From 03478142ef6c4e73a58762482c7a557d3cea7544 Mon Sep 17 00:00:00 2001 From: Katelyn Baker Date: Fri, 13 Apr 2018 10:44:10 +0100 Subject: [PATCH] MERGE: OS Merge Fixes --- docs/source/changelog.rst | 79 ++++++++++++++++++++++++----------- docs/source/release-notes.rst | 61 --------------------------- 2 files changed, 55 insertions(+), 85 deletions(-) diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst index d8d18c18fd..90a3eb8629 100644 --- a/docs/source/changelog.rst +++ b/docs/source/changelog.rst @@ -5,20 +5,11 @@ Here's a summary of what's changed in each Corda release. For guidance on how to release, see :doc:`upgrade-notes`. Unreleased -========== +---------- * Fix CORDA-1229. Setter-based serialization was broken with generic types when the property was stored as the raw type, List for example. -* java.security.cert.CRLReason added to the default Whitelist. - -* java.security.cert.X509CRL serialization support added. - -* Upgraded H2 to v1.4.197. - -* Shell (embedded available only in dev mode or via SSH) connects to the node via RPC instead of using the ``CordaRPCOps`` object directly. - To enable RPC connectivity ensure node’s ``rpcSettings.address`` and ``rpcSettings.adminAddress`` settings are present. - * The network bootstrapper uses the existing network parameters file to update the current contracts whitelist, and no longer needs the whitelist.txt file. @@ -34,12 +25,22 @@ Unreleased only once when it was created. Whilst registering serializers that already exist is essentially a no-op, it's a performance overhead for a very frequent operation that hits a synchronisation point (and is thus flagged as contended by our perfomance suite) +* Update the fast-classpath-scanner dependent library version from 2.0.21 to 2.12.3 + + .. note:: Whilst this is not the latest version of this library, that being 2.18.1 at time of writing, versions later + than 2.12.3 (including 2.12.4) exhibit a different issue. + +* Fixed security vulnerability when using the ``HashAttachmentConstraint``. Added strict check that the contract JARs + referenced in a transaction were deployed on the node. + +* Fixed node's behaviour on startup when there is no connectivity to network map. Node continues to work normally if it has + all the needed network data, waiting in the background for network map to become available. + * Node can be shut down abruptly by ``shutdown`` function in `CordaRPCOps` or gracefully (draining flows first) through ``gracefulShutdown`` command from shell. * Carpenter Exceptions will be caught internally by the Serializer and rethrown as a ``NotSerializableException`` - * Specific details of the error encountered are logged to the node's log file. More information can be enabled by setting the debug level to - ``trace`` ; this will cause the full stack trace of the error to be dumped into the log. + * Specific details of the error encountered are logged to the node's log file. More information can be enabled by setting the debug level to ``trace`` ; this will cause the full stack trace of the error to be dumped into the log. * Parsing of ``NodeConfiguration`` will now fail if unknown configuration keys are found. @@ -51,22 +52,52 @@ Unreleased * java.math.BigInteger serialization support added. -* Update the fast-classpath-scanner dependent library version from 2.0.21 to 2.12.3 +* java.security.cert.CRLReason added to the default Whitelist. - .. note:: Whilst this is not the latest version of this library, that being 2.18.1 at time of writing, versions later - than 2.12.3 (including 2.12.4) exhibit a different issue. +* java.security.cert.X509CRL serialization support added. -* Updated the api scanner gradle plugin to work the same way as the version in master. These changes make the api scanner more - accurate and fix a couple of bugs, and change the format of the api-current.txt file slightly. Backporting these changes - to the v3 branch will make it easier for us to ensure that apis are stable for future versions. These changes are - released in gradle plugins version 3.0.10. For more information on the api scanner see - the `documentation `_. +* Upgraded H2 to v1.4.197. -* Fixed security vulnerability when using the ``HashAttachmentConstraint``. Added strict check that the contract JARs - referenced in a transaction were deployed on the node. +* Per CorDapp configuration is now exposed. ``CordappContext`` now exposes a ``CordappConfig`` object that is populated + at CorDapp context creation time from a file source during runtime. + +* Introduced Flow Draining mode, in which a node continues executing existing flows, but does not start new. This is to support graceful node shutdown/restarts. + In particular, when this mode is on, new flows through RPC will be rejected, scheduled flows will be ignored, and initial session messages will not be consumed. + This will ensure that the number of checkpoints will strictly diminish with time, allowing for a clean shutdown. + +* Make the serialisation finger-printer a pluggable entity rather than hard wiring into the factory + +* Removed blacklisted word checks in Corda X.500 name to allow "Server" or "Node" to be use as part of the legal name. + +* Separated our pre-existing Artemis broker into an RPC broker and a P2P broker. + +* Refactored ``NodeConfiguration`` to expose ``NodeRpcOptions`` (using top-level "rpcAddress" property still works with warning). + +* Modified ``CordaRPCClient`` constructor to take a ``SSLConfiguration?