Releases: zama-ai/fhevm
Releases · zama-ai/fhevm
Release list
v0.14.0-4
What's Changed
Other Changes
- feat(coprocessor): add --seed-start-block flag to host-listener poller (backport 0.14.x) by @Eikix in #3125
- fix(host-contracts): use fully-qualified EmptyUUPSProxy name in bridg… by @PanGan21 in #3174
Full Changelog: v0.14.0-3...v0.14.0-4
v0.11.5-0
Full Changelog: v0.11.4...v0.11.5-0
v0.13.2-0
What's Changed
Other Changes
- fix(coprocessor): bump crossbeam-epoch to 0.9.20 on release/0.13.x (RUSTSEC-2026-0204) by @Eikix in #3128
- feat(coprocessor): add --seed-start-block flag to host-listener poller (backport 0.13.x) by @Eikix in #3124
Full Changelog: v0.13.1...v0.13.2-0
v0.14.0-3
v0.14.0-2
What's Changed
Other Changes
- refactor(coprocessor): rename ethereum chain id flag to canonical protocol config chain id by @PanGan21 in #3042
- chore(sdk): backport js-sdk changes to release/0.14.x by @geoxel in #3077
- chore(test-suite): pin fhevm/sdk to 1.1.0-alpha.8 by @tawadaa in #3080
- chore(coprocessor): bump tfhe version by @antoniupop in #3069
- feat(host-contracts): wiring runbook for CBridge by @jatZama in #3111
- fix(sdk): fix extraData version check by @geoxel in #3093
- fix(test-suite): sync package-lock.json with pinned @fhevm/sdk version by @geoxel in #3129
- fix(kms-connector): harden legacy user-decryption calldata sourcing by @eudelins-zama in #3135
Full Changelog: v0.14.0-1...v0.14.0-2
v0.14.0-1
What's Changed
Other Changes
- feat(host-contracts): add ConfidentialBridge deploy and prepareUpgrade tasks for existing chains by @PanGan21 in #3030
- fix(host-contracts): validate KMS context in isValidEpochForContext by @obatirou in #3013
- feat(host-contracts): remove pending abort methods and add destroyKmsEpoch by @obatirou in #3035
- fix(coprocessor): fix rustsec-2026-0204, update crossbeam-epoch by @Eikix in #3037
- fix(host-contracts): align confirm context previous committee quorum by @immortal-tofu in #3051
Full Changelog: v0.14.0-0...v0.14.0-1
v0.14.0-0
v0.14.0-0 is a protocol and operations pre-release focused on KMS context rotation, unified user decryption, confidential bridging, and safer coprocessor rollout/migration paths.
Highlights
- Added the new KMS context/epoch lifecycle for protocol upgrades and key rotation. Host contracts, KMS connector, relayer, SDK, and test tooling now understand context-aware
extraData, epoch validation, and KMS context switching. - Introduced unified EIP-712 user decryption. Self and delegated decryption now share one request model, with per-handle ownership,
durationSeconds, protocol-versioned permits, and
ERC-1271 smart-account signature support. - Added confidential bridging support for encrypted handles through the new LayerZero-based
ConfidentialBridge, bridge events, Solidity helper APIs, and end-to-end bridge tests. - Expanded Solidity developer APIs with
FHE.toExternal(...)helpers for encrypted types andFHE.mulDiv(...)for widened multiply/divide operations. - Hardened gateway and decryption validation: context-aware decryption consensus, v2
extraDatawith epoch ID, stricter handle/context checks, and clearer handling of invalid KMS
signer/transaction-sender cases. - Improved coprocessor reliability for migration and live operations: host-listener consumer/catchup paths, SNS/S3 ciphertext migration support, block-context materialization
groundwork, drift-recovery hardening, fatal DB-loss restart behavior, and added latency/gap metrics. - Added ciphertext attestation plumbing and shadow verification in the KMS connector, including coprocessor registry refresh and S3 material verification paths.
- Improved SDK compatibility across protocol versions and runtimes: automatic protocol/WASM version resolution, bundled TFHE
1.6.2, Next.js/Turbopack fixes, more robust WASM
loading, better relayer error surfacing, and a narrower public API surface. - Strengthened rollout and release tooling: stateful rollout runbooks, KMS generation/context-switch commands, multi-KMS threshold scenarios, multi-chain test coverage, and CI/Helm
hardening for release branches.
Breaking / upgrade notes
- SDK decryption permits moved to the unified
signDecryptionPermit()API.durationDaysis replaced bydurationSeconds, permit objects carry a protocolversion, and several
low-level SDK exports were removed in favor of high-level encrypt/decrypt/sign actions. - User-decryption authorization moves toward the unified v2 flow: contract allowlist and signature checks are handled by the KMS connector for the new path, while legacy on-chain
request shapes remain only for the deprecation window. - Host/gateway contracts receive new reinitializer versions and protocol storage for KMS epochs, context anchors, decryption invalidation, and confidential bridge configuration.
- Deployment and rollout flows should use the new migration/verification/context-switch tooling rather than the older KMS generation migration path.
v0.13.1
What's Changed
Other Changes
- feat(coprocessor): 0.13.1, host-consumer, reliability metrics by @rudy-6-4 in #2711
- chore(common): accumulate v0.13.1 features (feature/0.13.1 → release/0.13.x) by @Eikix in #2732
- fix: fix aws lib features by @fegmorte in #2893
- fix(common): pin conventional-changelog-conventionalcommits to ^7 by @obatirou in #2938
- chore(listener): enable iam-auth feature in listener_core images by @maxnovawind in #2855
Full Changelog: v0.13.0...v0.13.1
v0.13.1-1
What's Changed
Other Changes
- fix: fix aws lib features by @fegmorte in #2893
- fix(common): pin conventional-changelog-conventionalcommits to ^7 by @obatirou in #2938
- chore(listener): enable iam-auth feature in listener_core images by @maxnovawind in #2855
Full Changelog: v0.13.1-0...v0.13.1-1