canton v0.19.0

Release of Canton 0.19.0

Canton 0.19.0 has been released on November 05, 2020. You can download the Community edition from our github release section. Please also consult the full documentation of this release.

Summary

This is quite a large release, including many exciting changes such as unique contract keys for single domains, microservices and parallel processing.

What’s New

Community and Enterprise Edition

Canton now comes in two editions: A free Community edition and a commercial Enterprise edition.
The Enterprise edition extends the Community edition with additional features. At the same time, the Community edition is fully functional and wire-compatible with the Enterprise edition.

Contract Key Uniqueness in Canton

Canton now supports a mode with unique-contract-keys (UCK) mode where contract key uniqueness is enforced.
A domain can now be configured to support UCK, but such domains are not interoperable and composeable with other domains.
If a participant connects to a UCK domain, then it may not connect to any other domain (UCK or non-UCK) during its entire lifetime.
Refer to the contract key manual for details.

Metrics

Previously, Canton supported Kamon based metrics. We have changed the underlying metrics library and adopted
Dropwizard. The available metrics are documented in our new Monitoring section in the manual.

Preview Support for PCS Manipulation

If something can go wrong, it will go wrong at some point in time. Therefore, we have been adding a new set of commands to a new group named repair. These commands are powerful and dangerous, but they can be used to recover a broken system. Scenarios where these commands will become useful are recovering from a broken domain, recovering a compromised participant or domain, migrating parties, data-continuity across major version changes and to migrate from other DAML based ledgers to Canton.
So far, we have implemented the following commands:

• participant.repair.add admin command to allow for manual creation of contracts such as those exported from other participants.
• participant.repair.change_domain admin command to allow for manual moving of contracts across domains for scenarios such as domain recovery.
• participant.repair.purge admin command to allow for manual archival of a contract.

The commands are just the first step here, but they enable the principal capability to implement all of above procedures. The commands right now are turned off by default and are preview at this point in time. We'll document in upcoming releases how exactly they can be used in various scenarios. The first documentation is how to recover participants from a permanently lost or broken domain. Refer to the manual for a how-to guide.

Parallel Transaction Processing

Enterprise only: The Enterprise edition now supports parallel transaction processing, leading to a nice performance gain. You don't have to do anything to enable this except using the Enterprise version.

Microservice Support

Enterprise only: Mediators and Sequencers can now be run independently from the main Domain node.
This allows to distribute these processes over multiple hosts and is a preparation step for subsequent high-availability configurations.

Minor Improvements

• The contract metadata in the protocol messages have been improved to include every stakeholder only once, leading to smaller message sizes.
• The preference "canton.monitoring.size-limit-of-grpc-messages-in-log" has been renamed to "canton.monitoring.log-message-payloads" and has been changed to type boolean.
• The configuration section on Canton parameters has been reorganised. Instead of a single group for a diverse set of parameters, we now feature distinct sections for monitoring and process control.
• The action description and the view participant data have been merged into a single leaf of the Merkle tree for transactions to, leading to smaller message sizes.

Breaking Protocol Changes

• The Sequencer API has been updated to include send request receipts in the sequenced event stream rather than return synchronously in the response.
  This benefits Sequencer implementations where the order of events is not known until they are observed when read (particularly the blockchain based Ethereum and Fabric Sequencers).
• UTC Timestamps are now stored in databases as longs in microseconds relative to EPOCH to avoid issues with time zones.
• The VIP policy requires only one VIP participant to confirm each transaction view rather than all VIP stakeholders.

Preview Features

• The "pruning.prune_by_time" command is now called "pruning.prune" and has been modified to accept an offset rather than a timestamp and no longer produces a return result.

Security and Bugfixes

• There was a bug where transient contracts which were created in a proper subview and were archived in the core of a root view could be double-spent. This has been fixed.
• There was a bug where the continuous pruning query corrupted the contract journal. This is fixed now.
• There is a bug in the Java libraries that can lead to the ForkJoinPool closing threads prematurely and therefore leading to deadlocks. We have added a workaround for this issue.