`` additional parameter, defaulted to ``null``. + +* Introduced ``CertificateChainCheckPolicy.UsernameMustMatchCommonName`` sub-type, allowing customers to optionally enforce username == CN condition on RPC SSL certificates. + +* Modified ``DriverDSL`` and sub-types to allow specifying RPC settings for the Node. + +* Modified the ``DriverDSL`` to start Cordformation nodes allowing automatic generation of "rpcSettings.adminAddress" in case "rcpSettings.useSsl" is ``false`` (the default). + +* Introduced ``UnsafeCertificatesFactory`` allowing programmatic generation of X509 certificates for test purposes. + +* JPA Mapping annotations for States extending ``CommonSchemaV1.LinearState`` and ``CommonSchemaV1.FungibleState`` on the + `participants` collection need to be moved to the actual class. This allows to properly specify the unique table name per a collection. + See: DummyDealStateSchemaV1.PersistentDummyDealState + +* JPA Mapping annotations for States extending ``CommonSchemaV1.LinearState`` and ``CommonSchemaV1.FungibleState`` on the + `participants` collection need to be moved to the actual State class. This allows developers to properly specify + the table name for the `participants` collection. + For an example on how the mapping can be done, see: DummyDealStateSchemaV1.PersistentDummyDealState + +* JDBC drivers for SQL server and PostgresSQL are no longer bundled as part of Corda releases. If you are running a node + on such databases you need to provide the associated driver as described in :doc:`node-database`. + +* Shell (embedded shell available only in dev mode or via SSH) connects to the node via RPC instead of using the ``CordaRPCOps`` object directly. + To enable RPC connectivity ensure node’s ``rpcSettings.address`` and ``rpcSettings.adminAddress`` settings are present. -* Fixed node's behaviour on startup when there is no connectivity to network map. Node continues to work normally if it has - all the needed network data, waiting in the background for network map to become available. R3 Corda 3.0 Developer Preview ------------------------------ diff --git a/docs/source/release-notes.rst b/docs/source/release-notes.rst index 1d56df65c2..7a609a0266 100644 --- a/docs/source/release-notes.rst +++ b/docs/source/release-notes.rst @@ -154,62 +154,8 @@ Please note this release is distributed under license and should not be used in We look forward to hearing your feedback on this Developer Preview. -<<<<<<< HEAD Corda 2.0 --------- -======= - Documentation can be found in :doc:`cordapp-custom-serializers` - - -Security Auditing -~~~~~~~~~~~~~~~~~ - - This version of Corda is the first to have had select components subjected to the newly established security review process - by R3's internal security team. Security review will be an on-going process that seeks to provide assurance that the - security model of Corda has been implemented to the highest standard, and is in line with industry best practice. - - As part of this security review process, an independent external security audit of the HTTP based components of the code - was undertaken and its recommendations were acted upon. The security assurance process will develop in parallel to the - Corda platform and will combine code review, automated security testing and secure development practices to ensure Corda - fulfils its security guarantees. - -Security fixes -~~~~~~~~~~~~~~ - - * Due to a potential privacy leak, there has been a breaking change in the error object returned by the - notary service when trying to consume the same state twice: `NotaryError.Conflict` no longer contains the identity - of the party that initiated the first spend of the state, and specifies the hash of the consuming transaction id for - a state instead of the id itself. - - Without this change, knowing the reference of a particular state, an attacker could construct an invalid - double-spend transaction, and obtain the information on the transaction and the party that consumed it. It could - repeat this process with the newly obtained transaction id by guessing its output indexes to obtain the forward - transaction graph with associated identities. When anonymous identities are used, this could also reveal the identity - of the owner of an asset. - -Minor Changes -~~~~~~~~~~~~~ - - * Upgraded gradle to 4.4.1. - - .. note:: To avoid potential incompatibility issues we recommend you also upgrade your CorDapp's gradle - plugin to match. Details on how to do this can be found on the official - `gradle website `_ - - * Cash Spending now allows for sending multiple amounts to multiple parties with a single API call - - - documentation can be found within the JavaDocs on ``TwoPartyTradeFlow``. - * Overall improvements to error handling (RPC, Flows, Network Client). - * TLS authentication now supports mixed RSA and ECDSA keys. - * PrivacySalt computation is faster as it does not depend on the OS's entropy pool directly. - * Numerous bug fixes and documentation tweaks. - * Removed dependency on Jolokia WAR file. - -.. _release_notes_v2_0: - -Release 2.0 ------------ ->>>>>>> open/master Following quickly on the heels of the release of Corda 1.0, Corda version 2.0 consolidates a number of security updates for our dependent libraries alongside the reintroduction of the Observer node functionality. This was absent from version 1 but based on user feedback its re-introduction removes the need for complicated "isRelevant()" checks. @@ -227,15 +173,8 @@ Adds the facility for transparent forwarding of transactions to some third party that entity simply run an Observer node they can simply receive a stream of digitally signed, de-duplicated reports that can be used for reporting. -<<<<<<< HEAD Corda 1.0 --------- -======= -.. _release_notes_v1_0: - -Release 1.0 ------------ ->>>>>>> open/master Corda 1.0 is finally here! This critical step in the Corda journey enables the developer community, clients, and partners to build on Corda with confidence.