Ccf

Added

- Joining nodes can now request a snapshot from their peers at startup, rather than relying on file access. The joinee's snapshot will be fetched and used if it is more recent than the joiner has access to. This behaviour is enabled by default, but can be disabled via the `command.join.fetch_recent_snapshot` config option (6758).

Changed

- CCF now defaults to using libstdc++ rather than libc++, and no longer builds with LTO, to improve compatibility with other C++ libraries.

Dependencies

- nghttp2 is now picked up from the OS rather than vendored to enable libcurl usage
- Misc dependency updates (6725)

Added

- `GET /gov/service/javascript-app` now takes an optional `?case=original` query argument. When passed, the response will contain the raw original `snake_case` field names, for direct comparison, rather than the API-standard `camelCase` projections.
- Applications can now extend `js_generic` (ie - a JS app where JS endpoints are edited by governance transactions), from the public header `ccf/js/samples/governance_driven_registry.h`. The API for existing JS-programmability apps using `DynamicJSEndpointRegistry` should be unaffected.

Fixed

- `cose_signatures` configuration (`issuer`/`subject`) is now correctly preserved across disaster recovery (6709).

Deprecated

- The function `ccf::get_js_plugins()` and associated FFI plugin system for JS is deprecated. Similar functionality should now be implemented through a `js::Extension` returned from `DynamicJSEndpointRegistry::get_extensions()`.

Dependencies

- nghttp2 updated from 1.55.1 to 1.64.0

Added

- Expose `ccf:http::parse_accept_header()` and `ccf::http::AcceptHeaderField` (6706).
- Added `ccf::cose::AbstractCOSESignaturesConfig` subsystem to expose COSE signature configuration to application handlers (6707).
- Package `build_bundle.ts` under `npx ccf-build-bundle` to allow javascript users to build a ccf schema bundle (6704).

Changed

- The `read_ledger.py` tool now has a `--quiet` option which avoids printing anything per-transaction, as well as other performance improvements, which should make it more useful in verifying the integrity of large ledgers.
- COSE signatures now set a kid that is a hex-encoded SHA-256 of the DER representation of the key used to produce them (6703).

Changed

- All definitions in CCF's public headers are now under the `ccf::` namespace. Any application code which references any of these types directly (notably `StartupConfig`, `http_status`, `LoggerLevel`), they will now need to be prefixed with the `ccf::` namespace.
- `cchost` now requires `--config`.

Changed

- JWT authentication now supports raw public keys along with certificates (6601).
- Public key information ('n' and 'e', or 'x', 'y' and 'crv' fields) now have a priority if defined in JWK set, 'x5c' remains as a backup option.
- Has same side-effects as 5809 does please see the changelog entry for that change for more details. In short:
- stale JWKs may be used for JWT validation on older nodes during the upgrade.
- old tables are not cleaned up, 6222 is tracking those.
- A deprecated `GET /gov/jwt_keys/all` has been altered because of 6601, as soon as JWT certificates are no longer stored in CCF. A new "public_key" field has been added, "cert" is now left empty.