7.0.0-dev1

Changed

• CCF no longer has platform-specific builds. The single build configuration will run on both SNP and Virtual, automatically detecting the current platform at runtime. This means the COMPILE_TARGET CMake option is no longer required, and all release artifacts no longer have a platform in their path.
• The logging.host_level configuration option and --enclave-log-level CLI switch are replaced by a combined --log-level CLI switch (#7104).
• Drop support for 5.* Linux kernels exposing /dev/sev. Only 6.*+ Linux kernels exposing /dev/sev-guest are now supported (#7109).

Removed

• The ccf/pal/hardware_info.h header has been removed (#7117).

5.0.19

Dependencies

• Updated Open Enclave from 0.19.11 to 0.19.13 (#7124).

7.0.0-dev0

Removed

• The classic governance API which was deprecated in 5.0.0 has now been removed. Any operations under /gov which do not take an api-version query parameter are no longer available.

Fixed

• Improved error messages when failing to fetch collateral. (#7103)

6.0.9

Added

• Add governance action that supports specifying minimum TCB versions in hexstring format. This is intended to be the default format going forward. (#7078)

6.0.8

Changed

• The constitution's apply() function may now write directly to public application (ie - non-governance) tables. Note that this access is write-only, so these tables can still not be read from. (#7088)

6.0.7

Added

• Reproducibility support for RPM releases: each release now includes a manifest and script to reproduce the RPM (#7063, #7069)
• Documentation added for users to reproduce and verify CCF RPMs (#7072)

6.0.6

Added

• Collateral can be fetched from AMD servers directly on Genoa machines (#7054).

Fixed

• Addressed issues in read_ledger and ccf.ledger that could prevent old ledger from being read (#7056, #7057).

6.0.5

Fixed

• Nodes will now avoid re-parsing .committed files in the main directory if they have established a later commit point in the read_only directories. This should significantly reduce start-up time for nodes with large existing ledgers.
• Added support for validating Genoa attestations (#7051).

Changed

• Allow : within regex matched templated URL components again, while still terminating matched segments correctly (#7046).

Dependencies

• Updated didx509cpp to 0.11.0 (#7050).

6.0.4

Fixed

• CCF will no longer create in-progress snapshot files with a .committed suffix. It will only rename files to .committed when they are complete and ready for reading (#7029).

Changed

• Templated URL parsing will no longer allow : within regex matched components, since : is already used to delimit actions. Concretely, a call to GET .../state-digests/abcd:update should now correctly return a 404, rather than dispatching to GET .../state-digests/{memberId} and returning No ACK record exists for member m[abcd:update].

5.0.18

Fixed

• CCF will no longer create in-progress snapshot files with a .committed suffix. It will only rename files to .committed when they are complete and ready for reading (#7029).