- Build and docker image to use Java 17
- Updated Docker image to use the latest Ubuntu LTS image
- Updated web3j library to 4.10.2
- Update grpc to version 1.57.2 to fix CVE-2023-33953
- Update Azure libraries to fix CVE-2023-36415
- Update okhttp logging interceptor version to fix CVE-2023-0833
As part of our ongoing commitment to deliver the best remote signing solutions, we are announcing a change in our product offerings.
We have decided to deprecate our EthSigner product to focus our efforts on enhancing Web3Signer, our newly comprehensive remote signing solution. This is rooted in our strategy to streamline our offerings and focus on a single, robust product that will provide functionality for both transaction and Ethereum validator signing. We hope this makes it applicable to all your use-cases like public Ethereum signing, staking infrastructure offerings, and in private network contexts.
Rest assured, we are not dropping existing EthSigner functionality. We are updating Web3Signer to incorporate the functionalities of EthSigner alongside everything else in Web3Signer. We will ensure a smooth transition by maintaining EthSigner with necessary patches for an additional six months. We hope this provides ample time for any necessary migration to Web3Signer.
- Update of Azure libraries (transitive via signers library) and manual override to fix CVE-2023-1370
- Updated various dependent libraries versions
- Various library dependencies updates in Gradle build script
- Docker image - manually install libssl3 to bring in latest version
- Updated Metrics service default port from 8546 to 9546.
- Updated various dependent libraries versions
- Update EthSigner docker image user to use
ethsignerinstead ofroot. It may result in backward compatibility/permission issues with existing directory mounts.
- Update Vertx to 4.x and various other dependencies to their latest versions. #415
- Updated to log4j 2.17.1. Resolves two potential vulnerabilities which are only exploitable when using custom log4j configurations that are either writable by untrusted users or log data from the
ThreadContext.
- Updated log4j to 2.17.0 to mitigate potential DOS vulnerability when the logging configuration uses a non-default Pattern Layout with a Context Lookup.
- Updated log4j to 2.16.0 to mitigate JNDI attack via thread context.
- Updated log4j and explicitly disabled format message lookups.
- Upgrade to signers 1.0.19 removes support for deprecated SECP256K1 curve in Azure remote signing #386
- Adding configuration files should load new accounts automatically without restarting EthSigner #390
- eth_sign signing of hex data #393
- Upgrade web3j to latest version for fix to handle large chainids in eip155 transactions #382
- Add validation for GoQuorum transactions with value #377
- Add publishing to docker namespace "consensys/ethsigner" and deprecate docker namespace "consensys/quorum-ethsigner" #384
- Upgrade to signers 1.0.19 allows empty password files to be read when creating a Signer #372
- Upgrade besu to 21.10.0 for acceptance tests
- Fix nonce too low retries and added support for "replacement underpriced" and "Known transaction" RPC responses
- Update transaction signing to handle GoQuorum private transactions
- Azure remote signing now supports new Azure keys using the curve name P-256K and signature algorithm name ES256K. The deprecated keys using the SECP256K and signature algorithm name ECDSA256 are still supported.
- Fixing nonce too low retries and added support for replacement underpriced rpc response
- Upgraded besu-metrics library
- Publish ethsigner module jars to cloudsmith maven repo
- Update Besu latest version for Acceptance Tests
- Add gzip compression support
- Publish artifacts to cloudsmith.
- Added support for sending GoQuorum private transactions via "eth_sendTransaction" JSON-RPC
- Improve error message if HTTP server fails to start
- Added "eth_signTransaction" JSON-RPC
- Docker namespace updated to reflect "consensys/quorum-ethsigner"
- Strip ACCESS_CONTROL_ALLOW_ORIGIN header from responses received from the web3provider
- Added a Prometheus metrics endpoint, reporting basic application metrics
- Transactions were not being handled in parallel, triggering poor performance under load
- Support for using config file and environment variables as default values for cli options
- Updated signers library to the latest version
- Accessing Azure signing service requires tenant id as part of Azure configuration
- Communication details moved to Discord
- Prevent multiple transmission exceptions propagation upwards #312
- Resolve failures in the application of CORS headers #286
- Added "eth_sign" JSON RPC
- Added "--http-cors-origins" commandline option to allow browser based apps (remix/metamask) to connect to EthSigner
- Added "--downstream-http-path" commandline option to allow Ethsigner to connect to a downstream web3 provider not on root path (eg web3 provider running in infura)
- If inbound request contains the "Host" header, it is renamed to "X-Forwarded-Host" and added to downstream request
- Code base split, crypto operations moved to "Signers" repository
- First line of Password file (stripping EOL) is treated as the password (rather than whole file content)
- Create invalid signature when Signature field was treated as negative BigInteger #247
Changed CLI option name from --downstream-http-tls-ca-auth-disabled to --downstream-http-tls-ca-auth-enabled #230
- Added TLS support for incoming and outgoing RPC endpoints
- Added TLS support for connecting to Hashicorp vault
- Upgraded PicoCLI to 4.1.4
- Received headers are now forwarded to the web3 provider, resolving an issue where JWT token was not being passed in header #208
- Resolved an issue where private transactions using privacyGroupId without a nonce failed #215
- Multi-key signing: Ethsigner is initialised with a directory containing a number of TOML metadata files, each of which describe a key which may be used for signing. Upon reception of a Transaction, Ethsigner loads the corresponding metadata file, and signs the Transaction with the key defined therein.
- Relaxed definition of 'optional' when parsing eth_SendTransaction (empty string, null an "0x" are deemed a missing optional parameter).
- All endpoints (not just "/") are proxied to the downstream web3j provider (eg. "/login")
- CI moved from Jenkins to CircleCI
- Updated to Web3j 4.5.5
- Updated to JUnit 5
- When a private transaction is submitted without a nonce, a nonce is generated and inserted. However, if the supplied nonce is too low, the transaction is not resubmitted with a new nonce. Rather an error is returned to the caller (resolved in Besu 1.2.5).
- Removed intermittent "out of memory" failure during integration testing.
- Resolved an issue whereby a missing optional field in eth_SendTransaction would fail
- When a private transaction is submitted without a nonce, a nonce is generated and inserted. However, if the supplied nonce is too low, the transaction is not resubmitted with a new nonce. Rather an error is returned to the caller.
- Updated to use Web3j 4.5.0
- Accepts Private Transactions addressed with "PrivacyGroupId", not just "PrivateFor"
- Private Transactions without nonces are now accepted and the nonce populated (see "Known Issues")
- When a private transaction is submitted without a nonce, then transaction will be rejected. Ethsigner is unable to derive an appropriate nonce for a private transaction, as such the
noncefield ofeea_SendTransactionis mandatory - if a private transaction is submitted without a nonce an error will be returned. DApps can use thepriv_getTransactionCountJSON RPC to determine the correct nonce prior to transaction transmission.
- Command line reworked to specify the source of the key used for transaction signing.
- EthSigner is supported on Java 11+ only; Java 8 is no longer supported.
- Created EthSigner documentation
- Allow EthSigner to be deployed as a Docker image
- Support signing transaction with a key stored in an Azure KeyVault (cloud based software/HSM signing service) (thanks to jimthematrix)
- Added an Upcheck endpoint
- Support signing transactions with a key stored in a Hashicorp vault
- Sign private transaction submitted via eea_SendTransaction
- Jar files are available from the EthSigner bintray repository.
- N/A