From 47a32f271b3f35590d8d7cfd0989960098663406 Mon Sep 17 00:00:00 2001 From: Dave Enyeart Date: Sat, 1 Apr 2023 06:17:37 -0400 Subject: [PATCH] Release commit for v1.5.6 (#358) Add release notes for v1.5.6. Signed-off-by: David Enyeart --- lib/metadata/version.go | 2 +- release_notes/v1.5.6.md | 48 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 release_notes/v1.5.6.md diff --git a/lib/metadata/version.go b/lib/metadata/version.go index 906981543..612a1e52e 100644 --- a/lib/metadata/version.go +++ b/lib/metadata/version.go @@ -29,7 +29,7 @@ const ( // Version specifies fabric-ca-client/fabric-ca-server version // It is defined by the Makefile and passed in with ldflags -var Version = "1.5.5" +var Version = "1.5.6" // GetVersionInfo returns version information for the fabric-ca-client/fabric-ca-server func GetVersionInfo(prgName string) string { diff --git a/release_notes/v1.5.6.md b/release_notes/v1.5.6.md new file mode 100644 index 000000000..87a2ddc1b --- /dev/null +++ b/release_notes/v1.5.6.md @@ -0,0 +1,48 @@ +v1.5.6 Release Notes - March 31, 2023 +===================================== + +v1.5.6 provides the following updates for Fabric CA: + +- Builds native arm64 CA binaries for linux and darwin +- Builds multi-platform CA docker images for arm64 and amd64 with `buildx` +- Builds CA docker images FROM ubuntu:20.04 (avoid SIGSEGV errors encountered with dynamic builds on musl/alpine libc) +- Adds debug information for a mysterious [idemix error message](https://github.com/hyperledger/fabric-ca/pull/339) +- Bumps Go version to 1.20.2 + +Dependencies +------------ + +Fabric CA v1.5.6 has been tested with the following dependencies: +- Go 1.20.2 +- Ubuntu 20.04 (for Docker images) + + +Changes, Known Issues, and Workarounds +-------------------------------------- + +None. + +Known Vulnerabilities +--------------------- +- FABC-174 Commands can be manipulated to delete identities or affiliations + + This vulnerability can be resolved in one of two ways: + + 1) Use HTTPS (TLS) so that the authorization header is not in clear text. + + 2) The token generation/authentication mechanism was improved to optionally prevent + token reuse. As of v1.4 a more secure token can be used by setting environment variable: + + FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false + + However, it cannot be set to false until all clients have + been updated to generate the more secure token and tolerate + FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false. + The Fabric CA client has been updated in v1.4 to generate the more secure token. + The Fabric SDKs will be updated by v2.0 timeframe to generate the more secure token, + at which time the default for Fabric CA server will change to: + FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false + +Resolved Vulnerabilities +------------------------ +None.