v2.3.2

v2.3.2 Release Notes - April 23, 2021

Improvements

peer and orderer - Implement legacy name constraints verification for Go 1.15

These changes reproduce the Go 1.14 name constraint verification in the MSP.
Without these changes, certificate chains that would fail verification in Go 1.14 would
successfully validate in Go 1.15 due to the change mentioned in the Go 1.15 release notes.
Specifically, if a signing certificate contains a name constraint, the leaf certificate
does not include SAN extensions, and the leaf's common name looks like a host name,
then the additional verification is performed to ensure deterministic behavior relative
to prior Fabric releases.

Fixes

FAB-18427: orderer - Report correct reason of stream abort in orderer cluster

This commit fixes a bug that makes the cluster communication infrastructure
always report an "aborted" reason after a stream terminates.

FAB-18424: peer - Ledger snapshot request submission with special value "blockNumber 0"

If a ledger snapshot request is submitted with the special value "blockNumber 0", peer is expected to translate the request to last committed block.
This patch fixes the issue where, it may happen sometimes that the request is translated to block number 1 instead of last committed block.
This leads to the situation where no snapshot gets generated, including any future snapshot requests.
If you have ever used this special value, we encourage you to check the list of pending snapshots requests with peer snapshot listpending.
If you notice one or more pending requests that are for the the block numbers lower than the latest committed block, cancel such requests with peer snapshot cancelrequest to enable the further snapshot requests to be processed.

FAB-18304: peer and orderer - Fix leveldb manifest corruption

This fix updates the version of goleveldb. The prior version of goleveldb had a bug which
could cause manifest corruption in crash scenarios, especially in disk full crash scenarios.
With a corrupted goleveldb database, the peer or orderer would fail to start with error
"panic: Error opening leveldb: leveldb: manifest corrupted".

Dependencies

Fabric v2.3.2 has been tested with the following dependencies:

• Go 1.15.7
• CouchDB v3.1.1

Deprecations (existing)

FAB-15754: The 'Solo' consensus type is deprecated.

The 'Solo' consensus type has always been marked non-production and should be in
use only in test environments, however for compatibility it is still available,
but may be removed entirely in a future release.

FAB-16408: The 'Kafka' consensus type is deprecated.

The 'Raft' consensus type was introduced in v1.4.1 and has become the preferred
production consensus type. There is a documented and tested migration path from
Kafka to Raft, and existing users should migrate to the newer Raft consensus type.
For compatibility with existing deployments, Kafka is still supported,
but may be removed entirely in a future release.
Additionally, the fabric-kafka and fabric-zookeeper docker images are no longer updated, maintained, or published.

Fabric CouchDB image is deprecated

v2.2.0 added support for CouchDB 3.1.0 as the recommended and tested version of CouchDB.
If prior versions are utilized, a Warning will appear in peer log.
Note that CouchDB 3.1.0 requires that an admin username and password be set,
while this was optional in CouchDB v2.x. See the
Fabric CouchDB documentation
for configuration details.
Also note that CouchDB 3.1.0 default max_document_size is reduced to 8MB. Set a higher value if needed in your environment.
Finally, the fabric-couchdb docker image will not be updated to v3.1.0 and will no longer be updated, maintained, or published.
Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead.

FAB-7559: Support for specifying orderer endpoints at the global level in channel configuration is deprecated.

Utilize the new 'OrdererEndpoints' stanza within the channel configuration of an organization instead.
Configuring orderer endpoints at the organization level accommodates
scenarios where orderers are run by different organizations. Using
this configuration ensures that only the TLS CA certificates of that organization
are used for orderer communications, in contrast to the global channel level endpoints which
would cause an aggregation of all orderer TLS CA certificates across
all orderer organizations to be used for orderer communications.

FAB-17428: Support for configtxgen flag --outputAnchorPeersUpdate is deprecated.

The --outputAnchorPeersUpdate mechanism for updating anchor peers has always had
limitations (for instance, it only works the first time anchor peers are updated).
Instead, anchor peer updates should be performed through the normal config update flow.

FAB-15406: The fabric-tools docker image is deprecated

The fabric-tools docker image will not be published in future Fabric releases.
Instead of using the fabric-tools docker image, users should utilize the
published Fabric binaries. The Fabric binaries can be used to make client calls
to Fabric runtime components, regardless of where the Fabric components are running.

FAB-15317: Block dissemination via gossip is deprecated

Block dissemination via gossip is deprecated and may be removed in a future release.
Fabric peers can be configured to receive blocks directly from an ordering service
node by using the following configuration:

peer.gossip.orgLeader: true
peer.gossip.useLeaderElection: false
peer.gossip.state.enabled: false

FAB-15061: Legacy chaincode lifecycle is deprecated

The legacy chaincode lifecycle from v1.x is deprecated and will be removed
in a future release. To prepare for the eventual removal, utilize the v2.x
chaincode lifecycle instead, by enabling V2_0 application capability on all
channels, and redeploying all chaincodes using the v2.x lifecycle. The new
chaincode lifecycle provides a more flexible and robust governance model
for chaincodes. For more details see the
documentation for enabling the new lifecycle.

Changes:

• 0022e8f v2.3.2 release commit
• 248a220 Improve snapshot dir error message (#2530)
• 25f6612 Document ledger.snapshots.rootDir
• ce16177 Cherry pick removing duplicate word (#2524)
• 5de1d02 Add Security Model topic to docs
• 13ef1e1 Fix link in international_languages.md
• b2c8d23 Fix old or incorrect contents in the doc build instruction
• f246243 integration: PKCS#11 SKI to CKA_ID mapping test
• 871d325 pkcs11: Add SKI to CKA_ID mapping for BCCSP [ #11 ]
• 0fb8e5a This commit upgrades goleveldb. This upgraded version includes a fix for [ #2463 ]

See More

• 70c1d11 Fix images in network concept and upload new diagrams power point
• 2e9e732 Prepare for next release v2.3.2
• fd84e78 Fix bug in snapshot request submission
• 90db11d Report correct reason of stream abort in orderer cluster
• 1524fc9 Log stream total lifetime
• 8543389 corrected organization labels
• c61883e corrected Org1 text in Org2 box to Org2
• b156d91 Update build to use Go 1.15
• c4d4f79 Implement legacy name constraints verification
• a873a87 Add test to assert on name constraint behavior
• 230aa0e deps: bump github.com/pkg/errors
• 15e3f94 Re-encode ECDSA CRL signature during MSP setup
• 4e91e45 Add test to exercise signature validation change
• 8fb1a81 Adjust etcdraft error assertions for go 1.15
• 47b0bb6 Replace test cert fixtures with generated certs
• ce2cf21 Set SKI, support multi hosts, add Signer to CA
• 932e077 Fix typos in a "Developing Applications" doc
• d19dd32 Update documentation to include Go SDK
• df59561 Fix broken link in orderer deployment guide
• b2d6db6 Test network works with Docker Desktop version 2.5.0.1
• 1562d7e Update AZP Service Connection Name
• 7ad69c7 Add Create a channel tutorial without a system channel and using test network
• 2f69b42 Release commit for v2.3.1
• 17b7e4f Add peer log message for failure to invoke chaincode (#2339)
• fc63fcd Test network does not work with latest Docker
• 8dc9930 Minor updates related to documentation for commands and more osnadmin updates (release-2.3) (#2322)
• c29420c Rename --channel-id to --channelID in osadmin
• 410ba71...

v2.2.3

v2.2.3 Release Notes - April 23, 2021

Improvements

peer and orderer - Implement legacy name constraints verification for Go 1.15

These changes reproduce the Go 1.14 name constraint verification in the MSP.
Without these changes, certificate chains that would fail verification in Go 1.14 would
successfully validate in Go 1.15 due to the change mentioned in the Go 1.15 release notes.
Specifically, if a signing certificate contains a name constraint, the leaf certificate
does not include SAN extensions, and the leaf's common name looks like a host name,
then the additional verification is performed to ensure deterministic behavior relative
to prior Fabric releases.

Fixes

FAB-18427: orderer - Report correct reason of stream abort in orderer cluster

This commit fixes a bug that makes the cluster communication infrastructure
always report an "aborted" reason after a stream terminates.

FAB-18304: peer and orderer - Fix leveldb manifest corruption

This fix updates the version of goleveldb. The prior version of goleveldb had a bug which
could cause manifest corruption in crash scenarios, especially in disk full crash scenarios.
With a corrupted goleveldb database, the peer or orderer would fail to start with error
"panic: Error opening leveldb: leveldb: manifest corrupted".

Dependencies

Fabric v2.2.3 has been tested with the following dependencies:

• Go 1.15.7
• CouchDB v3.1.1

Deprecations (existing)

FAB-15754: The 'Solo' consensus type is deprecated.

The 'Solo' consensus type has always been marked non-production and should be in
use only in test environments, however for compatibility it is still available,
but may be removed entirely in a future release.

FAB-16408: The 'Kafka' consensus type is deprecated.

The 'Raft' consensus type was introduced in v1.4.1 and has become the preferred
production consensus type. There is a documented and tested migration path from
Kafka to Raft, and existing users should migrate to the newer Raft consensus type.
For compatibility with existing deployments, Kafka is still supported,
but may be removed entirely in a future release.
Additionally, the fabric-kafka and fabric-zookeeper docker images are no longer updated, maintained, or published.

