sign1 envelopes which is desirable for CCF C++ applications.
2.0.16
2.0.15
Changed
- Additional logging of historical query flow in
UNSAFEbuilds. - Historical query system will re-request entries if the host fails to provide them within a fixed time.
4.0.0-dev4
Changed
ccf::RpcContext::set_response()has been renamed toccf::RpcContext::set_response_json()(#4813).- The built-in authentication policies for JWTs and certs will now enforce expiry times, based on the current time received from the host. JWTs must contain "nbf" and "exp" claims, and if those are outside the current time then the request will get an authentication error (#4786).
ccf.crypto.sign()previously returned DER-encoded ECDSA signatures and now returns IEEE P1363 encoded signatures, aligning with the behavior of the Web Crypto API andccf.crypto.verifySignature()(#4829).- Proposals authenticated with COSE Sign1 must now contain a
ccf.gov.msg.created_atheader parameter, set to a positive integer number of seconds since epoch. This timestamp is used to detect potential proposal replay. Theccf_cose_sign1*scripts have been updated accordingly and require a--ccf-gov-msg-created_at. - Updated Clang version requirement to >= 10 in cmake.
Added
- Added
ccf.enableUntrustedDateTimeto JS API. After callingccf.enableUntrustedDateTime(true), theDateglobal object will use the untrusted host time to retrieve the current time. - Add new
ccf.crypto.jwkToPem,ccf.crypto.pubJwkToPem,ccf.crypto.rsaJwkToPem,ccf.crypto.pubRsaJwkToPem,ccf.crypto.eddsaJwkToPem,ccf.crypto.pubEddsaJwkToPemto JavaScript/TypesScript API to convert EC/RSA/EdDSA keys from PEM to Json Web Key (#4876). - Add new constructors to cryptography C++ API to generate EC/RSA/EdDSA keys from Json Web Key (#4876).
3.0.5
Added
- Add new
ccf.crypto.jwkToPem,ccf.crypto.pubJwkToPem,ccf.crypto.rsaJwkToPem,ccf.crypto.pubRsaJwkToPem,ccf.crypto.eddsaJwkToPem,ccf.crypto.pubEddsaJwkToPemto JavaScript/TypesScript API to convert EC/RSA/EdDSA keys from PEM to Json Web Key (#4876). - Add new constructors to cryptography C++ API to generate EC/RSA/EdDSA keys from Json Web Key (#4876).
- Proposals authenticated with COSE Sign1 must now contain a
ccf.gov.msg.created_atheader parameter, set to a positive integer number of seconds since epoch. This timestamp is used to detect potential proposal replay. Theccf_cose_sign1*scripts have been updated accordingly and require a--ccf-gov-msg-created_at.
3.0.4
Changed
ccf.crypto.sign()previously returned DER-encoded ECDSA signatures and now returns IEEE P1363 encoded signatures, aligning with the behavior of the Web Crypto API andccf.crypto.verifySignature()(#4829).
Added
- Added
ccf.enableUntrustedDateTimeto JS API. After callingccf.enableUntrustedDateTime(true), theDateglobal object will use the untrusted host time to retrieve the current time.
4.0.0-dev3
Fixed
- Node-to-node channels no longer check certificate expiry times. This previously caused "Peer certificate verification failed" error messages when node or service certs expired. (#4733)
node_data_json_fileconfiguration option is now correctly applied inStartandRecovermodes (#4761).
Changed
- Increased default NumHeapPages (heap size) for js_generic from 131072 (500MB) to 524288 (2GB).
TCP_NODELAYis now set for all incoming and outgoing TCP connections (#4717).