Compatibility

Dependency	Version
Java Runtime	OpenJDK 64-Bit Server VM 18.9 (build 11.0.9+11, mixed mode)
DAML SDK	1.7.0-snapshot.20201103.5565.0.e75d42dd
Postgres	postgres (PostgreSQL) 11.9 (Debian 11.9-1.pgdg90+1)

What's Coming

We are currently working on

• Adding Fabric and Ethereum drivers to Canton Enterprise.
• Mediator high availability for Canton Enterprise.
• Improving stability and long-running behaviour, in particular with pruning.
• Increase negative test coverage and improve our ability to deal with other outages.
• Cross-domain transactions.

canton v0.18.2

Release of Canton 0.18.2

Canton 0.18.2 has been released on August 27, 2020. You can download it from our
github release section. Please also consult the full documentation of this release.

Summary

This is a minor maintenance release.

What’s New

Improved Documentation

We have created an installation section in the manual, guiding users how to setup, configure and secure nodes.

Beside this, we also extended the documentation of console commands to include if they are stable, testing, preview or repair commands.

Minor Improvements

• We have upgraded to DAML version 1.5.0-snapshot.20200825
• We are now distinguishing console command timeouts between bounded and unbounded such that we can properly deal with commands that should finish within a finite time from commands that can potentially run indefinitely.
• We have enabled keep alive for GRPC connections by default, such that long-running commands or connections remain open.

Preview Features

• We have modified the pruning error when attempting to access pruned state to GRPC NOT_FOUND from OUT_OF_RANGE, as that error can be misinterpreted to go away after retries.

Security and Bugfixes

• We have fixed a dependency issue in our docker image that caused a warning message about missing TLS ciphers on start-up.

Compatibility

Dependency	Version
Java Runtime	OpenJDK 64-Bit Server VM 18.9 (build 11.0.8+10, mixed mode)
DAML SDK	1.5.0-snapshot.20200825.5071.0.d33e130f
Postgres	postgres (PostgreSQL) 11.9 (Debian 11.9-1.pgdg90+1)

What's Coming

We are currently working on

• Improving stability and long-running behaviour.
• Increase negative test coverage and improve our ability to deal with other outages.
• Provide more ledger integrations than just SQL.
• Initial set of capabilities for data continuity, party migration and domain disaster recovery.
• Better metrics support
• Cross-domain transactions
• Supporting current contract key uniqueness semantics for single domains in order to provide backwards compatibility.

canton v0.18.1

Release of Canton 0.18.1

Canton 0.18.1 has been released on August 18, 2020. You can download it from our github release section. Please also consult the full documentation of this release.

Summary

This is a minor maintenance release, where most changes affect preview features.

What’s New

Docker Image Dependencies

We have tidied up our docker image dependency. Instead of using Debian-slim as their core dependency, we have moved over to alpine-linux and instead of packaging the entire jdk, we just package the jre.

Cleaner Logging

Before, the log-lines produced by Canton were hard to read due their length. In many cases, the length was caused by excessive information such as long hashes.
Therefore, we have tided up our logging, trying to reduce the log noise. However, some dependencies might still log more than they should.

Preview Features

• We've continued to develop our repair commands. Now, repair.purge allows the manual archiving of contracts to complement the repair.add and repair.change_domain commands.
• We extended the ACS commitment computations to deal with pruned periods and to recover in case of a crash while pruning.

Security and Bugfixes

• None

Compatibility

Dependency	Version
Java Runtime	OpenJDK 64-Bit Server VM 18.9 (build 11.0.8+10, mixed mode)
DAML SDK	1.4.0-snapshot.20200729.4851.0.224ab362
Postgres	postgres (PostgreSQL) 11.8 (Debian 11.8-1.pgdg90+1)

What's Coming

• Improving stability and long-running behaviour.
• Increase negative test coverage and improve our ability to deal with other outages.
• Improve the documentation.
• Provide more ledger integrations than just SQL.
• Initial set of capabilities for data continuity, party migration and domain disaster recovery.

canton v0.18.0

Release of Canton 0.18.0

Canton 0.18.0 has been released on August 06, 2020. You can download it from our github release section. Please also consult the full documentation of this release.

Summary

This release improves the use of TLS on the Ledger and Admin API and comes with a new set of advanced configuration examples. We also fixed some bugs and extended the functionality of a few preview features.

What’s New

Breaking Change: Sequencer Handshake

Internally, the sequencer clients now perform a handshake with the sequencer server to ensure that they are compatible. This is a small, but breaking internal change, leading to a version increase.