Fabric CouchDB image is deprecated

v2.2.0 added support for CouchDB 3.1.0 as the recommended and tested version of CouchDB.
If prior versions are utilized, a Warning will appear in peer log.
Note that CouchDB 3.1.0 requires that an admin username and password be set,
while this was optional in CouchDB v2.x. See the
Fabric CouchDB documentation
for configuration details.
Also note that CouchDB 3.1.0 default max_document_size is reduced to 8MB. Set a higher value if needed in your environment.
Finally, the fabric-couchdb docker image will not be updated to v3.1.0 and will no longer be updated, maintained, or published.
Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead.

FAB-7559: Support for specifying orderer endpoints at the global level in channel configuration is deprecated.

Utilize the new 'OrdererEndpoints' stanza within the channel configuration of an organization instead.
Configuring orderer endpoints at the organization level accommodates
scenarios where orderers are run by different organizations. Using
this configuration ensures that only the TLS CA certificates of that organization
are used for orderer communications, in contrast to the global channel level endpoints which
would cause an aggregation of all orderer TLS CA certificates across
all orderer organizations to be used for orderer communications.

FAB-17428: Support for configtxgen flag --outputAnchorPeersUpdate is deprecated.

The --outputAnchorPeersUpdate mechanism for updating anchor peers has always had
limitations (for instance, it only works the first time anchor peers are updated).
Instead, anchor peer updates should be performed through the normal config update flow.

FAB-15406: The fabric-tools docker image is deprecated

The fabric-tools docker image will not be published in future Fabric releases.
Instead of using the fabric-tools docker image, users should utilize the
published Fabric binaries. The Fabric binaries can be used to make client calls
to Fabric runtime components, regardless of where the Fabric components are running.

FAB-15317: Block dissemination via gossip is deprecated

Block dissemination via gossip is deprecated and may be removed in a future release.
Fabric peers can be configured to receive blocks directly from an ordering service
node by using the following configuration:

peer.gossip.orgLeader: true
peer.gossip.useLeaderElection: false
peer.gossip.state.enabled: false

FAB-15061: Legacy chaincode lifecycle is deprecated

The legacy chaincode lifecycle from v1.x is deprecated and will be removed
in a future release. To prepare for the eventual removal, utilize the v2.x
chaincode lifecycle instead, by enabling V2_0 application capability on all
channels, and redeploying all chaincodes using the v2.x lifecycle. The new
chaincode lifecycle provides a more flexible and robust governance model
for chaincodes. For more details see the
documentation for enabling the new lifecycle.

Changes:

• 94ace65 v2.2.3 release commit
• d272122 Cherry pick removing duplicate word (#2523)
• 222fbc8 Add Security Model topic to docs
• 8116872 Fix link in international_languages.md
• 496c5f5 integration: PKCS#11 SKI to CKA_ID mapping test
• d2d031e pkcs11: Add SKI to CKA_ID mapping for BCCSP [ #11 ]
• 7214be7 Prevent race that occurs after test timeout
• 6adcbce integration: backport chaincode_server_test
• 8843223 Back-fill tests for externalbuilder.Duration
• 796f760 This commit upgrades goleveldb. This upgraded version includes a fix for [ #2463 ]

See More

• fae13c3 Report correct reason of stream abort in orderer cluster
• 2b2e154 Log stream total lifetime
• 100a7e7 corrected organization labels
• 6320aed corrected Org1 text in Org2 box to Org2
• 8d0645b Update build to use Go 1.15
• 6cb530b Change string cast of int value to rune cast
• d539244 Directives are in comment text instead of groups
• a1b4d2d Implement legacy name constraints verification
• 4321503 Add test to assert on name constraint behavior
• 880914c Re-encode ECDSA CRL signature during MSP setup
• 8883d71 Add test to exercise signature validation change
• cb3c87b deps: bump github.com/pkg/errors
• f635afd Adjust etcdraft error assertions for go 1.15
• 5f19a00 Replace test cert fixtures with generated certs
• aa7ad4f Set SKI, support multi hosts, add Signer to CA
• 684e255 Fix typos in a "Developing Applications" doc
• 358cba7 Update AZP Service Connection Name
• 913d2ab Prepare for next release v2.2.3 (#2347)
• eb2b1ea Add peer log message for failure to invoke chaincode (#2339)
• 0583c22 Add test newtork download instructions to create a channel tutorial
• bebb75f v2.2.2 release commit
• a80c772 Add release notes for v2.2.2 (#2232)
• 1de0825 Fix the issue of Nil/Zero-length-byte-array value (#2310)
• e5ecdef Remove system channel from Test Network tutorial
• c25eb86 [FAB-15648] document update: Non-TLS orderer with etcdraft usage (#1678)
• a861c00 cherry pick test network doc chaincode deployment fix
• 10c7839 Remove unreachable and unnecessary code in gossip membership (#2295)
• 6805515 Orderer deployment tutorial update
• fba5d90 [doc] fix broken link
• 48bad48 [FAB-18170] Endorsement policy page discusses NodeSDK
• ee8fcfc [FAB-18392] Clarify scope and limitations of test network
• 90326b8 [FAB-18252] Documentation should reference Java chaincode support
• 813be7f Remove anchor peers from configtx.yaml tutorial (#2257)
• 11526cf Cherry pick org3 edits to release-2.2 branch (#2256)
• 5953056 Split command in "add an org to network" tutorial
• 91d9621 Add more details to logging specification examples
• 7b1dbf1 Update ...

v1.4.12

v1.4.12 Release Notes - April 23, 2021

Fixes

FAB-18304: peer and orderer - Fix leveldb manifest corruption

This fix updates the version of goleveldb. The prior version of goleveldb had a bug which
could cause manifest corruption in crash scenarios, especially in disk full crash scenarios.
With a corrupted goleveldb database, the peer or orderer would fail to start with error
"panic: Error opening leveldb: leveldb: manifest corrupted".

Dependencies

Fabric v1.4.12 has been tested with the following dependencies:

• Go 1.14.12
• Fabric baseimage 0.4.22
• CouchDB v2.3.1

Changes, Known Issues, and Workarounds

FAB-12134: Same chaincode source receiving fingerprint mismatch error -
Chaincode installed in different ways may result in "chaincode fingerprint
mismatch data mismatch" error upon instantiation. This may happen when
installing chaincode by using different SDKs. To workaround the problem,
package the chaincode prior to installation and instantiation, by using
the "peer chaincode package" command.

Known Vulnerabilities

FAB-8664: Peer should detect and react when its org has been removed
This is a relatively low severity problem, because it requires a significant
conspiracy of network admins, but it will be addressed in a future release.

Resolved Vulnerabilities

None.

Deprecations (existing)

The following functions are deprecated and are targeted for removal in a future release.

Support for automatically vendoring the chaincode shim into user chaincodes

The fabric-ccenv image which is used to build chaincode, currently includes
the github.com/hyperledger/fabric/core/chaincode/shim ("shim") package.
This is convenient, as it provides the ability to package chaincode
without the need to include the "shim". However, this may cause issues in future
releases (and/or when trying to use packages which are included by the "shim").
In order to avoid any issues, users are advised to manually vendor the "shim"
package with their chaincode prior to using the peer CLI for packaging and/or
for installing chaincode.
Support removed in v2.0. For more details see FAB-5177.

Support for CAR chaincode package format

Support for packaging chaincode using the CAR format will be removed in
a future release.
Support removed in v2.0. For more details see FAB-14720.

Support for invoking system chaincodes from user chaincodes.

System chaincodes, for example QSCC, are intended to be invoked by
a client rather than by a user chaincode. Invoking from a user chaincode
may cause deadlocks.
Support removed in v2.0. For more details see FAB-15285.

Support for user chaincodes to utilize the chaincode shim's logger via NewLogger()

Chaincodes that used the shim's NewLogger() will need to shift to their own preferred
logging mechanism.
Support removed in v2.0. For more details see FAB-15366.

Support for peer's Admin service

The peer's Admin service exposes APIs such as GetLogSpec() and SetLogSpec().
Instead of using these services, utilize the HTTP operations service that was
introduced in v1.4.0.
Support removed in v2.0. For more details see FAB-15390.

Support for specifying orderer endpoints at the global level in channel configuration.

Utilize the new 'OrdererEndpoints' stanza within the channel configuration of
an organization instead.
For more details see FAB-7559.

The 'Solo' consensus type is deprecated.

With the introduction of Raft-based ordering service in v1.4.1, it is possible
to deploy a single-node (non-production) or multi-node
Raft-based ordering service with no external dependencies.
For single-node (non-production) ordering services, utilize Raft-based ordering
service with a single node instead of Solo ordering service.
For more details see FAB-15754.

The 'Kafka' consensus type is deprecated

The 'Raft' consensus type was introduced in v1.4.1 and has become the preferred
production consensus type. There is a documented and tested migration path from
Kafka to Raft, and existing users should migrate to the newer Raft consensus type.
For compatibility with existing deployments, Kafka is still supported,
but may be removed entirely in a future release.
Additionally, the fabric-kafka and fabric-zookeeper docker images are no longer updated, maintained, or published.

fabric-couchdb docker image no longer updated, maintained, or published

The fabric-couchdb docker image will no longer be updated, maintained, or published.
Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead.

