Corda Enterprise release notes

Corda Enterprise 4.7.2

Corda Enterprise 4.7.2 is a patch release of Corda Enterprise that introduces fixes to known issues in Corda Enterprise 4.7.1.

Upgrade recommendation

As a developer, you should upgrade to the latest released version of Corda as soon as possible. Check the latest Corda Enterprise release notes and upgrade guide here.

As a node operator, you should upgrade to the latest released version of Corda if the fixed issues listed below are relevant to your work.

Fixed issues

  • Corda dependency vulnerability CVE-2020-28052 has been fixed.
  • A fix has been introduced to reduce memory consumption during batched transaction resolution of large backchains.

Corda Enterprise 4.7.1

Corda Enterprise 4.7.1 is a patch release of Corda Enterprise that introduces fixes to known issues in Corda Enterprise 4.7.

The main new features and enhancements in Corda Enterprise 4.7.1 are listed below:

Upgrade recommendation

As a developer, you should upgrade to the latest released version of Corda as soon as possible. Check the latest Corda Enterprise release notes and upgrade guide here.

As a node operator, you should upgrade to the latest released version of Corda if the fixed issues listed below are relevant to your work.

Fixed issues

  • A security issue has been fixed that affects notary systems that use the JPA notary implementation in an HA configuration, and when the notary backing database has been set up using the Corda database management tool. The new version of the Corda database management tool must be re-run for the fix to take effect.
  • We have fixed several issues that caused memory leaks. As a result, we have added a new node configuration field - enableURLConnectionCache - and we have modified the attachmentClassLoaderCacheSize node configuration field. See the node configuration fields page for details.
  • We have fixed an issue where the HA utilities tool does not write the correct log file.
  • We have fixed an issue that prevented the HA utilities tool loading third-party HSM .jar files from the drivers directory when the generate-internal-tunnel-ssl-keystores command is run.
  • The startFlowWithClientId now uses the same permissioning as the startFlow method.
  • Corda Enterprise 4.7.1 now supports version 3.2.1 of the AWS CloudHSM client library.
  • We have fixed an issue that could cause flow execution to hang.
  • We have fixed an issue that caused the Corda Firewall to throw an error when version information was requested.
  • We have fixed an issue where migrating from Corda Enterprise 4.5 to Corda Enterprise 4.6 could cause some flows to experience a retry loop.
  • The attachmentPresenceCache has been removed. The functionality is duplicated in the attachmentContent cache in the NodeAttachmentService.
  • We have fixed an issue that could cause a node to hang at shutdown.
  • We have fixed an issue where CordaPersistence.transaction did not flush properly and another flush had to be added in order to complete the transaction.

Corda Enterprise 4.7 release overview

This release introduces a number of new features and enhancements, and fixes for known issues from previous releases.

Just as prior releases have brought with them commitments to wire and API stability, Corda 4.7 comes with those same guarantees.

States and apps valid in Corda 3.0 and above are usable in Corda 4.7.

The main new features and enhancements in Corda Enterprise 4.7 are listed below:

New features and enhancements

Archiving Service

The Archiving Service is a new tool that allows you, as a node operator, to archive ledger data for entirely spent transactions. This saves space and reduces pressure on node databases.

Some features of the Archiving Service:

  • Use the Archiving Service with Corda command-line interface (CLI) commands. This allows you to rapidly check archiving jobs, delete data that is no longer required from the vault, import, export, and restore snapshots of the vault’s contents.
  • Use the application entity manager to allow your CorDapps to access off-ledger databases.
  • Integrate your archiving service with Collaborative Recovery CorDapps to ensure smooth running of data recovery after a disaster scenario.

See the Archiving Service documentation section for more information.

Improved notary backpressure mechanism

To optimise the way notaries handle traffic, we have updated the notary backpressure mechanism to improve notary performance when there is a sudden increase in notarisation requests. This change increases the accuracy of transaction retry estimates that the notary provides to the node.

As a result, the notary backpressure mechanism is now more precise and responsive under “heavy traffic conditions”, which leads to fewer node retries, optimised performance, and a better end-user experience for node operators.

New management consoles for node management and flow management

Corda Enterprise 4.7 comes with two new management consoles:

  • The Flow management console allows you to see the state of the flows running on a node and perform some operations on them. For more information, see Flow management console.
  • The Node management console allows you to see information about a node and perform some operations on it. For more information, see Node management console.

They both run as part of the Gateway Service.

Certificate rotation

Corda Enterprise 4.7 introduces a capability for reissuing node legal identity keys and certificates, allowing for re-registration of a node (including a notary node) with a new certificate in the Network Map in Corda Enterprise Network Manager. For more information about this feature, contact your R3 account manager.

