Releases: nuts-foundation/nuts-node
Coconut update (4)
What's Changed
- SearchVCs input is now validated against the provided JSON-LD context(s). This helps signalling faulty search queries.
- CRLs of expired certificates are no longer updated, and now don't cause blocking errors any more.
Full Changelog: v5.0.3...v5.0.4
nuts-node-chart-0.0.2
A NUTS node Helm chart for Kubernetes
Coconut Update (3)
Coconut update (2)
Release date: 2022-11-30
This patch release fixes the following:
- Synchronize calls to DIDMan to avoid parallel calls from clients creating conflicted DID documents (#1676)
Full Changelog: v5.0.1...v5.0.2
Chestnut update (8)
Release date: 2022-11-30
This patch release fixes the following:
- Synchronize calls to DIDMan to avoid parallel calls from clients creating conflicted DID documents (#1676)
Full Changelog: v4.3.0...v4.3.1
Coconut update (1)
Release date: 2022-11-18
This patch release fixes the following:
- Redact secrets (e.g.
crypto.vault.token
) in logging (e.g. at startup). They will now show up as(redacted)
. - Fix half-downloaded IRMA schemas preventing the server to start. This happens when the node is shut down/crashes while downloading schemas.
It now removes IRMA temporary directories which prevents the case from occurring.
Full Changelog: v5.0.0...v5.0.1
Coconut release
Release date: 2022-11-08
- HTTPS TLS offloading is now also possible at the Nuts node. Checkout the docs on TLS offloading for the details.
By default this is turned off which corresponds to the current behaviour. - Issuing a Verifiable Credential will now fail when it includes a property not defined in its JSON-LD context(s).
The behavior was changed because undefined fields are not secured by the JSON-LD proof,
which allows an attacker to alter it while the developer assumes it is secured by the signature.
It also helps developers noticing they misspelled a property, which it previously accepted but may have caused issues at processing systems downstream. - Redis Sentinel is now configured through configuration parameters, rather than via the Redis connection URL as introduced in v4.
This is done to improve documentation and reduce complexity. - Searching VCs (using REST API) now requires a wildcard to do a partial (prefix) search on strings.
Full Changelog: v4.0.0...v5.0.0
Breaking changes
NutsAuthorizationCredential LegalBase
When issuing Verifiable Credentials, now all fields must be defined in its context(s). This impacts the issuance of NutsAuthorizationCredentials:
Nuts RFC014 (Authorization Credential) required legalBase
to be present in all NutsAuthorizationCredential
s,
but this property was missing in the Nuts v1 JSON-LD context.
Since it can't simply be added afterwards, it (legalBase
) is removed altogether.
This means, starting this version, the legalBase
property can't used in new v1 NutsAuthorizationCredential
s.
Redis Sentinel
Redis Sentinel was configured through a Redis connection URL by passing Sentinel-specific query parameters,
which has been replaced with structured configuration. To use Redis Sentinel in v5 move the following connection URL parameters to configuration:
sentinelMasterName
becomesstorage.redis.sentinel.master
- comma-separated Sentinel hosts become a list of hosts as
storage.redis.sentinel.nodes
If using a Redis connection URL, its host won't be used set, so set the host to any irrelevant value. sentinelUsername
becomesstorage.redis.sentinel.username
sentinelPassword
becomesstorage.redis.sentinel.password
Searching VCs
Before v5, searching for VCs would use partial (prefix) matching for strings by default.
Starting v5 it will use exact matching on strings by default. To match on a prefix (string starting with a specific value), add an asterisk (*
) at the end of the string.
To match for a non-nil string, use just an asterisk (*
) meaning anything will match (but it must be present).
Chestnut update (7)
What's Changed
Removes validation of LegalBase to be forward compatible with upcoming v5 release.
Full Changelog: v4.2.4...v4.3.0
Chestnut update (6)
What's Changed
- Set built-in IRMA server to
production-mode
when node is instrict-mode
(#1491) by @stevenvegt in #1492
Full Changelog: v4.2.3...v4.2.4
Chestnut update (5)
What's Changed
- fix overriding VAULT_TOKEN with empty default (#1465) by @woutslakhorst in #1474
- V4 vault memory fixes by @stevenvegt in #1475
Full Changelog: v4.2.2...v4.2.3