Change log

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric/blob/release-1.4/CHANGELOG.md#v1412

Changes:

• 56c2b12 v1.4.12 release commit
• d276ee1 pkcs11: backport integration test to release-1.4
• c810dca This commit upgrades goleveldb. This upgraded version includes a fix for [ #2463 ]
• 16123fe Update Docker Publish Script
• 77facb4 Release v1.4.11 commit
• b6822cb Report correct reason of stream abort in orderer cluster
• 4db2091 Log stream total lifetime
• a7f2b15 deps: overrides to use go1.14 branches
• 999051d Remvoe mockery from standard gotool targets
• f15b2b4 Prepare for next release v1.4.11

See More

• 59d406a Update AZP Service Connection Name
• e3d4a0a Update image filter used by integration tests
• a7e659d Pin npm to latest-6 for compatibility with node 8
• 7d1ee82 v1.4.10 release commit
• adfdd61 Add v1.4.10 release notes
• 3813607 Fix the issue of Nil/Zero-length-byte-array value (#2312)
• e95a134 Remove unreachable and unnecessary code in gossip membership (#2296)
• 51a3a52 [FAB-17039] CherryPick: Skip retrieving pvtdata from transient store when txid is missing (bp #2183) (#2203)
• 746b7e9 [FAB-18323] CherryPick: remove ephemeral from BCCSP SW options (#1553)
• 25d99ba Update endorsementpolicies.md
• 7004000 Bump Go to 1.14.12
• 2dbf8d6 Bump version of golang.org/x/tools
• e876e64 [FAB-13370] increase go env timeout from 10s to 1m
• 1d7b876 Increase Eventually Timeout
• a25b63f Prepare for go 1.14 (#755)
• b5a12de Log TLS hanshake duration
• 56d7b84 Deduplicate orderer server TLS root CAs (#2030)
• cf344b5 FAB-18244 single node catches up with snapshot (#2022)
• 83c833c [FAB-18270] Disable debug of CouchDB response body
• 75f9fe7 [FAB-18265] Always Use DummyKeystore For PKCS11 BCCSP Provider
• a40f9d2 Allow tick interval override via orderer.yaml
• db1abf6 Always Finalize the PKCS11 FindObject Operation (#1978)
• df50dea Update devmode doc to note TLS must be disabled (release-1.4)
• 4af8308 Prepare for next release v1.4.10
• da55272 Release commit for v1.4.9
• 5146a9f Remove No Longer Relevant Release Note
• 4924294 Update release notes with FAB-18250
• 56a81f7 [FAB-18250] Check Error Before Returning Session to Pool (#1938)
• 17e171b Remove escc and vscc from list of system chaincodes
• 2d63281 Remove GetSessionInfo Call
• 4f1e340 Add release notes for v1.4.9
• 40abeec [FAB-18237] always update stateInfo message upon chaincode update (#1915)
• 693cae5 Clarify tlsHandshakeTimeShift CLI help text (#1895)
• d9a8bc9 Peer CLI communicate with orderers with expired TLS certs
• 51ffd55 Add extra queryexecutor nil checks
• 95e4cfd [FAB-18208] Do not sign gossip message if membership is empty
• 5201e86 Fix data race in gossip/discovery test (#1865)
• 11cbae9 Add object handle and key cache to bccsp/pkcs11 [ #11 ]
• d626146 Drain session pool before creating new sessions
• d0c5065 Fix Broken Doc Reference
• d308fbf Re-enable Skipped PKCS11 Tests
• 80d3934 Fix broken pkcs11 tests
• c8d124f [FAB-18073] Add integration test for dev mode
• 9848841 [FAB-18171] Disregard certificate validity period in intra-orderer communication (#1825)
• 243dc0e [FAB-17539] Always remember anchor peers in membership (#142...

v2.4.0-alpha

v2.4.0-alpha Release Notes - April 15, 2021

New features

FABGW-1: Fabric Gateway Technical Preview

The Hyperledger Fabric v2.4.0 Alpha contains a technical preview of the new Fabric Gateway feature.

The Fabric Gateway is a new component that will implement much of the high-level 'gateway' programming model in the Fabric peer,
enabling the removal of much of the transaction submission and query logic from client applications, and shifting it to a common gateway component running within the Fabric peer.
The various client SDKs can therefore be slimmer, more consistent, and require less maintenance.

The Fabric Gateway will also simplify the administrative overhead of running a Fabric network because client applications
will be able to connect and submit transactions via a single network port rather than the current situation where ports
have to be opened from a client application to multiple peers across potentially multiple organizations.

The Fabric Gateway technical preview is delivered along with slim SDKs in the https://github.com/hyperledger/fabric-gateway repository,
along with client application samples.

Improvements

peer and orderer - Implement legacy name constraints verification for Go 1.15

These changes reproduce the Go 1.14 name constraint verification in the MSP.
Without these changes, certificate chains that would fail verification in Go 1.14 would
successfully validate in Go 1.15 due to the change mentioned in the Go 1.15 release notes.
Specifically, if a signing certificate contains a name constraint, the leaf certificate
does not include SAN extensions, and the leaf's common name looks like a host name,
then the additional verification is performed to ensure deterministic behavior relative
to prior Fabric releases.

peer and orderer - Default log record format improvements

Expanded the width of the log record sequence number to a minimum of four characters,
moved the log sequence number and log level to the left,
and added bold formatting to the function name.
These changes keep the fixed-width columns together at the left
and add a visual break between the logging module name and log message text.

Fixes

All fixes as of v2.3.1 are included in v2.4.0-alpha. Additionally, the following fixes are made in v2.4.0-alpha.

FAB-18427: orderer - Report correct reason of stream abort in orderer cluster

This commit fixes a bug that makes the cluster communication infrastructure
always report an "aborted" reason after a stream terminates.

FAB-18424: peer - Ledger snapshot request submission with special value "blockNumber 0"

If a ledger snapshot request is submitted with the special value "blockNumber 0", peer is expected to translate the request to last committed block.
This patch fixes the issue where, it may happen sometimes that the request is translated to block number 1 instead of last committed block.
This leads to the situation where no snapshot gets generated, including any future snapshot requests.
If you have ever used this special value, we encourage you to check the list of pending snapshots requests with peer snapshot listpending.
If you notice one or more pending requests that are for the the block numbers lower than the latest committed block, cancel such requests with peer snapshot cancelrequest to enable the further snapshot requests to be processed.

FAB-18304: peer and orderer - Fix leveldb manifest corruption

This fix updates the version of goleveldb. The prior version of goleveldb had a bug which
could cause manifest corruption in crash scenarios, especially in disk full crash scenarios.
With a corrupted goleveldb database, the peer or orderer would fail to start with error
"panic: Error opening leveldb: leveldb: manifest corrupted".

Dependencies

Fabric v2.4.0-alpha has been tested with the following dependencies:

• Go 1.15.7
• CouchDB v3.1.1
• Alpine images 3.13

Deprecations (existing)

FAB-15754: The 'Solo' consensus type is deprecated.

The 'Solo' consensus type has always been marked non-production and should be in
use only in test environments, however for compatibility it is still available,
but may be removed entirely in a future release.

FAB-16408: The 'Kafka' consensus type is deprecated.

The 'Raft' consensus type was introduced in v1.4.1 and has become the preferred
production consensus type. There is a documented and tested migration path from
Kafka to Raft, and existing users should migrate to the newer Raft consensus type.
For compatibility with existing deployments, Kafka is still supported,
but may be removed entirely in a future release.
Additionally, the fabric-kafka and fabric-zookeeper docker images are no longer updated, maintained, or published.

Fabric CouchDB image is deprecated

v2.2.0 added support for CouchDB 3.1.0 as the recommended and tested version of CouchDB.
If prior versions are utilized, a Warning will appear in peer log.
Note that CouchDB 3.1.0 requires that an admin username and password be set,
while this was optional in CouchDB v2.x. See the
Fabric CouchDB documentation
for configuration details.
Also note that CouchDB 3.1.0 default max_document_size is reduced to 8MB. Set a higher value if needed in your environment.
Finally, the fabric-couchdb docker image will not be updated to v3.1.0 and will no longer be updated, maintained, or published.
Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead.

FAB-7559: Support for specifying orderer endpoints at the global level in channel configuration is deprecated.

Utilize the new 'OrdererEndpoints' stanza within the channel configuration of an organization instead.
Configuring orderer endpoints at the organization level accommodates
scenarios where orderers are run by different organizations. Using
this configuration ensures that only the TLS CA certificates of that organization
are used for orderer communications, in contrast to the global channel level endpoints which
would cause an aggregation of all orderer TLS CA certificates across
all orderer organizations to be used for orderer communications.

FAB-17428: Support for configtxgen flag --outputAnchorPeersUpdate is deprecated.

The --outputAnchorPeersUpdate mechanism for updating anchor peers has always had
limitations (for instance, it only works the first time anchor peers are updated).
Instead, anchor peer updates should be performed through the normal config update flow.

FAB-15406: The fabric-tools docker image is deprecated

The fabric-tools docker image will not be published in future Fabric releases.
Instead of using the fabric-tools docker image, users should utilize the
published Fabric binaries. The Fabric binaries can be used to make client calls
to Fabric runtime components, regardless of where the Fabric components are running.

FAB-15317: Block dissemination via gossip is deprecated

Block dissemination via gossip is deprecated and may be removed in a future release.
Fabric peers can be configured to receive blocks directly from an ordering service
node by using the following configuration:

peer.gossip.orgLeader: true
peer.gossip.useLeaderElection: false
peer.gossip.state.enabled: false

FAB-15061: Legacy chaincode lifecycle is deprecated

The legacy chaincode lifecycle from v1.x is deprecated and will be removed
in a future release. To prepare for the eventual removal, utilize the v2.x
chaincode lifecycle instead, by enabling V2_0 application capability on all
channels, and redeploying all chaincodes using the v2.x lifecycle. The new
chaincode lifecycle provides a more flexible and robust governance model
for chaincodes. For more details see the
documentation for enabling the new lifecycle.