Other changes and improvements

  • Single sign-on for Azure AD. You can now operate a single sign-on (SSO) set-up between Corda services and Azure AD, with a simple configuration to both your Azure AD and Corda Auth services.
  • HSM integration support. Corda Enterprise now supports users to integrate unsupported HSMs with their Corda Enterprise instance. This release includes a sample Java implementation to be used as an example, and a testing suite that can be used to test an implementation before deployment. For guidance on writing an HSM integration, see HSM documentation.
  • Ability to store confidential identity keys in HSMs. Corda Enterprise now provides support for storing the keys associated with confidential identities in nCipher, Futurex, and Azure Key Vault HSMs. nCipher and Azure Key Vault HSMs support native use of confidential identity keys, and Futurex HSMs support the wrapped key mode. For more information on configuring these HSMs to store confidential identity keys, see the HSM documentation.
  • HSM APIs. Corda Enterprise 4.7 introduces an HSM library with its own API that external tooling developers can use to expand Corda Enterprise HSM support.
  • Node initial-registration now includes the creation of the identity-private-key keystore alias. For more information, see the documentation about node folder structure. Previously, only cordaclientca and cordaclienttls aliases were created during initial-registration, while identity-private-key was generated on demand on the first node run. Therefore in Corda Enterprise 4.7 the content of nodekeystore.jks is never altered during a regular node run (except for devMode = true, where the certificates directory can be filled with pre-configured keystores).
  • We have added documentation clarifying some potential performance gains when adjusting the notary batchTimeoutMs configuration option, though the default has not been changed.

Platform version change

The platform version of Corda 4.7 has been bumped up from 8 to 9.

For more information about platform versions, see Versioning.

Fixed issues

  • We have fixed a Collaborative recovery issue where, when using Accounts, LedgerSync returned no differences if the party that initiated the transaction wanted to recover against the receiving party.
  • We have fixed an issue where the flow metadata finish time was set in a different time zone than the flow metadata start time.
  • We have fixed an issue where, in case of hot/cold node failover, ongoing flows would sometimes get stuck on a new hot node and/or counterparty nodes while waiting to receive messages from the counterparty.
  • We have fixed an issue where the Corda 4.6 RPC Client could not execute the method NodeFlowStatusRpcOps::getFlowStatus against a Corda 4.7 node due to failing to deserialise some enums when querying the node states.
  • We have fixed an issue with JPA notaries where, if there were 10 or more input states, the StateRef was correctly encoded as <hash>:a but then was incorrectly decoded due to an expected integer input.
  • We have fixed an issue where Float handled two connection attempts from the same Bridge at the same time, creating a binding exception as a result.

Known issues

  • In some cases the RPC Client may fail to connect to the node. This error is more likely to occur when using a lower-spec machine.
  • The HA Utilities tool does not log information about the used freshIdentitiesConfiguration as it is implemented for Legal Identities and TLS keys.
  • The HA Utilities tool does not log a message stating that the master key is not needed when using NATIVE mode. Such a message is only recorded in the node log when the node is registered using the initial-registration command.
  • During node registration with confidential identities on HSM in NATIVE mode, the HA Utilities tool log contains an inaccurate log entry “Confidential identity wrapping key created” although no keys are generated as the master key is not required for confidential identities in NATIVE mode.
  • A transaction without inputs and references can have different notaries for its output states. As a result, the node issuing the transaction could assign an arbitrary notary to its output state without notarising the transaction with this notary.
  • Corda still depends on an outdated Azure Java SDK version (1.2.1) for Azure KeyVault support. This may result in the need for node operators to build a shadedJar themselves.
  • In the new Flow Management Console, columns filtering/sorting may be incorrectly reset after page reload instead of showing the same results as when the filter was applied.
  • In the new Flow Management Console and the Node Management Console, the “Change password” / “Log out” drop-down menu may not be fully visible when the user’s name is short.
  • In the new Flow Management Console, the “FLOW START FROM / TO” field in the Calendar on the “Query Flows” page must be clicked twice to open.
  • A Collaborative Recovery 1.1 (or 1.0) initiator could fail when attempting to recover transactions archived by a Collaborative Recovery 1.2 responder.
  • When performing certificate rotation (introduced in this release), flows could fail with an error when trying to use a state signed by the old key that is not in the previousIdentityKeyAliases list.
  • The Health Survey Tool always tries to save its report in the Corda node directory instead of the current directory. This could be a problem for node operators who do not have write access to the Corda node directory.
  • There are some formatting inconsistencies between the Corda HSM Technology Compatibility Kit (TCK) tests console help and the Corda shell CLI help.
  • When running samples:attachment-demo:deployNodes, the runSender task fails to send the attachment because it uses myLegalName instead of serviceLegalName for notarisation.
  • When running run-migration-scripts --core-schemas --app-schemas to migrate the custom IOU CorDapp, the migration script fails when running on a MS SQL database. The migration works fine against H2, PostgreSQL, and Oracle databases.
  • In some cases, the node keeps trying to reconnect to the counterparty even when the counterparty is down / the flow is killed.