Skip to content

Releases: microsoft/CCF

6.0.0-dev11

07 Jan 17:12
@github-actions github-actions
ccf-6.0.0-dev11
21197eb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
6.0.0-dev11 Pre-release
Pre-release

Added

  • GET /gov/service/javascript-app now takes an optional ?case=original query argument. When passed, the response will contain the raw original snake_case field names, for direct comparison, rather than the API-standard camelCase projections.
  • Applications can now extend js_generic (ie - a JS app where JS endpoints are edited by governance transactions), from the public header ccf/js/samples/governance_driven_registry.h. The API for existing JS-programmability apps using DynamicJSEndpointRegistry should be unaffected.

Fixed

  • cose_signatures configuration (issuer/subject) is now correctly preserved across disaster recovery (#6709).

Deprecated

  • The function ccf::get_js_plugins() and associated FFI plugin system for JS is deprecated. Similar functionality should now be implemented through a js::Extension returned from DynamicJSEndpointRegistry::get_extensions().

Dependencies

  • nghttp2 updated from 1.55.1 to 1.64.0
Assets 10
Loading

6.0.0-dev10

17 Dec 14:46
@github-actions github-actions
ccf-6.0.0-dev10
c85da08
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
6.0.0-dev10 Pre-release
Pre-release

Added

  • Expose ccf:http::parse_accept_header() and ccf::http::AcceptHeaderField (#6706).
  • Added ccf::cose::AbstractCOSESignaturesConfig subsystem to expose COSE signature configuration to application handlers (#6707).
  • Package build_bundle.ts under npx ccf-build-bundle to allow javascript users to build a ccf schema bundle (#6704).
Assets 10
Loading

6.0.0-dev9

12 Dec 17:18
@github-actions github-actions
ccf-6.0.0-dev9
c942ccb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
6.0.0-dev9 Pre-release
Pre-release

Changed

  • The read_ledger.py tool now has a --quiet option which avoids printing anything per-transaction, as well as other performance improvements, which should make it more useful in verifying the integrity of large ledgers.
  • COSE signatures now set a kid that is a hex-encoded SHA-256 of the DER representation of the key used to produce them (#6703).
Assets 10
Loading

6.0.0-dev8

06 Dec 16:26
@github-actions github-actions
ccf-6.0.0-dev8
589cf43
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
6.0.0-dev8 Pre-release
Pre-release

Changed

  • All definitions in CCF's public headers are now under the ccf:: namespace. Any application code which references any of these types directly (notably StartupConfig, http_status, LoggerLevel), they will now need to be prefixed with the ccf:: namespace.
Assets 10
Loading

5.0.11

05 Dec 18:02
@github-actions github-actions
ccf-5.0.11
fa0ab62
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
5.0.11 Latest
Latest

Dependencies

  • Updated Open Enclave from 0.19.7 to 0.19.8 (#6685).
  • Updated Intel PSW from 2.20.100 to 2.25.100 (#6685).
Assets 11
Loading

5.0.10

20 Nov 10:10
@github-actions github-actions
ccf-5.0.10
b78fbba
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
5.0.10
  • Added OpenAPI support for std::unordered_set.

Changed

  • Service certificates and endorsements used for historical receipts now have a pathlen constraint of 1 instead of 0, reflecting the fact that there can be a single intermediate in endorsement chains. Historically the value had been 0, which happened to work because of a quirk in OpenSSL when Issuer and Subject match on an element in the chain.

Fixed

  • Services upgrading from 4.x to 5.x may accidentally change their service's subject name, resulting in cryptographic errors when verifying anything endorsed by the old subject name. The subject name field is now correctly populated and retained across joins, renewals, and disaster recoveries.
Assets 11
Loading

6.0.0-dev7

20 Nov 10:10
@github-actions github-actions
ccf-6.0.0-dev7
ba6d143
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
6.0.0-dev7 Pre-release
Pre-release

Changed

  • ccf::http::get_query_value() now supports bool types with "true" and "false" as values.
  • Service certificates and endorsements used for historical receipts now have a pathlen constraint of 1 instead of 0, reflecting the fact that there can be a single intermediate in endorsement chains. Historically the value had been 0, which happened to work because of a quirk in OpenSSL when Issuer and Subject match on an element in the chain.

Fixed

  • Services upgrading from 4.x to 5.x may accidentally change their service's subject name, resulting in cryptographic errors when verifying anything endorsed by the old subject name. The subject name field is now correctly populated and retained across joins, renewals, and disaster recoveries.
Assets 10
Loading

5.0.9

15 Nov 18:26
@github-actions github-actions
ccf-5.0.9
7c61d47
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
5.0.9

Added

  • Enhanced certificate renewal logging (#6645).
Assets 11
Loading

6.0.0-dev6

14 Nov 12:44
@github-actions github-actions
ccf-6.0.0-dev6
31ceb7b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
6.0.0-dev6 Pre-release
Pre-release

Added

  • Added a ccf::any_cert_auth_policy (C++), or any_cert (JS/TS), implementing TLS client certificate authentication, but without checking for the presence of the certificate in the governance user or member tables. This enables applications wanting to do so to perform user management in application space, using application tables (#6608).
  • Added OpenAPI support for std::unordered_set (#6634).
  • Added "cose_signatures" entry in the configuration, which allows setting "issuer" and "subject" at network start or recovery time (#6637).
Assets 10
Loading

5.0.8

06 Nov 20:40
@github-actions github-actions
ccf-5.0.8
0cb409d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
5.0.8

Added

  • Added a ccf::any_cert_auth_policy (C++), or any_cert (JS/TS), implementing TLS client certificate authentication, but without checking for the presence of the certificate in the governance user or member tables. This enables applications wanting to do so to perform user management in application space, using application tables (#6608).
  • Set VMPL value when creating SNP attestations, and check VMPL value is in guest range when verifiying attestation, since recent updates allow host-initiated attestations (#6583).
Assets 11
Loading