Changes:

• 06509ad v2.4.0-alpha release notes
• 4365412 remove redundant slice cast
• 5d500ee Fixed Typo
• d001dbc Add debug for gateway endorsement requests (#2538)
• 4cfc722 Skip plugin tests when the noplugin tag is used (#2535)
• ba7e923 fix: fix typo
• dead74f Fixed Typo (#2533)
• c7dc5d7 Improve snapshot dir error message
• 3714ca3 Document ledger.snapshots.rootDir
• b1f4329 Simplify GitHub Action for AZP Triggering

See More

• a8bfc98 Update deploy_chaincode.md
• 345a08b Add Security Model topic to docs
• aefa755 Fix link in international_languages.md
• a559b2c Fix timeout in orderer connection from gateway
• d88e09c peer: the 'noplugin' build tag disables plugins
• f5de431 FABGW-9 Select endorsers with max block height
• f4dba9d Fix old or incorrect contents in the doc build instruction
• 576d186 Fix the fix for race condition in Finder unit test (#2504)
• 1147977 Clarify private data doc for endorsement pol...

v1.4.11

v1.4.11 Release Notes - March 2, 2021

Fixes

FAB-18413: peer - Node.js chaincode image build may fail

Node.js chaincode is built with fabric-ccenv image which extends fabric-baseimage.
Since fabric-baseimage uses Node.js v8, npm in fabric-ccenv must be pinned to npm v6.
If fabric-ccenv uses a later npm version, Node.js chaincode image build may fail
with error "Failed to generate platform-specific docker build".
This fix pins npm to v6 in fabric-ccenv image.

peer and orderer - Fix s390x builds

golang.org/x/crypto and golang.org/x/sys Go dependencies were out of sync,
causing build failure on s390x architecture.
This fix pins them to consistent versions of v1.14 so that s390x binaries can be built.

FAB-18427: orderer - Orderer cluster stream termination reports incorrect reason

The cluster communication infrastructure always reported an "aborted" reason
after a stream terminates, instead of reporting the correct reason.
This fix ensures that the correct reason is logged.

Dependencies

Fabric v1.4.11 has been tested with the following dependencies:

• Go 1.14.12
• Fabric baseimage 0.4.22
• CouchDB v2.3.1

Changes, Known Issues, and Workarounds

FAB-12134: Same chaincode source receiving fingerprint mismatch error -
Chaincode installed in different ways may result in "chaincode fingerprint
mismatch data mismatch" error upon instantiation. This may happen when
installing chaincode by using different SDKs. To workaround the problem,
package the chaincode prior to installation and instantiation, by using
the "peer chaincode package" command.

Known Vulnerabilities

FAB-8664: Peer should detect and react when its org has been removed
This is a relatively low severity problem, because it requires a significant
conspiracy of network admins, but it will be addressed in a future release.

Resolved Vulnerabilities

None.

Deprecations (existing)

The following functions are deprecated and are targeted for removal in a future release.

Support for automatically vendoring the chaincode shim into user chaincodes

The fabric-ccenv image which is used to build chaincode, currently includes
the github.com/hyperledger/fabric/core/chaincode/shim ("shim") package.
This is convenient, as it provides the ability to package chaincode
without the need to include the "shim". However, this may cause issues in future
releases (and/or when trying to use packages which are included by the "shim").
In order to avoid any issues, users are advised to manually vendor the "shim"
package with their chaincode prior to using the peer CLI for packaging and/or
for installing chaincode.
Support removed in v2.0. For more details see FAB-5177.

Support for CAR chaincode package format

Support for packaging chaincode using the CAR format will be removed in
a future release.
Support removed in v2.0. For more details see FAB-14720.

Support for invoking system chaincodes from user chaincodes.

System chaincodes, for example QSCC, are intended to be invoked by
a client rather than by a user chaincode. Invoking from a user chaincode
may cause deadlocks.
Support removed in v2.0. For more details see FAB-15285.

Support for user chaincodes to utilize the chaincode shim's logger via NewLogger()

Chaincodes that used the shim's NewLogger() will need to shift to their own preferred
logging mechanism.
Support removed in v2.0. For more details see FAB-15366.

Support for peer's Admin service

The peer's Admin service exposes APIs such as GetLogSpec() and SetLogSpec().
Instead of using these services, utilize the HTTP operations service that was
introduced in v1.4.0.
Support removed in v2.0. For more details see FAB-15390.

Support for specifying orderer endpoints at the global level in channel configuration.

Utilize the new 'OrdererEndpoints' stanza within the channel configuration of
an organization instead.
For more details see FAB-7559.

The 'Solo' consensus type is deprecated.

With the introduction of Raft-based ordering service in v1.4.1, it is possible
to deploy a single-node (non-production) or multi-node
Raft-based ordering service with no external dependencies.
For single-node (non-production) ordering services, utilize Raft-based ordering
service with a single node instead of Solo ordering service.
For more details see FAB-15754.

The 'Kafka' consensus type is deprecated

The 'Raft' consensus type was introduced in v1.4.1 and has become the preferred
production consensus type. There is a documented and tested migration path from
Kafka to Raft, and existing users should migrate to the newer Raft consensus type.
For compatibility with existing deployments, Kafka is still supported,
but may be removed entirely in a future release.
Additionally, the fabric-kafka and fabric-zookeeper docker images are no longer updated, maintained, or published.

fabric-couchdb docker image no longer updated, maintained, or published

The fabric-couchdb docker image will no longer be updated, maintained, or published.
Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead.

Change log

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric/blob/release-1.4/CHANGELOG.md#v1411

Changes:

• 77facb4 Release v1.4.11 commit
• b6822cb Report correct reason of stream abort in orderer cluster
• 4db2091 Log stream total lifetime
• a7f2b15 deps: overrides to use go1.14 branches
• 999051d Remvoe mockery from standard gotool targets
• f15b2b4 Prepare for next release v1.4.11
• 59d406a Update AZP Service Connection Name
• e3d4a0a Update image filter used by integration tests
• a7e659d Pin npm to latest-6 for compatibility with node 8
• 7d1ee82 v1.4.10 release commit

See More

• adfdd61 Add v1.4.10 release notes
• 3813607 Fix the issue of Nil/Zero-length-byte-array value (#2312)
• e95a134 Remove unreachable and unnecessary code in gossip membership (#2296)
• 51a3a52 [FAB-17039] CherryPick: Skip retrieving pvtdata from transient store when txid is missing (bp #2183) (#2203)
• 746b7e9 [FAB-18323] CherryPick: remove ephemeral from BCCSP SW options (#1553)
• 25d99ba Update endorsementpolicies.md
• 7004000 Bump Go to 1.14.12
• 2dbf8d6 Bump version of golang.org/x/tools
• e876e64 [FAB-13370] increase go env timeout from 10s to 1m
• 1d7b876 Increase Eventually Timeout
• a25b63f Prepare for go 1.14 (#755)
• b5a12de Log TLS hanshake duration
• 56d7b84 Deduplicate orderer server TLS root CAs (#2030)
• cf344b5 FAB-18244 single node catches up with snapshot (#2022)
• 83c833c [FAB-18270] Disable debug of CouchDB response body
• 75f9fe7 [FAB-18265] Always Use DummyKeystore For PKCS11 BCCSP Provider
• a40f9d2 Allow tick interval override via orderer.yaml
• db1abf6 Always Finalize the PKCS11 FindObject Operation (#1978)
• df50dea Update devmode doc to note TLS must be disabled (release-1.4)
• 4af8308 Prepare for next release v1.4.10
• da55272 Release commit for v1.4.9
• 5146a9f Remove No Longer Relevant Release Note
• 4924294 Update release notes with FAB-18250
• 56a81f7 [FAB-18250] Check Error Before Returning Session to Pool (#1938)
• 17e171b Remove escc and vscc from list of system chaincodes
• 2d63281 Remove GetSessionInfo Call
• 4f1e340 Add release notes for v1.4.9
• 40abeec [FAB-18237] always update stateInfo message upon chaincode update (#1915)
• 693cae5 Clarify tlsHandshakeTimeShift CLI help text (#1895)
• d9a8bc9 Peer CLI communicate with orderers with expired TLS certs
• 51ffd55 Add extra queryexecutor nil checks
• 95e4cfd [FAB-18208] Do not sign gossip message if membership is empty
• 5201e86 Fix data race in gossip/discovery test (#1865)
• 11cbae9 Add object handle and key cache to bccsp/pkcs11 [ #11 ]
• d626146 Drain session pool before creating new sessions
• d0c5065 Fix Broken Doc Reference
• d308fbf Re-enable Skipped PKCS11 Tests
• 80d3934 Fix broken pkcs11 tests
• c8d124f [FAB-18073] Add integration test for dev mode
• 9848841...

v2.3.1

v2.3.1 Release Notes - February 3, 2021

Fixes

peer - incorrect handling of values set to empty byte array in node chaincode

Peer should handle key values set to nil or empty byte arrays as a delete of the key.
While the behavior worked as expected when using Go chaincode and Java chaincode,
if using node chaincode it did not work correctly when setting key values to empty byte arrays.
This fix ensures that peer will interpret empty byte arrays as deletes even for node chaincodes.
If using node chaincode with private data, if you had set private data values to an empty
byte array, the private data hash would have been committed incorrectly to the state database.
To repair the state database, after applying the fix, with the peer stopped, request that
the state database be rebuilt by calling "peer node rebuild-dbs" or by deleting the state database.
Upon the next start, the peer will rebuild the state database from the already processed block store.
If subsequent transactions had referenced the existence of such a private data hash by calling
GetPrivateDataHash, then the subsequent transactions may have been processed incorrectly and
the peer will need to additionally reprocess blocks, which can be triggered by calling
"peer node reset" instead of "peer node rebuild-dbs".
If the peer joined channels from a snapshot, "peer node rebuild-dbs" and "peer node reset"
are not available since the peer does not have all blocks since the genesis block. In
these cases the peer will need to be replaced with a new peer that re-joins from the snapshots.
If using regular channel data only and not private data, the empty byte array will not
have been committed, and therefore no action is required on the peer beyond applying the fix.

orderer - incorrect osnadmin flag --channel-id

The osnadmin CLI introduced in v2.3.0 used an incorrect flag --channel-id.
The flag has been corrected to be --channelID in order to be consistent
with other CLIs.