Improved TLS Support

The TLS support for the Admin API and the Ledger API has been re-worked entirely. Both now support certificate based mutual authentication and we highly encourage you to secure your api endpoints accordingly.
In addition, Canton will enforce at least TLSv1.2 and rely on strong ciphers by default. Please consult the manual for detailed instructions.

Improved Advanced Configuration Example

The advanced configuration example has been reworked quite a bit. There is a new set of "configuration mix-ins" that allow you to quickly and easily setup up nodes with Postgres / H2 persistence or authorization.
Please consult the examples/03-advanced-configuration/README.md file in the release tar/zip.

Minor Improvements

• The command health.status now has a pretty printed result. Discontinued health.print_status.
• Optimized the log file to present much more concise and slicker versions of logged data while still exposing relevant information.
• Sequencer configuration has been further simplified to allow a single external definition to support all external Sequencer implementations, as well as feature flags to indicate what support is required from the Domain Node for these Sequencers. The default Sequencer configuration continues to be the embedded Postgres based Sequencer.
• Upgraded to DAML 1.4.0-snapshot.20200729

Preview Features

• Initial support for adding legal identities using X509 has been added, including some support to create self-signed X509 certificates (will be used for the HTTP/1.1 sequencer API).
• Pruning is now not blocked by periods of missing (or received, but mismatching) ACS commitments. That is, if the participants get back into sync (for example, after repair operations), and their commitments match up at a later point in time, pruning is allowed to proceed at this later point.
• safe_timestamp now takes an optional beforeOrAt timestamp argument and has been renamed to find_safe_timestamp. Use it to find some safe point for pruning that's no later than beforeOrAt. Furthermore, now it is guaranteed to return timestamps that fall exactly at reconciliation interval "ticks".

Security and Bugfixes

• Fixed a pruning bug that prevented participants with DB-configured storage to be pruned more than once.
• Avoids startup failure of Canton demo.
• Race condition in domain connectivity commands has been fixed.

Compatibility

Dependency	Version
Java Runtime	OpenJDK 64-Bit Server VM 18.9 (build 11.0.8+10, mixed mode)
DAML SDK	1.4.0-snapshot.20200729.4851.0.224ab362
Postgres	postgres (PostgreSQL) 11.6 (Debian 11.6-1.pgdg90+1)

What's Coming

• Improving stability and long-running behaviour.
• Increase negative test coverage and improve our ability to deal with other outages.
• Improve the documentation.
• Provide more ledger integrations than just SQL.
• Initial set of capabilities for data continuity, party migration and domain disaster recovery.

canton v0.17.0

Release of Canton 0.17.0

Canton 0.17.0 has been released on July 16, 2020. You can download it from our github release section. Please also consult the full documentation of this release.

Summary

This release comes with a set of stability fixes for long running environments and adds the JWT authentication
support to the Ledger API. Also, we've added more commands for package vetting. On top of this,
we have added a first set of experimental commands to provide disaster recovery and data continuity in
almost all circumstances.

What’s New

Added JWT Ledger Api Authentication Support

The Ledger Api now exposes the JWT token authentication support of the DAML SDK. Please have a look at
the documentation
on how to enable this in your deployments.

Documented Known Limitations

We have improved the documentation on our current known limitations.
While Canton has reached already a certain level of maturity, there are a few things that could happen if you
start pushing the boundaries.

Minor Improvements

• PackageService.listPackages no longer yields a package state. All returned packages are considered
  to be active. To disable a package, leave the corresponding UsePackage contract.

• Implemented participant.packages.usages admin commands to allow for manual creation of UsePackage contracts.

• Introduced configuration option ParticipantConfig.automaticPackageBroadcast, which allows for switching off the
  automatic creation of UsePackage contracts.

• Breaking: Grpc Sequencer service authentication now supports the mediator and domain identity manager
  (previously only participants were supported). This required adjusting the member serialization making clients on
  prior versions incompatible.

• Upgraded to DAML 1.3.0-snapshot.20200708

Experimental Features

There are a new set of commands we are just adding to guarantee our ability to recover from almost any kind of
disaster. They are just experimental now and will be featured in an upcoming release.

• participant.repair.add admin command to allow for manual creation of contracts such as those exported from other
  participants.
• participant.repair.change_domain admin command to allow for manual moving of contracts across domains for
  scenarios such as domain recovery.

