- Java 21 is required to build Web3Signer.
- Filecoin mode has been removed.
- Java 21 for build and runtime. #995
- Electra fork support. #1020 and #1023
- Teku and Besu libraries updated to 24.10.3 and 24.10.0 respectively.
- Commit Boost API - Get Public Keys #1031, Generate Proxy Keys #1043 and Request Signature #1045.
- Override protobuf-java to 3.25.5 which is a transitive dependency from google-cloud-secretmanager. It fixes CVE-2024-7254.
- This is the last Web3Signer release to use Java 17. Web3Signer will start mandating Java 21 for build and runtime after this release. The Web3Signer docker image will also use Java 21, however, binary distributions (.tar.gz/.zip) will require Java 21 to be available on the host machine.
- This is the last Web3Signer release to use the "filecoin" mode. The "filecoin" mode will be removed in a future release.
- Use Java 21 for build and runtime. Remove Java 17 variant of docker image. zip/tar.gz distributions will require Java 21 or above to run Web3Signer.
- The Web3Signer metrics are now compatible with OpenMetrics data model. This results in the names of counter metrics to append
_total
suffix. Users may need to update their dashboards to reflect these changes.
- Added endpoint
/api/v1/eth2/ext/sign/:identifier
which is enabled using cli option--Xsigning-ext-enabled=true
. This endpoint allows signing of additional data not covered by the remoting API specs. #982
- Update transitive dependency threetenbp and google cloud secretmanager library to fix CVE-2024-23082, CVE-2024-23081
- Update bouncycastle libraries to fix CVE-2024-29857, CVE-2024-30171, CVE-2024-30172
- Update Teku libraries to 24.3.1
- Update Vert.x to 4.5.7 (which include fixes for CVE-2024-1023)
- Fix Host Allow List handler to handle empty host header
- Update Postgresql JDBC driver to fix CVE-2024-1597
- Fix cached gvr to be thread-safe during first boot. #978
This is a required update for Mainnet users containing the configuration for the Deneb upgrade on March 13th. This update is required for Gnosis Deneb network upgrade on March 11th. For all other networks, this update is optional.
--Xworker-pool-size
cli option will be removed in a future release. This option has been replaced with--vertx-worker-pool-size
- Add Deneb configuration for Mainnet #971
- Improve Key Manager API import operation to use parallel processing instead of serial processing
- Ensure that Web3Signer stops the http server when a sigterm is received
This is an optional release for mainnet Ethereum and it includes the updated network configuration for the Sepolia, Holesky and Chiado Deneb forks.
This is an optional release for mainnet Ethereum and it includes the updated network configuration for the Goerli Deneb fork.
--Xworker-pool-size
cli option will be removed in a future release. This option has been replaced with--vertx-worker-pool-size
.
- Update reactor-netty-http to fix CVE-2023-34062
- Add Deneb configuration for Goerli #960
--Xworker-pool-size
cli option will be removed in a future release. This option has been replaced with--vertx-worker-pool-size
.
- Update netty to fix CVE-2023-44487
- Google Cloud Secret Manager bulk loading support for BLS keys in eth2 mode via PR #928 contributed by Sergey Kisel.
- Removed hidden option
--Xtrusted-setup
as Web3Signer does not need KZG trusted setup file anymore. - Make Vert.x worker pool size configurable using cli option
--vertx-worker-pool-size
(replaces the now deprecated:--Xworker-pool-size
). #920
- Remove --validator-ids option from watermark-repair subcommand #909
- Aws bulk loading for secp256k1 keys in eth1 mode #889
- Add High Watermark functionality #696
- Add network configuration for revised Holesky testnet
- Signing support for BlobSidecar and BlindedBlobSidecar in Deneb fork.
- Add
--azure-response-timeout
to allow request response timeout to be configurable, the fieldtimeout
is also accepted in the Azure metadata file. #888 - Bulk load Ethereum v3 wallet files in eth1 mode.
- Eth2 Signing request body now supports both
signingRoot
and thesigning_root
property - Add network configuration for Holesky testnet
- Add
eth_signTypedData
RPC method under the eth1 subcommand. #893
- Upcheck was using application/json accept headers instead text/plain accept headers
- Update grpc library to version 1.57.2 to fix CVE-2023-33953
-
Use Java 17 for build and runtime. Remove Java 11 variant of docker image. zip/tar.gz distributions will require Java 17 or above to run Web3Signer.