Dependencies

Fabric v2.3.1 has been tested with the following dependencies:

• Go 1.14.12
• CouchDB v3.1.1

Deprecations (existing)

FAB-15754: The 'Solo' consensus type is deprecated.

The 'Solo' consensus type has always been marked non-production and should be in
use only in test environments, however for compatibility it is still available,
but may be removed entirely in a future release.

FAB-16408: The 'Kafka' consensus type is deprecated.

The 'Raft' consensus type was introduced in v1.4.1 and has become the preferred
production consensus type. There is a documented and tested migration path from
Kafka to Raft, and existing users should migrate to the newer Raft consensus type.
For compatibility with existing deployments, Kafka is still supported,
but may be removed entirely in a future release.
Additionally, the fabric-kafka and fabric-zookeeper docker images are no longer updated, maintained, or published.

Fabric CouchDB image is deprecated

v2.2.0 added support for CouchDB 3.1.0 as the recommended and tested version of CouchDB.
If prior versions are utilized, a Warning will appear in peer log.
Note that CouchDB 3.1.0 requires that an admin username and password be set,
while this was optional in CouchDB v2.x. See the
Fabric CouchDB documentation
for configuration details.
Also note that CouchDB 3.1.0 default max_document_size is reduced to 8MB. Set a higher value if needed in your environment.
Finally, the fabric-couchdb docker image will not be updated to v3.1.0 and will no longer be updated, maintained, or published.
Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead.

FAB-7559: Support for specifying orderer endpoints at the global level in channel configuration is deprecated.

Utilize the new 'OrdererEndpoints' stanza within the channel configuration of an organization instead.
Configuring orderer endpoints at the organization level accommodates
scenarios where orderers are run by different organizations. Using
this configuration ensures that only the TLS CA certificates of that organization
are used for orderer communications, in contrast to the global channel level endpoints which
would cause an aggregation of all orderer TLS CA certificates across
all orderer organizations to be used for orderer communications.

FAB-17428: Support for configtxgen flag --outputAnchorPeersUpdate is deprecated.

The --outputAnchorPeersUpdate mechanism for updating anchor peers has always had
limitations (for instance, it only works the first time anchor peers are updated).
Instead, anchor peer updates should be performed through the normal config update flow.

FAB-15406: The fabric-tools docker image is deprecated

The fabric-tools docker image will not be published in future Fabric releases.
Instead of using the fabric-tools docker image, users should utilize the
published Fabric binaries. The Fabric binaries can be used to make client calls
to Fabric runtime components, regardless of where the Fabric components are running.

FAB-15317: Block dissemination via gossip is deprecated

Block dissemination via gossip is deprecated and may be removed in a future release.
Fabric peers can be configured to receive blocks directly from an ordering service
node by using the following configuration:

peer.gossip.orgLeader: true
peer.gossip.useLeaderElection: false
peer.gossip.state.enabled: false

FAB-15061: Legacy chaincode lifecycle is deprecated

The legacy chaincode lifecycle from v1.x is deprecated and will be removed
in a future release. To prepare for the eventual removal, utilize the v2.x
chaincode lifecycle instead, by enabling V2_0 application capability on all
channels, and redeploying all chaincodes using the v2.x lifecycle. The new
chaincode lifecycle provides a more flexible and robust governance model
for chaincodes. For more details see the
documentation for enabling the new lifecycle.

Changes:

• 2f69b42 Release commit for v2.3.1
• 17b7e4f Add peer log message for failure to invoke chaincode (#2339)
• fc63fcd Test network does not work with latest Docker
• 8dc9930 Minor updates related to documentation for commands and more osnadmin updates (release-2.3) (#2322)
• c29420c Rename --channel-id to --channelID in osadmin
• 410ba71 Participation edits to network concept doc
• f682cad Fix the issue of Nil/Zero-length-byte-array value (#2309)
• 23b677c Remove system channel from Test Network tutorial
• 1dc0b47 [FAB-15648] document update: Non-TLS orderer with etcdraft usage (#1678)
• b144d49 cherry pick test network doc chaincode deployment

See More

• 7996176 [FAB-18398] Added osnadmin binary to tools image (#2275)
• 7debdef Remove unreachable and unnecessary code in gossip membership (#2294)
• f99cff0 Orderer deployment tutorial update
• b4548dd [doc] fix broken link
• a4a86d6 Minor create channel doc typos
• c8d3e08 Even more edits to docs for participation API (#2208) (#2281)
• 06866fb Revert "Minor create channel doc typos" backport
• e24a05e Pass GO_TAGS to tools container (#2278)
• c2758ef Raft configuration doc issue after mergify backport (release-2.3)
• 157f556 [FAB-18170] Endorsement policy page discusses NodeSDK
• f3cb99e [FAB-18392] Clarify scope and limitations of test network
• d486efb [FAB-18252] Documentation should reference Java chaincode support
• 377290d Remove anchor peers from configtx.yaml tutorial (#2257)
• e6b55b1 Update "add an org" tutorial to not use CLI
• cd578f3 Split command in "add an org to network" tutorial
• 0b2c755 Add more details to logging specification examples
• 56a0861 Minor create channel doc typos
• c8cc666 Update image filter used by integration tests
• 4d213ba Add Language Argument to DeployCC Calls
• 9ab9368 Check correct error
• 06eb9b1 [FAB-18378] Log warning when peer is lagging behind and cannot catch up
• e5e858a Fix unusual dash character in channel participation tutorial
• 5da3b0f [FAB-17039] Skip retrieving pvtdata from transient store when txid is missing (#2183) (#2200)
• cc5a77c More doc edits for system channel removal
• 0e774df Remove Short Names and Replace With Full Path in Fabric
• c91961c Edits to orderer and capabilities concept for participation API
• eb22bbf [FAB-17954] Document CouchDB JSON determinism (#2187)
• b1fb856 Fix name of...

v2.2.2

v2.2.2 Release Notes - January 27, 2021

Fixes

peer and orderer - Always Finalize the PKCS#11 FindObject Operation

In certain error paths, a PKCS#11 session was not finalized, leaving the session
in a locked state so that it could not be reused.
This fix finalizes session handles even in error paths, so that the session can be reused
by subsequent calls.

FAB-18308: peer and orderer - Restore support for MSPs that contain RSA certificate authorities

While Fabric has never supported RSA for transaction signatures or validation,
certificate authorities included in MSP definitions could be associated with
RSA keys. This ability was inadvertently removed during the development of
release 2.0 and prevented migration of some networks to a 2.x version. With
these changes, version 2.x components will no longer panic when attempting to
initialize MSPs that include CA certificates associated with RSA keys.

orderer - Allow tick interval override via orderer.yaml

If a raft network becomes unstable, sometimes, adjusting the tick
interval duration can be effective to restore it. However, the tick interval is
stored in the channel configuration, so if the network is not operational,
modifying it is very challenging. This fix adds Consensus.TickIntervalOverride
option to orderer.yaml configuration, allowing the channel configuration parameter
to be overridden from the local configuration.

FAB-18192: orderer - Consenter certificate validation fails when MSP is not part of existing configuration

If adding an organization MSP and a Raft consenter in the same configuration update transaction, validation fails
with error "consensus metadata update for channel config update is invalid" "certificate signed by unknown authority".
This fix adds logic to verify consenters based on the updated set of organization MSP root CAs.

FAB-18244: orderer - Single node orderer will not start due to inconsistent state

If using a single node orderer, it was possible to get into an inconsistent state where
a Raft WAL snapshot was taken but an in-flight block at the associated height is not yet written.
This fix resolves the inconsistent state by writing the last block, so that the
single node orderer can start.

orderer - Remove duplicate orderer server TLS root CAs

This fix reduces processing overhead when an ordering service node participates
in many channels.

