Skip to content

canton v2.10.3

Latest
Latest

Choose a tag to compare

View all tags
@canton-machine canton-machine released this 12 Jan 16:07
· 1 commit to main since this release
v2.10.3
1cf2844
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release of Canton 2.10.3

Canton 2.10.3 has been released on January 12, 2026. You can download the Daml Open Source edition from the Daml Connect Github Release Section. The Enterprise edition is available on Artifactory.
Please also consult the full documentation of this release.

Summary

This maintenance release updates internal dependencies to address security vulnerabilities.
We recommend upgrading during your next scheduled maintenance window.

What’s New

Addressed security vulnerabilities

Notably, this maintenance release upgrades gRPC to version 1.75.0 and Netty to version 4.1.130.Final to address known
vulnerabilities (CVE-2025-55163 and CVE-2025-58057). Additionally, Flyway has been updated to 9.22.3, which includes
an upgrade to Jackson 2.15.2 to resolve a security vulnerability.

New gRPC Client Configuration Options

We have introduced keepAliveWithoutCalls and idleTimeout settings for gRPC client keep-alive configurations.
Please refer to the https://grpc.io/docs/guides/keepalive/#keepalive-configuration-specification for a detailed breakdown
of these parameters.

Backward compatibility note: These two configurations are disabled by default to maintain existing behavior.

Usage note: If keepAliveWithoutCalls is enabled on the client, you must ensure that permitKeepAliveWithoutCalls is
also enabled on the server side. Additionally, permitKeepAliveTime may need adjustment to accommodate the increased
frequency of keep-alive pings from the client.

Example Configuration:

Participant config:

canton.participants.participant.sequencer-client.keep-alive-client.keep-alive-without-calls = true
# And / Or
canton.participants.participant.sequencer-client.keep-alive-client.idle-timeout = 5 minutes

Domain config:

# Must be enabled if keep-alive-without-calls is enabled on the client side
# Single domain
canton.domains.mydomain.public-api.keep-alive-server.permit-keep-alive-without-calls = true
canton.domains.mydomain.public-api.keep-alive-server.permit-keep-alive-time = 5 minutes
# Sequencer node
canton.sequencers.sequencer.public-api.keep-alive-server.permit-keep-alive-without-calls = true
canton.sequencers.sequencer.public-api.keep-alive-server.permit-keep-alive-time = 5 minutes

Compatibility

The following Canton protocol versions are supported:

Dependency Version
Canton protocol versions 5, 7

Canton has been tested against the following versions of its dependencies:

Dependency Version
Java Runtime OpenJDK 64-Bit Server VM Zulu11.72+19-CA (build 11.0.23+9-LTS, mixed mode)
Postgres Recommended: PostgreSQL 12.22 (Debian 12.22-1.pgdg120+1) – Also tested: PostgreSQL 11.16 (Debian 11.16-1.pgdg90+1), PostgreSQL 13.23 (Debian 13.23-1.pgdg13+1), PostgreSQL 14.20 (Debian 14.20-1.pgdg13+1), PostgreSQL 15.15 (Debian 15.15-1.pgdg13+1)
Oracle 19.20.0
Assets 4
Loading