2.0.0-rc.1 (2024-06-14)

Bug Fixes

• cactus-common: coerceUnknownToError() now uses HTML sanitize (d70488a)
• cactus-example-cbdc-bridging-backend: add missing CRPC port config option (84c0733)
• cmd-api-server: add runtime type validation to HTTP verbs pulled from OAS (b0ff599), closes #2751 #2751 #2751 #2754
• cmd-api-server: address CVE-2022-25881 (81da333), closes #2862
• cmd-api-server: fix CVE-2023-36665 protobufjs try 2 (4e8b553), closes #2682
• cmd-api-server: healthcheck broken due to missing wget binary (8f1ca3f), closes #2894
• connector-besu: error handling of DeployContractSolidityBytecodeEndpoint (89d9b93), closes #2868
• connector-besu: toBuffer only supports 0x-prefixed hex (1d00e32)
• connector-corda: contract deployment SSH reconnect race condition (0af2eb1)
• connector-fabric: address CVEs: CVE-2022-21190, CVE-2021-3918 (11e775d), closes #2864
• connector-quorum/ethereum: strengthen contract parameter validation (779bb7e), closes #2760
• corda-simple-app: use correct bond asset flows and contracts for bond asset exchange (caa2b3a)
• deps: bulk add missing dependencies - 2023-11-02 (8addb01), closes #2857
• GHSA-8qv2-5vq6-g2g7 webpki CPU denial of service in certificate path (e24458f)
• indy-vdr-nodejs: update dependency version (f81b46b)
• ledger-browser: fix vulnerability CVE-2022-37601 (55c7d3d)
• persistence-fabric: hide not critical API (793f94f)
• plugin-htlc-coordinator-besu: add missing HSTS header (dff34e8)
• plugin-keychain-vault: fix CVE-2024-0553 in vault server image (1eacf7e)
• security: address CVE-2021-3749 - axios >=0.22.0 (61fc700)
• security: mitigate CVE-2024-21505 (f48994f)
• security: remediate qs vulnerability CVE-2022-24999 (536b6b1)
• weaver-asset-transfer: return proper error messages for pledge status and claim status (f8f6bcb)
• weaver-fabric-node-sdk: made AES key length configurable in ECIES functions (e679801)
• weaver-go-cli: updated Weaver Fabric Go CLI module to ensure local compilation (1668cf4)
• weaver-go-sdk: corrected membership API function signatures (083ea4f)
• weaver-go-sdk: revert fabric-protos-go-apiv2 dep to fabric-protos-go (6994e5b)
• weaver-membership-functions: reverted earlier buggy change affecting identity mgmt (faf90dd)
• weaver-packages: removing unnecessary package-lock.json file (f3e53e4)
• weaver-satp: bug and configuration fixes in relays and Fabric drivers for sample SATP implementation (9f77871)
• weaver: improper exception handling (a33f30c), closes #2767
• weaver: upgraded Corda dependencies to overcome Log4j vulnerability (76f0c68)
• weaver: usage of weak PRNG issue (fa17b52), closes #2765