FAB-18298: orderer - Default values for General.Cluster.ClientCertificate and General.Cluster.ClientPrivateKey

If orderer.yaml configuration options
General.Cluster.ClientCertificate and General.Cluster.ClientPrivateKey are not set,
default them to the server General.TLS.Certificate and General.TLS.PrivateKey values
when the orderer is not configured to use a separate cluster port.
This change simplifies orderer node configuration by not requiring the client certificates to be explicitly set.

peer - incorrect handling of values set to empty byte array in node chaincode

Peer should handle key values set to nil or empty byte arrays as a delete of the key.
While the behavior worked as expected when using Go chaincode and Java chaincode, if using
node chaincode it did not work correctly when setting key values to empty byte arrays.
This fix ensures that peer will interpret empty byte arrays as deletes even for node chaincodes.
If using node chaincode with private data, if you had set private data values to an empty byte array,
the private data hash would have been committed incorrectly to the state database.
To repair the state database, after applying the fix, with the peer stopped,
request that the state database be rebuilt by calling "peer node rebuild-dbs"
or by deleting the state database. Upon the next start, the peer will rebuild the state
database from the already processed block store.
If subsequent transactions had referenced the existence of such a private data hash by
calling GetPrivateDataHash, then the subsequent transactions may have been
processed incorrectly and the peer will need to additionally reprocess blocks,
which can be triggered by calling "peer node reset" instead of "peer node rebuild-dbs".
If using regular channel data only and not private data, the empty byte array will
not have been committed, and therefore no action is required on the peer beyond applying the fix.

Dependencies

Fabric v2.2.2 has been tested with the following dependencies:

• Go 1.14.12
• CouchDB v3.1.1

Deprecations (existing)

FAB-15754: The 'Solo' consensus type is deprecated.

The 'Solo' consensus type has always been marked non-production and should be in
use only in test environments, however for compatibility it is still available,
but may be removed entirely in a future release.

FAB-16408: The 'Kafka' consensus type is deprecated.

The 'Raft' consensus type was introduced in v1.4.1 and has become the preferred
production consensus type. There is a documented and tested migration path from
Kafka to Raft, and existing users should migrate to the newer Raft consensus type.
For compatibility with existing deployments, Kafka is still supported,
but may be removed entirely in a future release.
Additionally, the fabric-kafka and fabric-zookeeper docker images are no longer updated, maintained, or published.

Fabric CouchDB image is deprecated

v2.2.0 added support for CouchDB 3.1.0 as the recommended and tested version of CouchDB.
If prior versions are utilized, a Warning will appear in peer log.
Note that CouchDB 3.1.0 requires that an admin username and password be set,
while this was optional in CouchDB v2.x. See the
Fabric CouchDB documentation
for configuration details.
Also note that CouchDB 3.1.0 default max_document_size is reduced to 8MB. Set a higher value if needed in your environment.
Finally, the fabric-couchdb docker image will not be updated to v3.1.0 and will no longer be updated, maintained, or published.
Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead.

FAB-7559: Support for specifying orderer endpoints at the global level in channel configuration is deprecated.

Utilize the new 'OrdererEndpoints' stanza within the channel configuration of an organization instead.
Configuring orderer endpoints at the organization level accommodates
scenarios where orderers are run by different organizations. Using
this configuration ensures that only the TLS CA certificates of that organization
are used for orderer communications, in contrast to the global channel level endpoints which
would cause an aggregation of all orderer TLS CA certificates across
all orderer organizations to be used for orderer communications.

FAB-17428: Support for configtxgen flag --outputAnchorPeersUpdate is deprecated.

The --outputAnchorPeersUpdate mechanism for updating anchor peers has always had
limitations (for instance, it only works the first time anchor peers are updated).
Instead, anchor peer updates should be performed through the normal config update flow.

FAB-15406: The fabric-tools docker image is deprecated

The fabric-tools docker image will not be published in future Fabric releases.
Instead of using the fabric-tools docker image, users should utilize the
published Fabric binaries. The Fabric binaries can be used to make client calls
to Fabric runtime components, regardless of where the Fabric components are running.

FAB-15317: Block dissemination via gossip is deprecated

Block dissemination via gossip is deprecated and may be removed in a future release.
Fabric peers can be configured to receive blocks directly from an ordering service
node by using the following configuration:

peer.gossip.orgLeader: true
peer.gossip.useLeaderElection: false
peer.gossip.state.enabled: false

FAB-15061: Legacy chaincode lifecycle is deprecated

The legacy chaincode lifecycle from v1.x is deprecated and will be removed
in a future release. To prepare for the eventual removal, utilize the v2.x
chaincode lifecycle instead, by enabling V2_0 application capability on all
channels, and redeploying all chaincodes using the v2.x lifecycle. The new
chaincode lifecycle provides a more flexible and robust governance model
for chaincodes. For more details see the
documentation for enabling the new lifecycle.

Changes:

• bebb75f v2.2.2 release commit
• a80c772 Add release notes for v2.2.2 (#2232)
• 1de0825 Fix the issue of Nil/Zero-length-byte-array value (#2310)
• e5ecdef Remove system channel from Test Network tutorial
• c25eb86 [FAB-15648] document update: Non-TLS orderer with etcdraft usage (#1678)
• a861c00 cherry pick test network doc chaincode deployment fix
• 10c7839 Remove unreachable and unnecessary code in gossip membership (#2295)
• 6805515 Orderer deployment tutorial update
• fba5d90 [doc] fix broken link
• 48bad48 [FAB-18170] Endorsement policy page discusses NodeSDK

See More

• ee8fcfc [FAB-18392] Clarify scope and limitations of test network
• 90326b8 [FAB-18252] Documentation should reference Java chaincode support
• 813be7f Remove anchor peers from confi...

v1.4.10

v1.4.10 Release Notes - January 27, 2021

Fixes

peer and orderer PKCS#11 - Always Finalize the PKCS#11 FindObject Operation

In certain error paths, a PKCS#11 session was not finalized, leaving the session
in a locked state so that it could not be reused.
This fix finalizes session handles even in error paths, so that the session can be reused
by subsequent calls.

orderer - Allow tick interval override via orderer.yaml

If a raft network becomes unstable, sometimes, adjusting the tick
interval duration can be effective to restore it. However, the tick interval is
stored in the channel configuration, so if the network is not operational,
modifying it is very challenging. This fix adds Consensus.TickIntervalOverride
option to orderer.yaml configuration, allowing the channel configuration parameter
to be overridden from the local configuration.

FAB-18244: orderer - Single node orderer will not start due to inconsistent state

If using a single node orderer, it was possible to get into an inconsistent state where
a Raft WAL snapshot was taken but an in-flight block at the associated height is not yet written.
This fix resolves the inconsistent state by writing the last block, so that the
single node orderer can start.

orderer - Remove duplicate orderer server TLS root CAs

This fix reduces processing overhead when an ordering service node participates
in many channels.

peer - incorrect handling of values set to empty byte array in node chaincode

Peer should handle key values set to nil or empty byte arrays as a delete of the key.
While the behavior worked as expected when using Go chaincode and Java chaincode, if using
node chaincode it did not work correctly when setting key values to empty byte arrays.
This fix ensures that peer will interpret empty byte arrays as deletes even for node chaincodes.
If using node chaincode with private data, if you had set private data values to an empty byte array,
the private data hash would have been committed incorrectly to the state database.
To repair the state database, after applying the fix, with the peer stopped,
request that the state database be rebuilt by calling "peer node rebuild-dbs"
or by deleting the state database. Upon the next start, the peer will rebuild the state
database from the already processed block store.
If subsequent transactions had referenced the existence of such a private data hash by
calling GetPrivateDataHash, then the subsequent transactions may have been
processed incorrectly and the peer will need to additionally reprocess blocks,
which can be triggered by calling "peer node reset" instead of "peer node rebuild-dbs".
If using regular channel data only and not private data, the empty byte array will
not have been committed, and therefore no action is required on the peer beyond applying the fix.

Dependencies

Fabric v1.4.10 has been tested with the following dependencies:

• Go 1.14.12
• Fabric baseimage 0.4.22
• CouchDB v2.3.1

Changes, Known Issues, and Workarounds

FAB-12134: Same chaincode source receiving fingerprint mismatch error -
Chaincode installed in different ways may result in "chaincode fingerprint
mismatch data mismatch" error upon instantiation. This may happen when
installing chaincode by using different SDKs. To workaround the problem,
package the chaincode prior to installation and instantiation, by using
the "peer chaincode package" command.

Known Vulnerabilities

FAB-8664: Peer should detect and react when its org has been removed
This is a relatively low severity problem, because it requires a significant
conspiracy of network admins, but it will be addressed in a future release.

Resolved Vulnerabilities

None.

Deprecations (existing)

The following functions are deprecated and are targeted for removal in a future release.

Support for automatically vendoring the chaincode shim into user chaincodes

The fabric-ccenv image which is used to build chaincode, currently includes
the github.com/hyperledger/fabric/core/chaincode/shim ("shim") package.
This is convenient, as it provides the ability to package chaincode
without the need to include the "shim". However, this may cause issues in future
releases (and/or when trying to use packages which are included by the "shim").
In order to avoid any issues, users are advised to manually vendor the "shim"
package with their chaincode prior to using the peer CLI for packaging and/or
for installing chaincode.
Support removed in v2.0. For more details see FAB-5177.

Support for CAR chaincode package format

Support for packaging chaincode using the CAR format will be removed in
a future release.
Support removed in v2.0. For more details see FAB-14720.

Support for invoking system chaincodes from user chaincodes.

System chaincodes, for example QSCC, are intended to be invoked by
a client rather than by a user chaincode. Invoking from a user chaincode
may cause deadlocks.
Support removed in v2.0. For more details see FAB-15285.

Support for user chaincodes to utilize the chaincode shim's logger via NewLogger()

Chaincodes that used the shim's NewLogger() will need to shift to their own preferred
logging mechanism.
Support removed in v2.0. For more details see FAB-15366.

