MERGE: OS Merge Fixes

2025-01-01 02:36:44 +00:00 · 2018-04-13 10:44:10 +01:00 · 2018-04-13 10:44:10 +01:00 · 03478142ef
commit 03478142ef
parent 5bb9514582
2 changed files with 55 additions and 85 deletions
--- a/docs/source/changelog.rst
+++ b/docs/source/changelog.rst
@ -5,20 +5,11 @@ Here's a summary of what's changed in each Corda release. For guidance on how to
 release, see :doc:`upgrade-notes`.
 Unreleased
-==========
+----------
 * Fix CORDA-1229. Setter-based serialization was broken with generic types when the property was stored
  as the raw type, List for example.
 * java.security.cert.CRLReason added to the default Whitelist.
 * java.security.cert.X509CRL serialization support added.
 * Upgraded H2 to v1.4.197.
 * Shell (embedded available only in dev mode or via SSH) connects to the node via RPC instead of using the ``CordaRPCOps`` object directly.
  To enable RPC connectivity ensure node’s ``rpcSettings.address`` and ``rpcSettings.adminAddress`` settings are present.
 * The network bootstrapper uses the existing network parameters file to update the current contracts whitelist, and no longer
  needs the whitelist.txt file.
@ -34,12 +25,22 @@ Unreleased
  only once when it was created. Whilst registering serializers that already exist is essentially a no-op, it's a performance overhead for
  a very frequent operation that hits a synchronisation point (and is thus flagged as contended by our perfomance suite)
 * Update the fast-classpath-scanner dependent library version from 2.0.21 to 2.12.3
  .. note:: Whilst this is not the latest version of this library, that being 2.18.1 at time of writing, versions later
  than 2.12.3 (including 2.12.4) exhibit a different issue.
 * Fixed security vulnerability when using the ``HashAttachmentConstraint``. Added strict check that the contract JARs
  referenced in a transaction were deployed on the node.
 * Fixed node's behaviour on startup when there is no connectivity to network map. Node continues to work normally if it has
  all the needed network data, waiting in the background for network map to become available.
 * Node can be shut down abruptly by ``shutdown`` function in `CordaRPCOps` or gracefully (draining flows first) through ``gracefulShutdown`` command from shell.
 * Carpenter Exceptions will be caught internally by the Serializer and rethrown as a ``NotSerializableException``
-  * Specific details of the error encountered are logged to the node's log file. More information can be enabled by setting the debug level to
+  * Specific details of the error encountered are logged to the node's log file. More information can be enabled by setting the debug level to ``trace`` ; this will cause the full stack trace of the error to be dumped into the log.
    ``trace`` ; this will cause the full stack trace of the error to be dumped into the log.
 * Parsing of ``NodeConfiguration`` will now fail if unknown configuration keys are found.
@ -51,22 +52,52 @@ Unreleased
 * java.math.BigInteger serialization support added.
-* Update the fast-classpath-scanner dependent library version from 2.0.21 to 2.12.3
+* java.security.cert.CRLReason added to the default Whitelist.
-  .. note:: Whilst this is not the latest version of this library, that being 2.18.1 at time of writing, versions later
+* java.security.cert.X509CRL serialization support added.
  than 2.12.3 (including 2.12.4) exhibit a different issue.
-* Updated the api scanner gradle plugin to work the same way as the version in master. These changes make the api scanner more
+* Upgraded H2 to v1.4.197.
  accurate and fix a couple of bugs, and change the format of the api-current.txt file slightly. Backporting these changes
  to the v3 branch will make it easier for us to ensure that apis are stable for future versions. These changes are
  released in gradle plugins version 3.0.10. For more information on the api scanner see
  the `documentation <https://github.com/corda/corda-gradle-plugins/tree/master/api-scanner>`_.
-* Fixed security vulnerability when using the ``HashAttachmentConstraint``. Added strict check that the contract JARs
+* Per CorDapp configuration is now exposed. ``CordappContext`` now exposes a ``CordappConfig`` object that is populated
-  referenced in a transaction were deployed on the node.
+  at CorDapp context creation time from a file source during runtime.
 * Introduced Flow Draining mode, in which a node continues executing existing flows, but does not start new. This is to support graceful node shutdown/restarts.
  In particular, when this mode is on, new flows through RPC will be rejected, scheduled flows will be ignored, and initial session messages will not be consumed.
  This will ensure that the number of checkpoints will strictly diminish with time, allowing for a clean shutdown.
 * Make the serialisation finger-printer a pluggable entity rather than hard wiring into the factory
 * Removed blacklisted word checks in Corda X.500 name to allow "Server" or "Node" to be use as part of the legal name.
 * Separated our pre-existing Artemis broker into an RPC broker and a P2P broker.
 * Refactored ``NodeConfiguration`` to expose ``NodeRpcOptions`` (using top-level "rpcAddress" property still works with warning).
 * Modified ``CordaRPCClient`` constructor to take a ``SSLConfiguration?`` additional parameter, defaulted to ``null``.
 * Introduced ``CertificateChainCheckPolicy.UsernameMustMatchCommonName`` sub-type, allowing customers to optionally enforce username == CN condition on RPC SSL certificates.
