|
5 | 5 |
|
6 | 6 | .. _release_notes: |
7 | 7 |
|
8 | | -.. release-notes:: upcoming |
| 8 | +.. release-notes:: 0.5.4 |
9 | 9 |
|
10 | | - - Validator |
| 10 | + - Participant |
11 | 11 |
|
12 | 12 | - Fix a bug introduced in 0.5.0/0.5.1 that could cause participant pruning to prune active data. |
13 | 13 | The bug only manifests in a rare edge case involving a manual ACS import on a participant that was already running for some time. |
14 | 14 |
|
| 15 | + - Fix a performance regression in participants that causes the processing of events to pause for multiple minutes at random times, |
| 16 | + due to a bad database query plan on the critical part of the indexer pipeline. |
| 17 | + |
15 | 18 | - Scan |
16 | 19 |
|
17 | 20 | - Removed the non-existing `command_id` field from the OpenAPI spec of all |
|
20 | 23 | of the returned transaction object. This is only a bugfix in the OpenAPI spec |
21 | 24 | and has no impact on the actual API behavior. |
22 | 25 |
|
23 | | - - API security |
24 | | - |
25 | | - - Tightened authorization checks for all non-public API endpoints. |
26 | | - |
27 | | - All non-public endpoints now properly respect the current user rights |
28 | | - defined in the participant user management service. |
29 | | - Revoking user rights on the participant will revoke access to the corresponding API endpoints. |
30 | | - |
31 | | - In general, endpoints that required authentication before will now check that the authenticated user |
32 | | - is not deactivated on the participant has ``actAs`` rights for the relevant party |
33 | | - (wallet party for the wallet app API, SV operator party for the SV app API, etc). |
34 | | - |
35 | | - - Administrative SV app endpoints now require participant admin rights. |
36 | | - |
37 | | - The following SV app endpoints now require the user to have participant admin rights in |
38 | | - the participant user management service. |
39 | | - |
40 | | - - ``/v0/admin/domain/pause`` |
41 | | - - ``/v0/admin/domain/unpause`` |
42 | | - - ``/v0/admin/domain/migration-dump`` |
43 | | - - ``/v0/admin/domain/migration-dump`` |
44 | | - - ``/v0/admin/domain/identities-dump`` |
45 | | - - ``/v0/admin/domain/data-snapshot`` |
46 | | - |
47 | | - This allows for finer grained access control |
48 | | - where users with ``actAs`` rights for the SV operator party but without participant admin |
49 | | - rights may use the SV or wallet UIs, but may not perform administrative actions like |
50 | | - hard synchronizer migrations. |
51 | | - |
52 | | - Note that only the service users of the SV and validator apps should automatically have participant admin rights. |
53 | | - If you are using other users to access the above endpoints, check their rights. |
54 | | - |
55 | | - - Some endpoints will have changed authorization rules in an upcoming release. |
56 | | - |
57 | | - - SV app ``/v0/dso`` is currently public, but will require authorization as SV operator, |
58 | | - similar to most other SV app endpoints. |
59 | | - Use the public ``/v0/dso`` endpoint in the scan app if you need to fetch DSO info. |
60 | | - |
61 | 26 | .. release-notes:: 0.5.3 |
62 | 27 |
|
63 | 28 | Note: 0.5.2 mistakingly introduced default pruning for Canton participants and should be skipped in favor of 0.5.3. |
|
0 commit comments