Support for peer's Admin service

The peer's Admin service exposes APIs such as GetLogSpec() and SetLogSpec().
Instead of using these services, utilize the HTTP operations service that was
introduced in v1.4.0.
Support removed in v2.0. For more details see FAB-15390.

Support for specifying orderer endpoints at the global level in channel configuration.

Utilize the new 'OrdererEndpoints' stanza within the channel configuration of
an organization instead.
For more details see FAB-7559.

The 'Solo' consensus type is deprecated.

With the introduction of Raft-based ordering service in v1.4.1, it is possible
to deploy a single-node (non-production) or multi-node
Raft-based ordering service with no external dependencies.
For single-node (non-production) ordering services, utilize Raft-based ordering
service with a single node instead of Solo ordering service.
For more details see FAB-15754.

The 'Kafka' consensus type is deprecated

The 'Raft' consensus type was introduced in v1.4.1 and has become the preferred
production consensus type. There is a documented and tested migration path from
Kafka to Raft, and existing users should migrate to the newer Raft consensus type.
For compatibility with existing deployments, Kafka is still supported,
but may be removed entirely in a future release.
Additionally, the fabric-kafka and fabric-zookeeper docker images are no longer updated, maintained, or published.

fabric-couchdb docker image no longer updated, maintained, or published

The fabric-couchdb docker image will no longer be updated, maintained, or published.
Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead.

Change log

For the full list of changes, refer to the release change log:
https://github.com/hyperledger/fabric/blob/release-1.4/CHANGELOG.md#v1410

Changes:

• 7d1ee82 v1.4.10 release commit
• adfdd61 Add v1.4.10 release notes
• 3813607 Fix the issue of Nil/Zero-length-byte-array value (#2312)
• e95a134 Remove unreachable and unnecessary code in gossip membership (#2296)
• 51a3a52 [FAB-17039] CherryPick: Skip retrieving pvtdata from transient store when txid is missing (bp #2183) (#2203)
• 746b7e9 [FAB-18323] CherryPick: remove ephemeral from BCCSP SW options (#1553)
• 25d99ba Update endorsementpolicies.md
• 7004000 Bump Go to 1.14.12
• 2dbf8d6 Bump version of golang.org/x/tools
• e876e64 [FAB-13370] increase go env timeout from 10s to 1m

See More

• 1d7b876 Increase Eventually Timeout
• a25b63f Prepare for go 1.14 (#755)
• b5a12de Log TLS hanshake duration
• 56d7b84 Deduplicate orderer server TLS root CAs (#2030)
• cf344b5 FAB-18244 single node catches up with snapshot (#2022)
• 83c833c [FAB-18270] Disable debug of CouchDB response body
• 75f9fe7 [FAB-18265] Always Use DummyKeystore For PKCS11 BCCSP Provider
• a40f9d2 Allow tick interval override via orderer.yaml
• db1abf6 Always Finalize the PKCS11 FindObject Operation (#1978)
• df50dea Update devmode doc to note TLS must be disabled (release-1.4)
• 4af8308 Prepare for next release v1.4.10
• da55272 Release commit for v1.4.9
• 5146a9f Remove No Longer Relevant Release Note
• 4924294 Update release notes with FAB-18250
• 56a81f7 [FAB-18250] Check Error Before Returning Session to Pool (#1938)
• 17e171b Remove escc and vscc from list of system chaincodes
• 2d63281 Remove GetSessionInfo Call
• 4f1e340 Add release notes for v1....

v2.3.0

v2.3.0 Release Notes - November 18, 2020

What's New in Hyperledger Fabric v2.3

Hyperledger Fabric v2.3 introduces two new features for improved orderer and peer operations:

• Orderer channel management without a system channel
• Ledger snapshot

See the What's New documentation for more details about these new features.

Fixes

All fixes as of v2.2.1 have also been applied to v2.3.0. Additionally the following fixes have been made.

FAB-18244: orderer - Single node orderer will not start due to inconsistent state

If using a single node orderer, it was possible to get into an inconsistent state where
a Raft WAL snapshot was taken but an in-flight block at the associated height is not yet written.
This fix resolves the inconsistent state by writing the last block, so that the
single node orderer can start.

FAB-18192: orderer - Consenter certificate validation fails when MSP is not part of existing configuration

If adding an organization MSP and a Raft consenter in the same configuration update transaction, validation fails
with error "consensus metadata update for channel config update is invalid" "certificate signed by unknown authority".
This fix adds logic to verify consenters based on the updated set of organization MSP root CAs.

FAB-18308: peer and orderer - Restore support for MSPs that contain RSA certificate authorities

While Fabric has never supported RSA for transaction signatures or validation,
certificate authorities included in MSP definitions could be associated with
RSA keys. This ability was inadvertently removed during the development of
release 2.0 and prevented migration of some networks to a 2.x version. With
these changes, version 2.x components will no longer panic when attempting to
initialize MSPs that include CA certificates associated with RSA keys.

peer and orderer PKCS#11 - Always Finalize the PKCS#11 FindObject Operation

In certain error paths, a PKCS#11 session was not finalized, leaving the session
in a locked state so that it could not be reused.
This fix finalizes session handles even in error paths, so that the session can be reused
by subsequent calls.

orderer - Allow tick interval override via orderer.yaml

If a raft network becomes unstable, sometimes, adjusting the tick
interval duration can be effective to restore it. However, the tick interval is
stored in the channel configuration, so if the network is not operational,
modifying it is very challenging. This fix adds Consensus.TickIntervalOverride
option to orderer.yaml configuration, allowing the channel configuration parameter
to be overridden from the local configuration.

Changes

Require orderer file ledger location to be set

The Orderer.FileLedger.Location must now be set. Utilizing the
Orderer.FileLedger.Prefix to generate a new temporary directory
with the specified prefix every time the orderer is restarted
is no longer supported. The orderer will panic if a location is
not provided.

FAB-18298: orderer - Default values for General.Cluster.ClientCertificate and General.Cluster.ClientPrivateKey

If orderer.yaml configuration options
General.Cluster.ClientCertificate and General.Cluster.ClientPrivateKey are not set,
default them to the server General.TLS.Certificate and General.TLS.PrivateKey values
when the orderer is not configured to use a separate cluster port.
This change simplifies orderer node configuration by not requiring the client certificates to be explicitly set.

Dependency updates

Bump Go to 1.14.12.

CouchDB 3.1.1 is now the tested CouchDB version.

Changes:

• ec81f3e Release commit for v2.3.0 (#2144)
• 2ff4e0e Clarify clientRootCAs guidance in core.yaml
• 4c4ddfc Clarify clientRootCAs guidance in core.yaml and TLS docs (#2142)
• bc33cbb [FAB-18322] Check panic message in TestInitializeServerConfig (#2140)
• 504caaf What's New documentation for v2.3.0 (#2126)
• e7b81ba Update core.yaml, orderer.yaml and docs for TLS (#2141)
• d5ed80d Add release note for RSA CA changes
• a09f0e7 Add integration test for MSPs with RSA CA certs
• 52f511d Restore RSA support for x509 public key import
• c545195 Deploy production ordering service doc

See More

• 5f2034f Add check for invalid key before hitting couchdb (#2133)
• 1f6fb08 Chan.Part.API: Onboarding and follower CFT IT (#2094)
• 39a8545 Fab-18337 Ch.Part.API: Test join system channel with app channels (#2128)
• ab55d50 Add persistent volume note to peer deploy guide
• cb683e5 Chan.Part.API: avoid flakiness after removing system channel (#2111)
• 48bf409 [FAB-18319] Ch.Part.API: IT Remove and rejoin channel from orderer (#2085)
• 7055007 Nominate Will Lahti as Fabric Maintainer
• c174728 [FAB-18179] Channel Participation API Tutorial
• c08c5e3 Update v2.3.0 release notes
• 09c0d75 Revert "[FAB-18179] Channel Participation API tutorial"
• 40e845b [FAB-18179] Channel Participation API tutorial
• 1f59e41 Remove unused type (#2120)
• d997115 Update Contribution guide to point to RFC process
• 01bfbba Update Go to 1.14.12
• 4a7efe9 Remove custom errors from pvtdata store
• 5dcdf81 Remove custom error types from txmgr package
• 24868e9 Remove custom error types (#2110)
• cd99b4e Enforce Admin.TLS.ClientAuthRequired in orderer config (#2107)
• a01cda4 Allow osnadmin to connect without TLS (#2106)
• 7f6b5dd [FAB-18315] Ch.Part.API: Add remove failure metric for chain status (#2108)
• b9a8338 Add snapshots to peer deploy checklist (#2109)
• 4f1e093 kvledger/test for snapshot generation and bootstrap
• e5ebb7b Remove the temp folder on error during snapshot generation (#2104)
• 941f0af Document additional snapshot considerations
• f1058a8 [FAB-18333] Fix panic in cluster/comm#TestRenewCertificates
• 4e7201b Revert "Allow BCCSP config to be set using env var (#1900)" (#2093)
• b8f76ae Remove Jira screenshots (#2103)
• ca26271 Redirect integration test logs to GinkgoWriter
• cd623d7 Update Jira instructions in contributing guide
• 01394c7 Chan.Part.API: Rename pendingops/joinblock to pendingops/join
• 45afdbd Update channel_update_tutorial.rst with joinbysnapshot
• 421dddf Remove unimplemented funcitons
• c590e37 Prevent race that occurs after test timeout
• 901fe6c [FAB-18329] Fix data race in cluster/comm_test#TestRenewCertificates (#2089)
• 73853ef Chan.Part.API: join system channel using config block IT (#2082)
• 1e90c88 osnadmin command reference (#2077)
• 4b134cf Chan.Part.API: Rename cluster relation to consensus relation (#2086)
• d54ed92 Chan.Part.API: channel participation relation/status metrics (#2025)
• cc77194 Ch.Part.API: Allow retry of failed removals (#2083)
• 1f372da [FAB-18318] IT: verify DUPLICATE_TXID error when resubmitting old tx on a peer bootstrapped from snapshot (#2084)
• 6a56a06 Update configtxgen log messages for app chan genesis block (#2076)
• 7f6ead9 [FAB-18132] Ch.Part.API: Remove ledger resources asynchronously (#2027)
• 17f075c Add function TxIDExists and use in validation path
• d620ab3 [FAB-18298] Default cluster cert and key
• 636c361 Rename cluster relation member to consenter (#2079)
• 348e2c7 Add default snapshot directory to core.yaml (#2068)
• 4db7e4c Add osnadmin to Makefile
• 2b1b989 [FAB-18290] Add channel name to pvtdata reconciler log msgs
• c15e44e Minor refactoring
• a37ea5c Minor Refactoring
• bf57390 Optimize importing snapshot data into pvtdatastore
• 596f720 [FAB-18307] IT: set deprioritizedDataReconcilerInterval to prevent CI flake (#2070)
• 32da54c [FAB-17953] IT: add tests to verify channel config can be retrieved on a peer bootstrapped from snapshot (#20...