 * Modified ``DriverDSL`` and sub-types to allow specifying RPC settings for the Node.
 * Modified the ``DriverDSL`` to start Cordformation nodes allowing automatic generation of "rpcSettings.adminAddress" in case "rcpSettings.useSsl" is ``false`` (the default).
 * Introduced ``UnsafeCertificatesFactory`` allowing programmatic generation of X509 certificates for test purposes.
 * JPA Mapping annotations for States extending ``CommonSchemaV1.LinearState`` and ``CommonSchemaV1.FungibleState`` on the
  `participants` collection need to be moved to the actual class. This allows to properly specify the unique table name per a collection.
  See: DummyDealStateSchemaV1.PersistentDummyDealState
 * JPA Mapping annotations for States extending ``CommonSchemaV1.LinearState`` and ``CommonSchemaV1.FungibleState`` on the
  `participants` collection need to be moved to the actual State class. This allows developers to properly specify
  the table name for the `participants` collection.
  For an example on how the mapping can be done, see: DummyDealStateSchemaV1.PersistentDummyDealState
 * JDBC drivers for SQL server and PostgresSQL are no longer bundled as part of Corda releases. If you are running a node
  on such databases you need to provide the associated driver as described in :doc:`node-database`.
 * Shell (embedded shell available only in dev mode or via SSH) connects to the node via RPC instead of using the ``CordaRPCOps`` object directly.
  To enable RPC connectivity ensure node’s ``rpcSettings.address`` and ``rpcSettings.adminAddress`` settings are present.
 * Fixed node's behaviour on startup when there is no connectivity to network map. Node continues to work normally if it has
  all the needed network data, waiting in the background for network map to become available.
 R3 Corda 3.0 Developer Preview
 ------------------------------
--- a/docs/source/release-notes.rst
+++ b/docs/source/release-notes.rst
@ -154,62 +154,8 @@ Please note this release is distributed under license and should not be used in
 We look forward to hearing your feedback on this Developer Preview.
 <<<<<<< HEAD
 Corda 2.0
 ---------
 =======
  Documentation can be found in :doc:`cordapp-custom-serializers`
 Security Auditing
 ~~~~~~~~~~~~~~~~~
  This version of Corda is the first to have had select components subjected to the newly established security review process
  by R3's internal security team. Security review will be an on-going process that seeks to provide assurance that the
  security model of Corda has been implemented to the highest standard, and is in line with industry best practice.
  As part of this security review process, an independent external security audit of the HTTP based components of the code
  was undertaken and its recommendations were acted upon. The security assurance process will develop in parallel to the
  Corda platform and will combine code review, automated security testing and secure development practices to ensure Corda
  fulfils its security guarantees.
 Security fixes
 ~~~~~~~~~~~~~~
  * Due to a potential privacy leak, there has been a breaking change in the error object returned by the
    notary service when trying to consume the same state twice: `NotaryError.Conflict` no longer contains the identity
    of the party that initiated the first spend of the state, and specifies the hash of the consuming transaction id for
    a state instead of the id itself.
    Without this change, knowing the reference of a particular state, an attacker could construct an invalid
    double-spend transaction, and obtain the information on the transaction and the party that consumed it. It could
    repeat this process with the newly obtained transaction id by guessing its output indexes to obtain the forward
    transaction graph with associated identities. When anonymous identities are used, this could also reveal the identity
    of the owner of an asset.
 Minor Changes
 ~~~~~~~~~~~~~
  * Upgraded gradle to 4.4.1.
    .. note:: To avoid potential incompatibility issues we recommend you also upgrade your CorDapp's gradle
      plugin to match. Details on how to do this can be found on the official
      `gradle website <https://docs.gradle.org/current/userguide/gradle_wrapper.html#sec:upgrading_wrapper>`_
  * Cash Spending now allows for sending multiple amounts to multiple parties with a single API call
    - documentation can be found within the JavaDocs on ``TwoPartyTradeFlow``.
  * Overall improvements to error handling (RPC, Flows, Network Client).
  * TLS authentication now supports mixed RSA and ECDSA keys.
  * PrivacySalt computation is faster as it does not depend on the OS's entropy pool directly.
  * Numerous bug fixes and documentation tweaks.
  * Removed dependency on Jolokia WAR file.
 .. _release_notes_v2_0:
 Release 2.0
 -----------
 >>>>>>> open/master
 Following quickly on the heels of the release of Corda 1.0, Corda version 2.0 consolidates
 a number of security updates for our dependent libraries alongside the reintroduction of the Observer node functionality.
 This was absent from version 1 but based on user feedback its re-introduction removes the need for complicated "isRelevant()" checks.
@ -227,15 +173,8 @@ Adds the facility for transparent forwarding of transactions to some third party
 that entity simply run an Observer node they can simply receive a stream of digitally signed, de-duplicated reports that
 can be used for reporting.
 <<<<<<< HEAD
 Corda 1.0
 ---------
 =======
 .. _release_notes_v1_0:
 Release 1.0
 -----------
 >>>>>>> open/master
 Corda 1.0 is finally here!
 This critical step in the Corda journey enables the developer community, clients, and partners to build on Corda with confidence.