Workflow

Ccf

Latest version: v5.0.11

Safety actively analyzes 688674 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 2 of 25

6.0.0dev3

Changed

- Set VMPL value when creating SNP attestations, and check VMPL value is in guest range when verifiying attestation, since recent [updates allow host-initiated attestations](https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/56860.pdf) (#6583).
- Added `ccf::cose::edit::set_unprotected_header()` API, to allow easy injection of proofs in signatures, and of receipts in signed statements (6586).

6.0.0dev2

Added

- Introduced `ccf::describe_cose_endorsements_v1(receipt)` for COSE-endorsements chain of previous service identities (6500).
- Ignore time when resolving did:x509 against x5chain, resolution establishes a point-in-time endorsement, not ongoing validity (6575).

6.0.0dev1

Changed

- Output of `ccf::describe_merkle_proof_v1(receipt)` has been updated, and is now described by [ccf-tree-alg schema](https://github.com/microsoft/CCF/blob/main/cddl/ccf-tree-alg.cddl).
- Improved error message when attempting to obtain receipts for a past epoch during a recovery (6507).

6.0.0dev0

Changed

- The `set_jwt_issuer` governance action has been updated, and no longer accepts `key_filter` or `key_policy` arguments (6450).
- Nodes started in `Join` mode will shut down if they receive an unrecoverable condition such as `StartupSeqnoIsOld` or `InvalidQuote` when attempting to join (6471, 6489).
- In configuration, `attestation.snp_endorsements_servers` can specify a `max_retries_count`. If the count has been exhausted without success for all configured servers, the node will shut down (6478).
- When deciding which nodes are allowed to join, only UVM roots of trust defined in `public:ccf.gov.nodes.snp.uvm_endorsements` are considered (6489).

Removed

- SGX Platform support.

Added

- Provided API for getting COSE signatures and Merkle proofs (6477).
- Exposed COSE signature in historical API via `TxReceiptImpl`.
- Introduced `ccf::describe_merkle_proof_v1(receipt)` for Merkle proof construction in CBOR format.
- Added COSE signatures over the Merkle root to the KV (6449).
- Signing is done with service key (different from raw signatures, which remain unchanged and are still signed by the node key).
- New signature reside in `public:ccf.internal.cose_signatures`.

5.0.4

Bug fix

- JWT authentication correctly parses certificates that contain other certificates (6440)

5.0.3

Changed

- Improved JWT authentication error messages (6427).

Bug fix

- In `GET gov/service/javascript-app`, `openApi` now correctly returns the schema set for the endpoint (6430)

Page 2 of 25

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.