-
Eth2 Azure command line option --azure-secrets-tags is now deprecated and is replaced with --azure-tags. The --azure-secrets-tags option will be removed in a future release.
- Add support for SECP256K1 remote signing using AWS Key Management Service. #501
- Azure bulk mode support for loading multiline (
\n
delimited, up to 200) keys per secret. - Hashicorp connection properties can now override http protocol to HTTP/1.1 from the default of HTTP/2. #817
- Add --key-config-path as preferred alias to --key-store-path #826
- Add eth_signTransaction RPC method under the eth1 subcommand #822
- Add eth_sendTransaction RPC method under the eth1 subcommand #835
- Add EIP-1559 support for eth1 public transactions for eth_sendTransaction and eth_signTransaction #836
- Add Azure bulk loading for secp256k1 keys in eth1 mode #850
- Added Gnosis configuration for the 🦉 CAPELLA 🦉 network fork due at epoch 648704, UTC Tue 01/08/2023, 11:34:20 #865
- Java 17 for build and runtime. #870
- Update internal teku library to 23.8.0 #876
- Add support for Lukso network
--network=lukso
- Deprecate
signingRoot
while currently supporting bothsigningRoot
andsigning_root
in Eth2 signing request body.
- Support long name aliases in environment variables and YAML configuration #825
As part of our ongoing commitment to deliver the best remote signing solutions, we are announcing a change in our product offerings.
We have decided to deprecate our EthSigner product to focus our efforts on enhancing Web3Signer, our newly comprehensive remote signing solution. This is rooted in our strategy to streamline our offerings and focus on a single, robust product that will provide functionality for both transaction and Ethereum validator signing. We hope this makes it applicable to all your use-cases like public Ethereum signing, staking infrastructure offerings, and in private network contexts.
Rest assured, we are not dropping existing EthSigner functionality. We are updating Web3Signer to incorporate the functionalities of EthSigner alongside everything else in Web3Signer. We will ensure a smooth transition by maintaining EthSigner with necessary patches for an additional six months. We hope this provides ample time for any necessary migration to Web3Signer.
We have begun adding EthSigner functionality to Web3Signer. This is a work in progress and not complete.
- Optional Azure bulk loading tags support using cli option
--azure-secrets-tags
. - Support Prometheus Push Gateway Metrics #796
- Cache Genesis Validators Root (GVR) in-memory on first database lookup. This would eliminate further database lookups for GVR during sign operations and improve their performance. #600
- Add RPC proxy support to execution client under the eth1 subcommand #775
- Add eth_accounts RPC method under the eth1 subcommand #784
- Upgrade jackson and vertx to upgrade snakeyaml to 2.0 to fix CVE-2022-1471
- Fixed handling of very large number (30,000+) of signing metadata files with Hashicorp connection by introducing
experimental flag to disable parallel processing
--Xmetadata-files-parallel-processing-enabled
. #794 - Fixed startup error with web3signer where openAPI spec cannot be loaded #772
- Removed unmaintained and out-of-date helm chart #802
- Add support for Capella milestone in Mainnet
- Enhanced Healthcheck endpoint reporting status of loading of signers keys #738
- Optional AWS endpoint overriding for bulk loading
--aws-endpoint-override
. Useful for local testing against localstack. #730
- Update of Azure libraries (transitive via signers library) and manual override to fix CVE-2023-1370
- Fix issue with some third party libraries not including logs in the web3signer logs due missing slf4j2 library
- Slashing protection database schema has been updated to support indexes with bigint type and after the upgrade will no longer work with older versions of Web3Signer.
- Add support for Capella milestone in Goerli
- Introduced cli option
--key-store-config-file-max-size
to change the default value of configuration file size. #719
- Fix issue with slashing protection database failing once reaching max integer index value #705
- Fix issue with Web3Signer startup when configuration file size is greater than 3 MB #719
- Add support for Capella milestone in Sepolia
- Add Block signing support for Capella
- Upgrade to Vertx 4.3.8 to address CVE-2023-24815
- Updated docker image with latest libssl3
- AWS Secrets Manager bulkload mode can now load multiple keys from same secret where keys are separated by line terminating
character (such as
\n
). #706
- Multiple Signing Key configurations can be specified in single YAML file using triple-dash
---
separator. #689 - Reloading of signing key configuration file (via
/reload
endpoint) will process new or modified configuration files. #689 - Updated Teku libraries version to 22.12.0
- Upgrade various dependencies including netty libraries to address CVE-2022-41881 and CVE-2022-41915
- Slashing protection imports will now only fail for an individual validator instead for all validators allowing partial import if there is valid and invalid data.