v2.2.1

v2.2.1 Release Notes - September 30, 2020

What's New in Hyperledger Fabric v2.2.1

Hyperledger Fabric v2.2.1 provides important improvements and fixes, with a focus on the following areas:

• Management of certificate expirations
• Hardware security module (HSM) efficiency
• Upgrade to v2.x

Fixes

FAB-18163: orderer certificate expiration - TLSHandshakeTimeShift without separate cluster port

If the TLS certificates of the ordering service nodes expire and are not replaced in time,
communication between them cannot be established, making it impossible to send
new transactions to the ordering service. To recover from such a scenario, it is possible
to configure a backwards timeshift that ordering service nodes will utilize for TLS
handshakes so that transactions can be processed.
If the Raft cluster service is sharing the orderer’s main gRPC server port,
configure the new orderer.yaml General.TLS.TLSHandshakeTimeShift property.
If using a separate cluster listener port,
configure the orderer.yaml General.Cluster.TLSHandshakeTimeShift property.

FAB-18205: orderer certificate expiration - Permit peer CLI to communicate with orderers with expired TLS certificates

The change allows peer CLI to communicate with ordering service nodes with expired TLS certificates
by setting the --tlsHandshakeTimeShift flag to a desired backwards timeshift.
The change applies to the peer channel fetch and peer channel update commands to allow
fetching configuration blocks and updating the channel configuration for orderers with expired TLS certificates.

FAB-18171: orderer certificate expiration - Disregard certificate validity period in intra-orderer communication

This change makes the orderer cluster authentication infrastructure
disregard validity periods when comparing certificates, and only regard public keys.
With this change, an expiring Raft TLS certificate can be replaced
with a new certificate that has the same public key, without requiring channel configuration updates.

FAB-18188: peer and orderer certificate expiration - Log expiration date upon startup

The enrollment, TLS server, and TLS client certificate expiration dates are now logged upon peer and orderer startup.

peer and orderer PKCS#11 - Add object handle cache

With this change, object handles are cached in the PKCS#11 implementation.
In support of this change, in addition to pooling idle sessions, the
provider tracks active sessions. If some condition occurs that results
in all sessions being closed, cached object handles are no longer valid
so the handle cache is purged.

FAB-18250: peer and orderer PKCS#11 - Introduce error checking for evicting invalid PKCS#11 sessions

FAB-17722 introduced a call to the pkcs11 GetSessionInfo function for retrieving the current state of
the PKCS11 session. The result of this function was used to determine whether a session was still
valid to perform HSM operations or if it should be evicted from the session pool. Performance tests
showed that the call to GetSessionInfo was computationally prohibitively expensive. FAB-18242 reverted
this change and FAB-18250 introduced a new method for determining if the PKCS11 session is invalid.
Now when an HSM operation fails, we check the resultant error against the known session error codes and
evict the session from the pool if the error was the result of an invalid session.

FAB-18208: peer - Do not sign gossip message if membership is empty

This change suppresses the signing of gossip messages if the message will not get
sent regardless due to an empty gossip membership. The change reduces CPU consumption
and eliminates unnecessary calls to an HSM.

peer and orderer PKCS#11 - Add log message if a key cannot be found

A debug message is now provided in the bccsp_p11 logger if a key cannot be found in the HSM.

FAB-18194: peer - Fix service discovery for legacy installed chaincodes

The service discovery endorsers query may fail with errors
"failed constructing descriptor for chaincodes" and
"required chaincodes are not installed on sufficient peers", even
when a chaincode is installed on a sufficient number of peers.
The peer initialization has been fixed so that chaincodes installed with the legacy chaincode
lifecycle are correctly recognized by service discovery.

FAB-18191: peer - Remove contents of leveldb directory instead of the directory when dropping databases

The peer upgrade-dbs, rebuild-dbs, reset, and rollback commands each drop a peer's
leveldb databases so that they can be rebuilt upon the next peer startup.
The commands now remove all contents of the leveldb directories, rather than dropping the
directory itself. This fix is required if mounting one of the leveldb directories in addition
to the overall peer data directory as specified in core.yaml peer.fileSystemPath.

FAB-15810: peer - Deprioritize fetching of missing private data

The private data reconciler attempts to retrieve missing private data from other
peers in a channel that belong to the same private data collection based on the interval
configured in core.yaml peer.gossip.pvtData.reconcileSleepInterval
(by default every one minute). If private data cannot be reconciled, it will be attempted
every interval and may block the reconciliation of other private data. This fix places
private data that can't be reconciled in a depriorized queue so that other private data
can be reconciled. The depriorized entries will be re-attempted less often based on the
interval configured in core.yaml ledger.pvtdataStore.deprioritizedDataReconcilerInterval
(by default every 60 minutes).

orderer - Check suspect info once per suspect interval when using Raft

The Raft-based ordering service node was checking to see if it was evicted too often.
This fix ensures that the ordering service node only checks once per suspect interval,
which is every 10 minutes by default.

cryptogen - Duplicate alternate names in multi-domain certificates

When using cryptogen to generate certificates, the X509v3 Subject Alternative Name field contained duplicate entries.
The Subject Alternative Name now contains one entry per alternate name.

FAB-18245: peer - Large values retrieved from chaincode may be incorrect when using CouchDB

Chaincode values larger than 64kb are saved to CouchDB,
but not saved to the peer's CouchDB cache.
However, chaincode still attempted to retrieve from the cache,
and therefore an incorrect value may be retrieved.
The fix ensures that for values larger than 64kb, the data will be retrieved from CouchDB.

Deprecations (existing)

FAB-15754: The 'Solo' consensus type is deprecated.

The 'Solo' consensus type has always been marked non-production and should be in
use only in test environments, however for compatibility it is still available,
but may be removed entirely in a future release.

FAB-16408: The 'Kafka' consensus type is deprecated.

The 'Raft' consensus type was introduced in v1.4.1 and has become the preferred
production consensus type. There is a documented and tested migration path from
Kafka to Raft, and existing users should migrate to the newer Raft consensus type.
For compatibility with existing deployments, Kafka is still supported,
but may be removed entirely in a future release.
Additionally, the fabric-kafka and fabric-zookeeper docker images are no longer updated, maintained, or published.

Fabric CouchDB image is deprecated

v2.2.0 added support for CouchDB 3.1.0 as the recommended and tested version of CouchDB.
If prior versions are utilized, a Warning will appear in peer log.
Note that CouchDB 3.1.0 requires that an admin username and password be set,
while this was optional in CouchDB v2.x. See the
Fabric CouchDB documentation
for configuration details.
Also note that CouchDB 3.1.0 default max_document_size is reduced to 8MB. Set a higher value if needed in your environment.
Finally, the fabric-couchdb docker image will not be updated to v3.1.0 and will no longer be updated, maintained, or published.
Users can utilize the official CouchDB docker image maintained by the Apache CouchDB project instead.

FAB-7559: Support for specifying orderer endpoints at the global level in channel configuration is deprecated.

Utilize the new 'OrdererEndpoints' stanza within the channel configuration of an organization instead.
Configuring orderer endpoints at the organization level accommodates
scenarios where orderers are run by different organizations. Using
this configuration ensures that only the TLS CA certificates of that organization
are used for orderer communications, in contrast to the global channel level endpoints which
would cause an aggregation of all orderer TLS CA certificates across
all orderer organizations to be used for orderer communications.

FAB-17428: Support for configtxgen flag --outputAnchorPeersUpdate is deprecated.

The --outputAnchorPeersUpdate mechanism for updating anchor peers has always had
limitations (for instance, it only works the first time anchor peers are updated).
Instead, anchor peer updates should be performed through the normal config update flow.

FAB-15406: The fabric-tools docker image is deprecated

The fabric-tools docker image will not be published in future Fabric releases.
Instead of using the fabric-tools docker image, users should utilize the
published Fabric binaries. The Fabric binaries can be used to make client calls
to Fabric runtime components, regardless of where the Fabric components are running.

**FAB-15317: Block dissemination via gossip is ...