Releases: Consensys/web3signer
24.6.0
This release contains various libraries updates and is recommended for all users.
Highlights
Upcoming Breaking Changes
- This is the last Web3Signer release to use Java 17. Web3Signer will start mandating Java 21 for build and runtime after
this release. The Web3Signer docker image will also use Java 21, however, binary distributions (.tar.gz/.zip) will
require Java 21 to be available on the host machine. - This is the last Web3Signer release to use the "filecoin" mode. The "filecoin" mode will be removed in a future release.
Features Added
- Added endpoint
/api/v1/eth2/ext/sign/:identifierwhich is enabled using cli option--Xsigning-ext-enabled=true.
This endpoint allows signing of additional data not covered by the remoting API specs. #982
Bugs fixed
- Update transitive dependency threetenbp and google cloud secretmanager library to fix CVE-2024-23082, CVE-2024-23081
- Update bouncycastle libraries to fix CVE-2024-29857, CVE-2024-30171, CVE-2024-30172
- Update Teku libraries to 24.3.1
- Update Vert.x to 4.5.7 (which include fixes for CVE-2024-1023)
- Fix Host Allow List handler to handle empty host header
- Update Postgresql JDBC driver to fix CVE-2024-1597
- Fix cached gvr to be thread-safe during first boot. #978
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | 5f5d833e86b138a94681597075153fee28fd7f4742e67183e199d29db675b15b |
| web3signer.zip | 8e7063d8f9902320f4c3a8379ed35a663b5712c005697c17835dca701347c217 |
Docker
docker pull consensys/web3signer:24.6.0
What's Changed
- upgrade postgres to 42.5.5 to fix CVE by @gfukushima in #973
- Upgrade postgres jdbc driver to 42.7.2 by @usmansaleem in #975
- fix: Make cached GVR thread-safe by @usmansaleem in #980
- build - suppress unrelated owasp warnings and update azure libraries by @usmansaleem in #981
- fix: Update Vert.x dependency version to 4.4.9 by @usmansaleem in #983
- Upgrade vertx to 4.5.7 by @usmansaleem in #986
- minor: Update Teku libraries to 24.3.1 by @usmansaleem in #987
- fix!: Fix Host Allow List Handler by @usmansaleem in #985
- Libraries upgrade to fix reported CVE by @usmansaleem in #989
- fix - Add adduser in docker image via apt by @usmansaleem in #992
- fix - Update .openapidoc gh-pages version by @usmansaleem in #993
- Extension Signing request endpoint by @usmansaleem in #982
- chore: Update changelog for Java21 upcoming changes by @usmansaleem in #996
- fix: Update Teku version to 24.4.0 by @usmansaleem in #998
- fix: Update Besu version to 24.5.2 by @usmansaleem in #997
- Update changelog for 24.6.0 by @usmansaleem in #1000
- changelog: Update changelog with filecoin change by @usmansaleem in #1001
Full Changelog: 24.2.0...24.6.0
Contributors
Assets 2
24.2.0
This is a required update for Mainnet users containing the configuration for the Deneb upgrade on March 13th. This update is required for Gnosis Deneb network upgrade on March 11th. For all other networks, this update is optional.
Ethereum Mainnet configuration with Deneb fork scheduled for epoch 269568 (March 13, 2024, 13:55:35 UTC)
Gnosis configuration with Deneb fork scheduled for epoch 889856 (March 11, 2024, 18:30:20 UTC)
Highlights
Upcoming Breaking Changes
- --Xworker-pool-size cli option will be removed in a future release. This option has been replaced with --vertx-worker-pool-size
Features Added
- Add Deneb configuration for Mainnet #971
- Improve Key Manager API import operation to use parallel processing instead of serial processing. Note, if you import a large number of keys while running as a signer, then this may degrade the signing performance for the duration of the import process. It is recommended to import large numbers of keys in batches. #968
Bugs fixed
- Ensure that Web3Signer stops the http server when a sigterm is received
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | a1637bac774a38699a42f0c48706b9c08bed83cf8c8470e11ad6a6dd7280364d |
| web3signer.zip | cd0c2d05dddc663b568c6715096f557e7e9ee07a5cf9f3600e315e986b8fe69e |
Docker
docker pull consensys/web3signer:24.2.0
What's Changed
- Shutdown Vertx as part shutdown hook by @jframe in #967
- Fix typos by @Thabokani in #966
- Upgrade nimbus-jose-jwt version to avoid CVE-2023-52428 by @usmansaleem in #969
- Improve KeyManager API import operation by @usmansaleem in #968
- Upgrade teku to 24.2.0 and prep for release by @siladu in #971
New Contributors
- @Thabokani made their first contribution in #966
Full Changelog: 24.1.1...24.2.0
Contributors
Assets 2
24.1.1
24.1.1
This is an optional release for mainnet Ethereum and it includes the updated network configuration for the Sepolia, Holesky and Chiado Deneb forks.
