This release contains various libraries updates and is recommended for all users.
Highlights
Upcoming Breaking Changes
- This is the last Web3Signer release to use Java 17. Web3Signer will start mandating Java 21 for build and runtime after
this release. The Web3Signer docker image will also use Java 21, however, binary distributions (.tar.gz/.zip) will
require Java 21 to be available on the host machine. - This is the last Web3Signer release to use the "filecoin" mode. The "filecoin" mode will be removed in a future release.
Features Added
- Added endpoint
/api/v1/eth2/ext/sign/:identifierwhich is enabled using cli option--Xsigning-ext-enabled=true.
This endpoint allows signing of additional data not covered by the remoting API specs. #982
Bugs fixed
- Update transitive dependency threetenbp and google cloud secretmanager library to fix CVE-2024-23082, CVE-2024-23081
- Update bouncycastle libraries to fix CVE-2024-29857, CVE-2024-30171, CVE-2024-30172
- Update Teku libraries to 24.3.1
- Update Vert.x to 4.5.7 (which include fixes for CVE-2024-1023)
- Fix Host Allow List handler to handle empty host header
- Update Postgresql JDBC driver to fix CVE-2024-1597
- Fix cached gvr to be thread-safe during first boot. #978
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | 5f5d833e86b138a94681597075153fee28fd7f4742e67183e199d29db675b15b |
| web3signer.zip | 8e7063d8f9902320f4c3a8379ed35a663b5712c005697c17835dca701347c217 |
Docker
docker pull consensys/web3signer:24.6.0
What's Changed
- upgrade postgres to 42.5.5 to fix CVE by @gfukushima in #973
- Upgrade postgres jdbc driver to 42.7.2 by @usmansaleem in #975
- fix: Make cached GVR thread-safe by @usmansaleem in #980
- build - suppress unrelated owasp warnings and update azure libraries by @usmansaleem in #981
- fix: Update Vert.x dependency version to 4.4.9 by @usmansaleem in #983
- Upgrade vertx to 4.5.7 by @usmansaleem in #986
- minor: Update Teku libraries to 24.3.1 by @usmansaleem in #987
- fix!: Fix Host Allow List Handler by @usmansaleem in #985
- Libraries upgrade to fix reported CVE by @usmansaleem in #989
- fix - Add adduser in docker image via apt by @usmansaleem in #992
- fix - Update .openapidoc gh-pages version by @usmansaleem in #993
- Extension Signing request endpoint by @usmansaleem in #982
- chore: Update changelog for Java21 upcoming changes by @usmansaleem in #996
- fix: Update Teku version to 24.4.0 by @usmansaleem in #998
- fix: Update Besu version to 24.5.2 by @usmansaleem in #997
- Update changelog for 24.6.0 by @usmansaleem in #1000
- changelog: Update changelog with filecoin change by @usmansaleem in #1001
Full Changelog: 24.2.0...24.6.0
Contributors
usmansaleem and gfukushima