|
1 | | -v1.4.7 Release Notes - Date TBD, 2020 |
2 | | -===================================== |
| 1 | +v1.4.7 Release Notes - May 14, 2020 |
| 2 | +=================================== |
3 | 3 |
|
4 | 4 | Fixes |
5 | 5 | ----- |
6 | 6 |
|
7 | | -- **FAB-XXXXX: Title** |
| 7 | +- **FAB-17517: Only Initialize specified BCCSP provider** |
8 | 8 |
|
9 | | - Description |
| 9 | + This fix ensures that only specified provider is initialized |
| 10 | + based on ProviderName. |
| 11 | + This fixes "Failed initializing PKCS11.BCCSP %!s(<nil>)" error |
| 12 | + when the code compiled with PKCS11 or PLUGINS enabled expected |
| 13 | + configuration to not be nil even when Provider is set to SW. |
| 14 | + |
| 15 | +- **FAB-16951: Alternative mechanisms to find pkcs11 key** |
| 16 | + |
| 17 | + This modification adds a parameter called AltID to the PKCS11 BCCSP configuration. |
| 18 | + This change is required in situations where the HSM does not allow |
| 19 | + modification of the CKA_ID after creation, for example when using AWS CloudHSM. |
| 20 | + |
| 21 | +- **FAB-17726: Properly handle malformed gossip envelopes** |
| 22 | + |
| 23 | + If a malformed envelope is read from the stream, an error is propagated |
| 24 | + synchronously up the stack. |
| 25 | + Under very rare circumstances a race condition caused a nil pointer peer panic. |
| 26 | + |
| 27 | +- **FAB-16879: Add stack trace to couchdb http errors** |
| 28 | + |
| 29 | + If there was an http error calling couchdb, no context was provided in the error message. |
| 30 | + This change adds stack trace in addition to the http error message, |
| 31 | + so that administrators can identify where the error was hit. |
| 32 | + |
| 33 | +- **FAB-17722: Validate HSM session and get new if invalid** |
| 34 | + |
| 35 | + Previously the pkcs11 code was set to have a session cache and reuse sessions |
| 36 | + if available in cache. If a session went bad (due to connection issues with HSM), |
| 37 | + the session was not evicted from cache and would be reused. |
| 38 | + If all sessions went bad, the client would never be able to recover and keep using bad sessions. |
| 39 | + |
| 40 | +- **FAB-17752: Return errors when creating keystore** |
| 41 | + |
| 42 | + An error is now returned if BCCSP is not able to create keystore directory. |
| 43 | + |
| 44 | +- **FAB-17778: Fix policy support of multiple signatures from single organization** |
| 45 | + |
| 46 | + Fix de-duplication logic to ensure sufficient number of signatures are received to satisfy |
| 47 | + policies that require multiple signatures from the same organization. |
| 48 | + This problem is rare since most users have policies that require signatures from different |
| 49 | + organizations, not policies that require multiple signatures from the same organization. |
| 50 | + |
| 51 | +- **FAB-17728: Add delay to pkcs11 create session loop** |
| 52 | + |
| 53 | + Previously there was no backoff when attempting to create a new session if one was not |
| 54 | + available in the HSM session cache. This fix introduces a hardcoded backoff of 100ms |
| 55 | + after each attempt up to 10. |
| 56 | + |
| 57 | + |
| 58 | +Dependency updates |
| 59 | +------------------ |
| 60 | +- Bump Go to 1.13.9. |
| 61 | +- Bump Fabric baseimage to 0.4.20. |
10 | 62 |
|
11 | 63 |
|
12 | 64 | Changes, Known Issues, and Workarounds |
|
0 commit comments