- Sepolia is scheduled for 2024-01-30 22:51:12 UTC
- Chiado is scheduled for 2024-01-31 18:15:40 UTC
- Holesky is scheduled for 2024-02-07 11:34:24 UTC
Features Added
- Add Deneb configuration for Sepolia, Holesky and Chiado forks
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | a4041cfdb40e6b7cc3f3da101fedd4aa50b935ec92f1bd842fa81054ce65c17a |
| web3signer.zip | 2efeb0330583011e89374613a90b5d67181c556625ab0639b8adcedeae86fab0 |
Docker
docker pull consensys/web3signer:24.1.1
24.1.0
24.1.0
This is an optional release for mainnet Ethereum, required for the upcoming Goerli Deneb fork.
The Goerli upgrade is scheduled on 2024-01-17 06:32:00 UTC (timestamp 1705473120).
Bugs fixed
- Update reactor-netty-http to fix CVE-2023-34062
Features Added
- Add Deneb configuration for Goerli #960
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | 6fb520db5f0ad54d0be897fb139a0cb808dbcf7960f14d822fa647f781163d07 |
| web3signer.zip | e599f67bf32b7a4ab269fce62e4179436caefbe6f707d64f8765ef79a063c86a |
Docker
docker pull consensys/web3signer:24.1.0
23.11.0
23.11.0
This release patches a vulnerable dependency and is recommended for all users.
Upcoming Breaking Changes
--Xworker-pool-sizecli option will be removed in a future release. This option has been replaced with--vertx-worker-pool-size.
Bugs fixed
- Update netty to fix CVE-2023-44487
Features Added
- Google Cloud Secret Manager bulk loading support for BLS keys in eth2 mode via PR #928 contributed by Sergey Kisel.
- Removed hidden option
--Xtrusted-setupas Web3Signer does not need KZG trusted setup file anymore. - Make Vert.x worker pool size configurable using cli option
--vertx-worker-pool-size(replaces the now deprecated:--Xworker-pool-size). #920
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | e7643a6aa32efd859e96a82cb3ea03a294fd92c22fffeab987e5ec97500867a8 |
| web3signer.zip | 9ba56683228ca356326c087b5f1e576e7d2081fc90450f049d9b869020ee929a |
Docker
docker pull consensys/web3signer:23.11.0
23.9.1
23.9.1
This is an optional release for mainnet Ethereum and it includes the updated configuration for the upcoming Holesky testnet launch.
Breaking Changes
- Remove --validator-ids option from watermark-repair subcommand #909
Features Added
- Aws bulk loading for secp256k1 keys in eth1 mode #889
- Add High Watermark functionality #696
- Add network configuration for revised Holesky testnet
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | aec9dc745cb25fd8d7b38b06e435e3138972c2cf842dd6f851d50be7bf081629 |
| web3signer.zip | 96b219817dd178235bebd9638b44263a457562e0ed8925c6c5315f7e23098a2f |
Docker
docker pull consensys/web3signer:23.9.1
23.9.0
23.9.0
This an optional release for mainnet Ethereum and includes further improvements on the Web3Signer <> EthSigner feature consolidation. It also includes the upcoming Holesky testnet configuration.
Features Added
- Signing support for BlobSidecar and BlindedBlobSidecar in Deneb fork.
- Add
--azure-response-timeoutto allow request response timeout to be configurable, the fieldtimeoutis also accepted in the Azure metadata file. #888 - Bulk load Ethereum v3 wallet files in eth1 mode.
- Eth2 Signing request body now supports both
signingRootand thesigning_rootproperty - Add network configuration for Holesky testnet
- Add
eth_signTypedDataRPC method under the eth1 subcommand. #893
Bugs fixed
- Upcheck was using application/json accept headers instead text/plain accept headers
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | 7af5cd0589f6105f2267b6c9e6eedda077d597e6410975e1687a6a20e7f1518c |
| web3signer.zip | c2b63dbbce20353e501a1453beeb33d6fc23de8ac4b0dce2675132232569f691 |
Docker
docker pull consensys/web3signer:23.9.0
23.8.1
23.8.1
This release patches a vulnerable dependency and is recommended for all users. This update has no other changes. Please see the release notes for version 23.8.0 for more information on the latest features, enhancements, and fixes in Web3Signer: https://github.com/Consensys/web3signer/releases/tag/23.8.0
Bugs fixed
- Update grpc library to version 1.57.2 to fix CVE-2023-33953
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | dc51228c4462ac15cb5dc221e1e864063aa3f48038989063599f92c74e850760 |
| web3signer.zip | b16b6165369b1ef45df56196e56edf63d8c228d537796d9cdc2114328e1ca2cf |
Docker
docker pull consensys/web3signer:23.8.1
23.8.0
23.8.0
EthSigner Feature Consolidation & Deprecation Notice
The Web3Signer <> EthSigner Feature consolidation is nearing completion! With the release of this latest version, Web3Signer now mirrors the existing functionality of EthSigner. It can now be used for remotely signing Ethereum transactions alongside the existing Ethereum validator signing features for Proof of Stake. Check out the Web3Signer documentation for more information.
