diff --git a/Makefile b/Makefile index 86e593964..63e0bdf47 100644 --- a/Makefile +++ b/Makefile @@ -32,7 +32,7 @@ PROJECT_NAME = fabric-ca GO_VER = 1.21.5 UBUNTU_VER ?= 20.04 DEBIAN_VER ?= stretch -BASE_VERSION ?= v1.5.7 +BASE_VERSION ?= v1.5.8 ARCH=$(shell go env GOARCH) PLATFORM=$(shell go env GOOS)-$(shell go env GOARCH) diff --git a/lib/metadata/version.go b/lib/metadata/version.go index ea9352adc..e8bcb043d 100644 --- a/lib/metadata/version.go +++ b/lib/metadata/version.go @@ -29,7 +29,7 @@ const ( // Version specifies fabric-ca-client/fabric-ca-server version // It is defined by the Makefile and passed in with ldflags -var Version = "1.5.7" +var Version = "1.5.8" // GetVersionInfo returns version information for the fabric-ca-client/fabric-ca-server func GetVersionInfo(prgName string) string { diff --git a/release_notes/v1.5.7.md b/release_notes/v1.5.7.md index 597b1bf14..790fec9ce 100644 --- a/release_notes/v1.5.7.md +++ b/release_notes/v1.5.7.md @@ -8,7 +8,7 @@ Improvements SignerConfig struct now exports the RevocationHandle. The way the revocation handle is encoded has changed to align to what the Idemix library expects. -[#363](https://github.com/hyperledger/fabric/pull/363) +[#363](https://github.com/hyperledger/fabric-ca/pull/363) Dependencies ------------ diff --git a/release_notes/v1.5.8.md b/release_notes/v1.5.8.md new file mode 100644 index 000000000..b03064219 --- /dev/null +++ b/release_notes/v1.5.8.md @@ -0,0 +1,62 @@ +v1.5.8 Release Notes - December 20, 2023 +======================================== + +Fixes +----- + +**Fix s390x build** + +Update github.com/IBM/mathlib to fix compilation issue on s390x. +[#387](https://github.com/hyperledger/fabric-ca/pull/387) + + +Improvements +------------ + +**Log expiry overrides** + +If certificate expiry during enrollment gets overridden due to the CA's own expiry, +log a warning message about the override. +[#384](https://github.com/hyperledger/fabric-ca/pull/384) + + +Dependencies +------------ + +Fabric CA v1.5.8 has been tested with the following dependencies: +- Go 1.21.5 +- Ubuntu 20.04 (for Docker images) +- Databases + - PostgreSQL 13 + - MySQL 8.0 + + +Changes, Known Issues, and Workarounds +-------------------------------------- + +None. + +Known Vulnerabilities +--------------------- +- FABC-174 Commands can be manipulated to delete identities or affiliations + + This vulnerability can be resolved in one of two ways: + + 1) Use HTTPS (TLS) so that the authorization header is not in clear text. + + 2) The token generation/authentication mechanism was improved to optionally prevent + token reuse. As of v1.4 a more secure token can be used by setting environment variable: + + FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false + + However, it cannot be set to false until all clients have + been updated to generate the more secure token and tolerate + FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false. + The Fabric CA client has been updated in v1.4 to generate the more secure token. + The Fabric SDKs will be updated by v2.0 timeframe to generate the more secure token, + at which time the default for Fabric CA server will change to: + FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false + +Resolved Vulnerabilities +------------------------ +None.