Features

• actionlint: fix the errors produced by the ActionLint tool (e6d5d88)
• bungee-hermes: new plugin bungee-hermes (ecf52ec)
• bungee-hermes: process & merge views (231a5e5)
• bungee-hermes: viewProof & ethereum strategy (22f389f)
• cactus-core-api: add ISendRequestResultV1<T> for Fujitsu verifier (483de38)
• cactus-core: add ConnectRPC service interface and type guard (9e83087)
• cactus-core: add handleRestEndpointException utility to public API (bf9dfe8)
• cactus-example-discounted-asset-trade: use openapi ethereum connector (dcaf9fe), closes #2645
• cactus-example-discounted-asset-trade: use openapi sawtooth connector (86d6b38), closes #2825
• cactus-example-electricity-trade: use openapi ethereum connector (9e66850)
• cactus-plugin-ledger-connector-aries: add new connector plugin (afef5ae), closes #2946
• cactus-plugin-ledger-connector-cdl-socketio: separate endpoint for subscription key (b1048af)
• cactus-plugin-ledger-connector-cdl-socketio: support subscription key auth (a04fc5b)
• cactus-plugin-ledger-connector-cdl: add new connector plugin (6efd8de)
• cactus-plugin-ledger-connector-ethereum: add json-rpc proxy (ed04201)
• cactus-plugin-ledger-connector-ethereum: add signing utils (84c5b34)
• cactus-plugin-ledger-connector-ethereum: add stress test (55fa26e), closes #2631
• cactus-plugin-ledger-connector-ethereum: refactor connector API (cda279f), closes #2630
• cactus-plugin-ledger-connector-ethereum: support London fork gas prices (80a89dd), closes #2581
• cactus-plugin-ledger-connector-ethereum: update web3js to 4.X (55f82c9), closes #2580 #2535 #2578
• cactus-plugin-ledger-connector-fabric-socketio: remove fabric-socketio connector (704e201), closes #2644
• cactus-plugin-ledger-connector-fabric: support delegated (offline) signatures (e2812f4), closes #2598
• cactus-plugin-ledger-connector-iroha: remove deprecated iroha connector (fa27fde), closes #3159 #3155
• cactus-plugin-ledger-connector-sawtooth: add new connector plugin (e379504)
• cactus-plugin-persistence-ethereum: use openapi ethereum connector (b8f9b79), closes #2631
• cbdc-bridging: add frontend code for the CBDC example (5ad0ebf)
• cmd-api-server: add ConnectRPC auto-registration for plugins (c569460)
• cmd-api-server: add gRPC plugin auto-registration support (5762dad)
• common: add express http verb method name string literal type (8f048ea)
• common: add isGrpcStatusObjectWithCode user-defined type guard (941dbad)
• connector-besu: add continuous benchmarking with JMeter (379d41d)
• connector-besu: add gRPC support for operations (ab676d2), closes #3173
• connector-fabric: drop support for Fabric v1.x (ec8123c)
• connector-polkadot: add connector pkg, openapi specs, test suite (6a476a0)
• core-api: add IPluginGrpcService type & user-defined type guard (e87e577)
• core: add configureExpressAppBase() utility function (383f852)
• ethereum-connector: support block monitoring with http only connection (f4373a9)
• indy-sdk: replace indy SDK with AFJ (3291dcc), closes #2859 #2860
• indy-test-ledger: add helper class for indy ledger (8c746c3), closes #2861
• plugin-keychain-memory: add ConnectRPC support (c5fecf6), closes #3183
• plugin-keychain-memory: add observability via RxJS ReplaySubjects (9b41377)
• plugin-keychain-memory: add REST API endpoint implementations (c7a8fa5)
• plugin-satp-hermes: replace IPFS dependency in SATP package (3bb7157), closes #2984 #3006
• satp: sample implementation of SATP standard using relays (c23197c)
• supabase-all-in-one: update versions, use skopeo (eeb34f9), closes #3099
• test-tooling: add Stellar test ledger (58fa94e), closes #3239
• weaver-go: upgraded Weaver Fabric Go SDK with membership functions (43cce8e)
• weaver: add build script and fix minor issues (6d4fd00)

Performance Improvements

• cmd-api-server: add demonstration of continuous benchmarking (0804bab)

BREAKING CHANGES

• connector-fabric: The Open API specification that has the enums for ledger versions will no longer have an option for Fabric v1.x This means that in the core-api package the LedgerType enum has changes which means that code that depends on that enum value will need to be updated.

Fabric v1.x has had unmaintained dependencies associated with it such as the native grpc package that stopped receiving security updates years ago and therefore it's dangerous to have around.

There are also some issues with Fabric v1.x that make the AIO image flaky which also makes the relevant tests flaky due to which we couldn't run the v1.x Fabric tests on the CI for a while now anyway.

In order to reduce the CI resource usage and our own maintenance burden I suggest that we get rid of the Fabric v1.x support meaning that we can eliminate the AIO image build and some code complexity from the test ledger code as well.

In addition some old fixtures can be removed that the tests were using. Overall a net-positive as deleting code without losing functionality (that we care about) is always a plus.

Signed-off-by: Peter Somogyvari peter.somogyvari@accenture.com