- Updated Metrics service default port from 8546 to 9546.
- Updated various dependent libraries versions
- Update EthSigner docker image user to use
ethsignerinstead ofroot. It may result in backward compatibility/permission issues with existing directory mounts.
- Update Vertx to 4.x and various other dependencies to their latest versions. #415
- Updated to log4j 2.17.1. Resolves two potential vulnerabilities which are only exploitable when using custom log4j configurations that are either writable by untrusted users or log data from the
ThreadContext.
- Updated log4j to 2.17.0 to mitigate potential DOS vulnerability when the logging configuration uses a non-default Pattern Layout with a Context Lookup.
- Updated log4j to 2.16.0 to mitigate JNDI attack via thread context.
- Updated log4j and explicitly disabled format message lookups.
- Upgrade to signers 1.0.19 removes support for deprecated SECP256K1 curve in Azure remote signing #386
- Adding configuration files should load new accounts automatically without restarting EthSigner #390
- eth_sign signing of hex data #393
- Upgrade web3j to latest version for fix to handle large chainids in eip155 transactions #382
- Add validation for GoQuorum transactions with value #377
- Add publishing to docker namespace "consensys/ethsigner" and deprecate docker namespace "consensys/quorum-ethsigner" #384
- Upgrade to signers 1.0.19 allows empty password files to be read when creating a Signer #372
- Upgrade besu to 21.10.0 for acceptance tests
- Fix nonce too low retries and added support for "replacement underpriced" and "Known transaction" RPC responses
- Update transaction signing to handle GoQuorum private transactions
- Azure remote signing now supports new Azure keys using the curve name P-256K and signature algorithm name ES256K. The deprecated keys using the SECP256K and signature algorithm name ECDSA256 are still supported.
- Fixing nonce too low retries and added support for replacement underpriced rpc response
- Upgraded besu-metrics library
- Publish ethsigner module jars to cloudsmith maven repo
- Update Besu latest version for Acceptance Tests
- Add gzip compression support
- Publish artifacts to cloudsmith.
- Added support for sending GoQuorum private transactions via "eth_sendTransaction" JSON-RPC
- Improve error message if HTTP server fails to start
- Added "eth_signTransaction" JSON-RPC
- Docker namespace updated to reflect "consensys/quorum-ethsigner"
- Strip ACCESS_CONTROL_ALLOW_ORIGIN header from responses received from the web3provider
- Added a Prometheus metrics endpoint, reporting basic application metrics
- Transactions were not being handled in parallel, triggering poor performance under load
- Support for using config file and environment variables as default values for cli options
- Updated signers library to the latest version
- Accessing Azure signing service requires tenant id as part of Azure configuration
- Communication details moved to Discord
- Prevent multiple transmission exceptions propagation upwards #312
- Resolve failures in the application of CORS headers #286
- Added "eth_sign" JSON RPC
- Added "--http-cors-origins" commandline option to allow browser based apps (remix/metamask) to connect to EthSigner
- Added "--downstream-http-path" commandline option to allow Ethsigner to connect to a downstream web3 provider not on root path (eg web3 provider running in infura)
- If inbound request contains the "Host" header, it is renamed to "X-Forwarded-Host" and added to downstream request
- Code base split, crypto operations moved to "Signers" repository
- First line of Password file (stripping EOL) is treated as the password (rather than whole file content)
- Create invalid signature when Signature field was treated as negative BigInteger #247
Changed CLI option name from --downstream-http-tls-ca-auth-disabled to --downstream-http-tls-ca-auth-enabled Consensys#230
- Added TLS support for incoming and outgoing RPC endpoints
- Added TLS support for connecting to Hashicorp vault
- Upgraded PicoCLI to 4.1.4
- Received headers are now forwarded to the web3 provider, resolving an issue where JWT token was not being passed in header Consensys#208
- Resolved an issue where private transactions using privacyGroupId without a nonce failed Consensys#215
- Multi-key signing: Ethsigner is initialised with a directory containing a number of TOML metadata files, each of which describe a key which may be used for signing. Upon reception of a Transaction, Ethsigner loads the corresponding metadata file, and signs the Transaction with the key defined therein.
- Relaxed definition of 'optional' when parsing eth_SendTransaction (empty string, null an "0x" are deemed a missing optional parameter).
- All endpoints (not just "/") are proxied to the downstream web3j provider (eg. "/login")
- CI moved from Jenkins to CircleCI
- Updated to Web3j 4.5.5
- Updated to JUnit 5
- When a private transaction is submitted without a nonce, a nonce is generated and inserted. However, if the supplied nonce is too low, the transaction is not resubmitted with a new nonce. Rather an error is returned to the caller (resolved in Besu 1.2.5).
- Removed intermittent "out of memory" failure during integration testing.
- Resolved an issue whereby a missing optional field in eth_SendTransaction would fail
- When a private transaction is submitted without a nonce, a nonce is generated and inserted. However, if the supplied nonce is too low, the transaction is not resubmitted with a new nonce. Rather an error is returned to the caller.
- Updated to use Web3j 4.5.0
- Accepts Private Transactions addressed with "PrivacyGroupId", not just "PrivateFor"
- Private Transactions without nonces are now accepted and the nonce populated (see "Known Issues")
- When a private transaction is submitted without a nonce, then transaction will be rejected. Ethsigner is unable to derive an appropriate nonce for a private transaction, as such the
noncefield ofeea_SendTransactionis mandatory - if a private transaction is submitted without a nonce an error will be returned. DApps can use thepriv_getTransactionCountJSON RPC to determine the correct nonce prior to transaction transmission.
- Command line reworked to specify the source of the key used for transaction signing.
- EthSigner is supported on Java 11+ only; Java 8 is no longer supported.
- Created EthSigner documentation
- Allow EthSigner to be deployed as a Docker image
- Support signing transaction with a key stored in an Azure KeyVault (cloud based software/HSM signing service) (thanks to jimthematrix)
- Added an Upcheck endpoint
- Support signing transactions with a key stored in a Hashicorp vault
- Sign private transaction submitted via eea_SendTransaction
- Jar files are available from the EthSigner bintray repository.
- N/A