ScalarDL 3.8 Release Notes

This page includes a list of release notes for ScalarDL 3.8.

v3.8.3

Release date: November 1, 2024

Summary

This release includes the following bug fixes.

Bug fixes

• Fixed a bug that prevented ScalarDL from running on Cosmos DB.

v3.8.2

Release date: August 28, 2024

Summary

This release includes several bug fixes and vulnerability fixes.

Bug fixes

• Fixed a bug when handling PKCS#8 format private key.
• Fixed a comment for HMAC settings.
• Fixed sources and Javadoc for artifacts.
• Fixed CVE-2024-24790, CVE-2023-45283, and CVE-2023-45288.
• Fixed an issue that does not run integration tests with JUnit5.
• Fixed e2e tests to run correctly.
• Fixed unexpected validation execution.
• Fixed a bug with non-nonce transaction ID.
• Fixed a bug where a transaction with the JDBC transaction manager wrongly overwrites an asset.
• Fixed a bug that makes the Ledger service unable to execute contracts on DynamoDB.

v3.8.1

Release date: April 17, 2024

Bug fixes

• Fixed dimension names for AWS meters.
• Fixed registry name of AWS Marketplace.
• Fixed to avoid outputting credential information as a log.
• Fixed to use getTargetHost() to properly get LEDGER_HOST.
• Fixed busybox version in Dockerfile.
• Fixed a bug to use the intermediary mode.
• Fixed the bound argument of FunctionalInterface for gRPC stub method in ThrowableConsumer and ThrowableFunction.
• Fixed AuthenticationMethod to accept "digital-signature".
• Fixed Function execution to return its results to clients.
• Fixed an unnecessary warning when the specified secret has already been registered.
• Fixed TLS-related code and configurations to work properly.
• Fixed several configuration issues.
• Upgraded org.everit.json.schema to 1.14.2. CVE-2023-5072
• Upgraded grpc-health-probe to fix security issues. CVE-2023-39325 GHSA-m425-mq94-257g
• Upgraded the base image to fix security issues. CVE-2022-29458 CVE-2022-29458 CVE-2023-4911 CVE-2023-29491 CVE-2023-47038
• Upgraded org.bouncycastle:bcprov-jdk15on from 1.59 to 1.70. CVE-2023-33201 CVE-2023-33202

v3.8.0

Release date: April 19, 2023

New features

• Added support for hash-based message authentication codes (HMACs). In ScalarDL 3.7 and earlier versions, you could use only digital signatures as the authentication method between client and Ledger, client and Auditor, and Ledger and Auditor. As of ScalarDL 3.8, you can use either digital signatures or HMACs for all authentications. By default, digital signatures are used for authentication.
• Added capability to configure values through environment variables. As of ScalarDL 3.8, you can set values for Client SDK, Ledger, and Auditor configurations through environment variables. This capability enables you to more flexibly and easily configure Client SDK, Ledger and Auditor.
• Added metering capability for pay-as-you-go in the AWS Marketplace. As of ScalarDL 3.8, you can download and use container images of ScalarDL Ledger and Auditor through the AWS Marketplace. You will be automatically billed a fee based on how many hours you use each container.

For more details, please see ScalarDL 3.8 has been released!

Improvements

• Added a cache for DagValidator to reduce validation time by avoiding duplicate contract execution in Auditor.
• Renamed Scalar DL to ScalarDL for product branding purposes.
• Removed unnecessary code and files.
• Upgraded the supported version of ScalarDB from 3.7.2 to 3.8.0.

Bug fixes

• Upgraded the integrated Java Runtime Environment (JRE) Docker image to 1.1.12 to fix security issues. CVE-2023-0286, CVE-2023-0361
• Upgraded gRPC Health Probe to 0.4.17 to fix security issues. CVE-2022-41721, CVE-2022-41723