- Introduced cli option to specify Hikari configuration for pruning database connection #661
- Better database pruning default values: Pruning enabled by default with
slashing-protection-pruning-epochs-to-keep = 250
,slashing-protection-pruning-at-boot-enabled = false
andslashing-protection-pruning-interval = 12
. - Improved performance for slashing protection import
- Introduced experimental cli option
--Xslashing-protection-db-connection-pool-enabled
to disable internal database connection pool (Hikari) to allow using external database connection pool such as pgBouncer.--slashing-protection-db-pool-configuration-file
and--slashing-protection-pruning-db-pool-configuration-file
can be reused to specify PG Datasource properties. #662 - Added new subcommand watermark-repair to update low watermarks
- Log eth2 network configuration on startup #640
- Updated internal Teku libraries to 22.10.1
- Updated HikariCP to 5.0.1
- Upgrade jackson libraries to fix CVE-2022-25857, CVE-2022-38751, CVE-2022-38752 and CVE-2022-42003
- Upgrade protobufs to fix CVE-2022-3171
- Updated internal Teku libraries to 22.8.1. This update includes Bellatrix network upgrade and merge transition configuration for Mainnet.
- Added health check endpoint #538.
- Introduced
--slashing-protection-db-health-check-timeout-milliseconds
to specify the timeout of the slashing db health check procedure. - Introduced
--slashing-protection-db-health-check-interval-milliseconds
to specify the interval between slashing db health check procedures. - Updated Teku libraries version (support for Prater/Görli merge).
- Updated to PostgreSQL JDBC driver to 42.4.1. Resolves a potential vulnerability CVE-2022-31197.
- Support register validator API endpoint #577
- Version information available in metrics through
process_release
#480
- Support for Sepolia network (updated Teku support libraries).
- Added new metric
eth2_slashingprotection_database_duration
to track time spent performing database queries during either block or attestation signing operations - Private keys bulk loading from AWS Secrets Manager via cli options in eth2 mode #499
- Fix issue where signing_signers_loaded_count metric didn't update after refresh endpoint was used to update loaded keys
- Removed network definition for kintsugi testnet
- Eth2 keystore bulk loading allowing a directory of keystores to be loaded without config files
- Added support for ropsten testnet
- Fixes issue when using key manager delete API failed when there was no slashing protection data #537
- ETH2 Mode - block signing request (BLOCK_V2), starting from BELLATRIX fork, use block_header instead of block. #547
- Added support for optimized block signing requests starting from Bellatrix fork. #437
- Early access: Support for Gnosis network in Eth2 mode.
--network gnosis
- Keys loaded using the AWS secrets manager with environment config didn't work when using web identity tokens due to missing sts library.
- Update various library dependencies
- Because the web3signer docker image uses the latest LTS tag (ubuntu:latest), the container host may require an update to the latest container runtime. See Ubuntu bug for more details.
- Migrate from the deprecated
vertx-web-api-contract
module tovertx-web-openapi
#506 - Migrate jackson
ObjectMapper
instances toJsonMapper
andYamlMapper
builders to resolve deprecation warnings #507 - Add
iputils-ping
andnet-tools
to docker image to support waiting for dependent services in tools such as docker-compose and Kubernetes #525 - Updated Teku libraries to provide support for
kiln
network - Support for BLS private keys in AWS Secrets Manager
- Early access support for eth2 Key Manager API
- Upgrade Vertx to 4.x, signers to 2.0.0 and various other dependencies to latest versions #503
- DB scripts executed in numeric order (instead of alphanumeric) when using docker instead of flyway to execute #526
- Updated to PostgreSQL JDBC driver to 42.3.3. Resolves a potential vulnerability CVE-2022-21724.
- Updated to log4j 2.17.1. Resolves two potential vulnerabilities which are only exploitable when using custom log4j configurations that are either writable by untrusted users or log data from the
ThreadContext
.
