Ccf

Fixed

- Node-to-node channels no longer check certificate expiry times. This previously caused "Peer certificate verification failed" error messages when node or service certs expired. (4733)
- `node_data_json_file` configuration option is now correctly applied in `Start` and `Recover` modes (4761).

Changed

- Increased default NumHeapPages (heap size) for js_generic from 131072 (500MB) to 524288 (2GB).
- `TCP_NODELAY` is now set for all incoming and outgoing TCP connections (4717).

Added

- The [ccf Python package](https://pypi.org/project/ccf/) now includes a `ccf_cose_sign1` CLI tool, to facilitate the creation of [COSE Sign1](https://www.rfc-editor.org/rfc/rfc8152#page-18) requests for governance purposes. It also includes `ccf_cose_sign1_prepare` and `ccf_cose_sign1_finish` CLI tools, to facilitate the creation of [COSE Sign1](https://www.rfc-editor.org/rfc/rfc8152#page-18) requests for governance purposes, signed with external key management systems such as AKV. See [documentation](https://microsoft.github.io/CCF/main/governance/hsm_keys.html#cose-signing) for details.
- Builtin governance tables now have endpoints for accessing their content directly from the KV, under `/gov/kv`. For instance, `/gov/kv/constitution` will read the current constitution.

Fixed

- Session consistency is now provided even across elections. If session consistency would be broken, the inconsistent request will return an error and the TLS session will be terminated.
- Fixed issue where invalid snapshots could be generated depending on the pattern of additions/removals of keys in a given key-value map (4730).

Added

- Added `view_history` and `view_history_since` query parameters to `/app/commit` endpoint for retrieving the full view history and the view history since a certain view (4580)
- Added `BaseEndpointRegistry::get_view_history_v1` function to get the view history since a given revision (4580)

Changed

- `enclave.type` configuration entry now only supports `Debug` or `Release`. Trusted Execution Environment platform should be specified via new `enclave.platform` configuration entry (`SGX`, `SNP` or `Virtual`) (4569).

Fixed

- Fix issue with large snapshots that may cause node crash on startup (join/recover) if configured stack size was too low (4566).

Added

- `sandbox.sh` now accepts a `--consensus-update-timeout-ms` to modify the `consensus.message_timeout` value in each node's configuration. This can be used to alter multi-node commit latency.
- Add `ccf.crypto.sign()` API in the JavaScript runtime (4454).

Changed

- CCF is now a separate CMake project and Debian package per platform (sgx, snp and virtual), rather than the same project and package with a decorated version, to prevent accidental misuse and narrow down dependencies. (4421).
- C++ applications should find the appropriate CCF package in CMake with `find_package("ccf_<platform>" REQUIRED)`.
- CCF Debian packages are now installed at `/opt/ccf_<platform>` rather than `/opt/ccf`.
- We now support QuickJS runtime caps such as `max_heap_bytes`, `max_stack_bytes` and `max_execution_time_ms`. These can be set via a governance proposal. They can also be fetched via the `GET /node/js_metrics` endpoint (4396).