Security and Bugfixes

• Improved the startup behaviour of the ACSCommitmentProcessor such that it can deal with
  larger active contract sets.
• Fixed a memory leak that would have manifested itself after millions of transactions
  (tree map storing one long number per tx).

Compatibility

Dependency	Version
Java Runtime	OpenJDK 64-Bit Server VM 18.9 (build 11.0.7+10, mixed mode)
DAML SDK	1.3.0-snapshot.20200708.4686.0.95dfa18e
Postgres	postgres (PostgreSQL) 11.6 (Debian 11.6-1.pgdg90+1)

What's Coming

We are currently working on

• Improving stability and long-running behaviour.
• Increase negative test coverage and improve our ability to deal with other outages.
• Improve the documentation.
• Provide more ledger integrations than just SQL.
• Improved logging by shortening long loglines.
• Initial set of capabilities for data continuity, party migration and domain disaster recovery.

canton v0.16.0

• Upgraded to DAML 1.3.0-snapshot.20200610
• Added a new key concepts / glossary section to the documentation to quicker explain to users what
  how the system works and what the components do.
• Whenever a participant connects to a domain or receives a DAML package, the participant will create corresponding
  UsePackage contracts. A UsePackage contract is used to inform a participant which packages another participant is able to use.
• By default, a command that triggers creation of UsePackage contracts will only terminate when the creation has succeeded.
  If this fails for some reason, connect or disconnect from a domain to retry.
  You may also directly invoke ParticipantAdministration.packages.wait_until_packages_ready to wait until creation of
  UsePackage contracts has terminated.
• Added a write-up on how to get the most out of contract keys in Canton
• Added a console command to retrieve the domain a transaction was committed on
• Fixed a bug in the contract key implementation that failed (among others) submissions that used ExerciseByKeyCommand
• Sequencer Initialization for all implementations now follow a consistent approach simplifying
  initialization for sequencers in external processes.
• BREAKING: Domain Service provides Sequencer Connection Configuration in a configuration object
  rather than serialization into a URL allowing richer configuration options.
• BREAKING: the submit and submit_flat console commands do not take an awaitAt parameter any
  more. Instead, if the submission succeeds, these commands by default now automatically determine
  the participants involved in the resulting transaction, and await until the transaction is visible
  to all those participants, reducing the chance of race conditions in console applications. You can
  opt out of the auto synchronization by passing None for the optTimeout parameter.
• BREAKING: the acs.find command has been simplified and renamed to acs.await to better reflect
  that it awaits for the contract to become available. Its type signature has changed to improve
  Scala's type inference and remove the need for manual type annotations. The command now takes a
  template companion instead of a template ID. The same change was done to decodeCreated and
  decodeArchived helpers.
• If a command refers to a package that is not known to an informee participant, the command will be rejected.
  Previously, such commands could be accepted, resulting in a ledger fork.

canton v0.15.2

• Added release line support to build infrastructure. This is just an empty
  test release proving that it works.

canton v0.15.1

• Changed transaction processor to be more forgiving when observing invalid
  transactions. Before, the participant node disconnected and stopped
  processing transactions. Now, the participant node warns and skips the
  transaction in such cases.

canton v0.15.0

• Ledger pruning has been renamed from participant.pruning.execute to participant.pruning.prune_by_time and no longer stops and restarts the ledger api server before and after.
• After participant ledger pruning, the ledger api's transaction and completion endpoints return an "OUT_OF_RANGE" status error on attempts to access offsets "earlier" than pruned offset. This includes particularly reading from "LEDGER_BEGIN".
• A pruning error no longer keeps the ledger api server stopped.
• Logging option "debug-full" now needs to be invoked with "--debug-full",
  as the previously used shortcut "-D" conflicts with JVM argument passing using "-D".
• Upgraded to DAML 1.2.0-snapshot.20200527
• Exposed the "transaction by id" Ledger API command through the console
• Added an optional "awaitAt" parameter to the console commands for Ledger API command submission. This will soon be replaced by "auto-sync" though
• Implemented proper fetchSome semantics for contract keys
• Fixed an error that prevented bootstrap scripts to be executed on Windows (#3)
• The reference demo now better introduces the use-case and the domain
  abstraction.

canton v0.14.1

• New example of a messaging app, including a DAML exercise