This is also a notice that EthSigner is officially deprecated in favor of Web3Signer. In an effort to streamline our remote signing offerings and efforts, Web3Signer will continue to be supported with existing EthSigner features. You can expect future patches for bug fixes and continued public and private chain support. If you have questions, reach us on our Discord.
File Coin Deprecation Notice
As of version 23.8.0, File Coin is considered deprecated in Web3Signer. This is part of a broader move to simplify the codebase and increase development velocity. We encourage the community to maintain the code via a fork or PRs if it is needed for your use-case, or to use an older version of Web3Signer.
Breaking Changes
- Use Java 17 for build and runtime. Remove Java 11 variant of docker image. zip/tar.gz distributions will require Java 17 or above to run Web3Signer.
- Eth2 Azure command line option --azure-secrets-tags is now deprecated and is replaced with --azure-tags. The --azure-secrets-tags option will be removed in a future release.
Features Added
- Add support for SECP256K1 remote signing using AWS Key Management Service. #501
- Azure bulk mode support for loading multiline (
\ndelimited, up to 200) keys per secret. - Hashicorp connection properties can now override http protocol to HTTP/1.1 from the default of HTTP/2. #817
- Add --key-config-path as preferred alias to --key-store-path #826
- Add eth_signTransaction RPC method under the eth1 subcommand #822
- Add eth_sendTransaction RPC method under the eth1 subcommand #835
- Add EIP-1559 support for eth1 public transactions for eth_sendTransaction and eth_signTransaction #836
- Add Azure bulk loading for secp256k1 keys in eth1 mode #850
- Added Gnosis configuration for the 🦉 CAPELLA 🦉 network fork due at epoch 648704, UTC Tue 01/08/2023, 11:34:20 #865
- Java 17 for build and runtime. #870
- Update internal teku library to 23.8.0 #876
- Add support for Lukso network
--network=lukso
Bugs fixed
- Support long name aliases in environment variables and YAML configuration #825
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | fb3556fc301b4ff6bec3b732b42e3ffe3928f220e6f0ffb8dca3fd879d276867 |
| web3signer.zip | cf3573d642fa8125b7306a083bcc073a71d501bbd3251bdcfadb73e90050f42f |
Docker
docker pull consensys/web3signer:23.8.0
23.6.0
As part of our ongoing commitment to deliver the best remote signing solutions, we are announcing a change in our product offerings.
We have decided to deprecate our EthSigner product to focus our efforts on enhancing Web3Signer, our newly comprehensive remote signing solution. This is rooted in our strategy to streamline our offerings and focus on a single, robust product that will provide functionality for both transaction and Ethereum validator signing. We hope this makes it applicable to all your use-cases like public Ethereum signing, staking infrastructure offerings, and in private network contexts.
Rest assured, we are not dropping existing EthSigner functionality. We are updating Web3Signer to incorporate the functionalities of EthSigner alongside everything else in Web3Signer. We will ensure a smooth transition by maintaining EthSigner with necessary patches for an additional six months. We hope this provides ample time for any necessary migration to Web3Signer.
We have begun adding EthSigner functionality to Web3Signer. This is a work in progress and not complete.
Features Added
- Optional Azure bulk loading tags support using cli option
--azure-secrets-tags. - Support Prometheus Push Gateway Metrics #796
- Cache Genesis Validators Root (GVR) in-memory on first database lookup. This would eliminate further database lookups
for GVR during sign operations and improve their performance. #600 - Add RPC proxy support to execution client under the eth1 subcommand #775
- Add eth_accounts RPC method under the eth1 subcommand #784
Bugs Fixed
- Upgrade jackson and vertx to upgrade snakeyaml to 2.0 to fix CVE-2022-1471
- Fixed handling of very large number (30,000+) of signing metadata files with Hashicorp connection by introducing
experimental flag to disable parallel processing--Xmetadata-files-parallel-processing-enabled.
#794 - Fixed startup error with web3signer where openAPI spec cannot be loaded #772
- Removed unmaintained and out-of-date helm chart #802
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | 250c91e7fa18ae9d4962b083a95a7018775a6b99991f1423ce99ffef0366d4a5 |
| web3signer.zip | cb92a7bd50f2efe9d9c63d5db8fc10483b58912d08f96e13e0e50c2f8a33563d |
Docker
docker pull consensys/web3signer:23.6.0docker pull consensys/web3signer:23.6.0-jdk11