diff --git a/Makefile b/Makefile index a53d9db80..62cfa84d0 100644 --- a/Makefile +++ b/Makefile @@ -32,7 +32,7 @@ PROJECT_NAME = fabric-ca GO_VER = 1.20.5 UBUNTU_VER ?= 20.04 DEBIAN_VER ?= stretch -BASE_VERSION ?= v1.5.6 +BASE_VERSION ?= v1.5.7 ARCH=$(shell go env GOARCH) PLATFORM=$(shell go env GOOS)-$(shell go env GOARCH) diff --git a/lib/metadata/version.go b/lib/metadata/version.go index 612a1e52e..ea9352adc 100644 --- a/lib/metadata/version.go +++ b/lib/metadata/version.go @@ -29,7 +29,7 @@ const ( // Version specifies fabric-ca-client/fabric-ca-server version // It is defined by the Makefile and passed in with ldflags -var Version = "1.5.6" +var Version = "1.5.7" // GetVersionInfo returns version information for the fabric-ca-client/fabric-ca-server func GetVersionInfo(prgName string) string { diff --git a/release_notes/v1.5.7.md b/release_notes/v1.5.7.md new file mode 100644 index 000000000..597b1bf14 --- /dev/null +++ b/release_notes/v1.5.7.md @@ -0,0 +1,49 @@ +v1.5.7 Release Notes - August 29, 2023 +====================================== + +Improvements +------------ + +**SignerConfig struct now exports the RevocationHandle** + +SignerConfig struct now exports the RevocationHandle. +The way the revocation handle is encoded has changed to align to what the Idemix library expects. +[#363](https://github.com/hyperledger/fabric/pull/363) + +Dependencies +------------ + +Fabric CA v1.5.7 has been tested with the following dependencies: +- Go 1.20.5 +- Ubuntu 20.04 (for Docker images) + + +Changes, Known Issues, and Workarounds +-------------------------------------- + +None. + +Known Vulnerabilities +--------------------- +- FABC-174 Commands can be manipulated to delete identities or affiliations + + This vulnerability can be resolved in one of two ways: + + 1) Use HTTPS (TLS) so that the authorization header is not in clear text. + + 2) The token generation/authentication mechanism was improved to optionally prevent + token reuse. As of v1.4 a more secure token can be used by setting environment variable: + + FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false + + However, it cannot be set to false until all clients have + been updated to generate the more secure token and tolerate + FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false. + The Fabric CA client has been updated in v1.4 to generate the more secure token. + The Fabric SDKs will be updated by v2.0 timeframe to generate the more secure token, + at which time the default for Fabric CA server will change to: + FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false + +Resolved Vulnerabilities +------------------------ +None.