- Updated log4j to 2.17.0 to mitigate potential DOS vulnerability when the logging configuration uses a non-default Pattern Layout with a Context Lookup.
- Updated log4j to 2.16.0 to mitigate JNDI attack via thread context.
- Fix multi-arch JDK17 variant docker image to bundle Java 17 instead of Java 11
- Docker images are now published with multi-arch support including Linux/amd64 and Linux/arm64
- The default docker image now uses JDK 17 instead of 11. The JDK 11 image is still available with the version suffix
-jdk11
- The docker image now uses
web3signer
as user/group instead ofroot
which may result in compatibility/permissions issues with existing directory mounts.
- Updated log4j and explicitly disabled format message lookups.
- Upgrade to signers 1.0.19 allows empty password files to be read when creating a Signer #432
- Upgrade Teku libraries version to 21.9.2 to provide support for Altair fork in mainnet #435
- Upgrade to signers 1.0.19 removes support for deprecated SECP256K1 curve in Azure remote signing #432
- Added sign type BLOCK_V2 to support block signing for Phase0, Altair and future forks (Eth2 mode). BLOCK is not removed for backward compatibility with PHASE0 blocks.
- Upgraded Teku libraries to 21.8.2 which added support for Altair upgrade on Prater testnet at epoch 36660.
- Unable to sign blocks on testnet Pyrmont after Altair fork. (Thanks to Sephiroth for reporting it.)
- Upgraded Teku libraries to 21.8.1. Added support for Altair upgrade on the Pyrmont testnet at epoch 61650.
- Spelling mistake fixed in Eth2 OpenApi spec
--network
flag foreth2
subcommand is now mandatory and defaults tomainnet
. Use appropriate network when running web3signer for a testnet.- Database migration scripts (V8__.sql and V9__.sql) are required to be executed for this release if slashing protection is used.
- Introduced
--slashing-protection-db-pool-configuration-file
to specify Hikari connection pool configuration file. - Upgraded gradle and various plugin versions. Switched to new dependency license reporting plugin. Project can now be compiled against JDK 16.
- Introduced --network cli option for Eth2 mode. Defaults to mainnet. Should match the option used by Teku at runtime.
- Upgraded Teku libraries.
- Eth2 slashing protection now has an additional safeguard that prevents multiple signed blocks or attestations being inserted using database constraints.
- Use adoptopenjdk/openjdk11:x86_64-ubuntu-jre-11.0.11_9 as docker base image.
- Fixed transaction deadlock at start up during same validators registration (>10000) from multiple web3signer instances.
- Metrics on Vertx event loop and worker thread pools
- Eth2 slashing protection pruning on startup now runs on a separate thread, so it doesn't block application startup and http requests
- Eth2 slashing protection pruning was deleting the incorrect amount of data in some cases
- Reload API endpoint to load new keys
- Slashing protection database pruning for Eth2
- Publish binaries to Cloudsmith
- Resolve Signers from Cloudsmith
- Fixed build failure when checked out as a shallow clone. Shallow clones are still not recommended as the version number cannot be determined correctly.
- Change reference tests git submodule to https so a github account isn't required to build web3signer
- Azure secrets managed identity mode
- Check that database matches expected version on startup
- Added basic Eth2 grafana dashboard (https://grafana.com/grafana/dashboards/13687)
- Updated openjdk docker base image
- Improve query performance of attestations and blocks by adding indexes
- Azure configuration files could only be parallel-processed in a batch of 10 due to a bug in Azure libraries
- Incorrect options in the openapi spec for Eth2 signing API
- Fix the external link for documentation on OpenAPI documentation
- Interlock/Armory II HSM keystore support
- Eth2 slashing protection data able to be exported and imported from json file (Interchange format V5)
- Eth2 signing API returned body matches incoming request content-type in either plain-text or json
- Only able to sign for a single Genesis validators root (which is defined by the first received request after creation)
- Do not sign below watermark (regardless of if matching existing entry)
- Eth2 slashing protection metrics category was not working on CLI
- Update Filecoin RPC to be compatible with Lotus remote wallet API
- Eth2 slashing protection returns a 412 http status code for a slashing violation
- Signing with empty slashing database would sometimes fail due multiple genesis validator root values inserting concurrently
- Resolved help text anomalies on command line
- Separate application into eth2, eth and Filecoin commands that can be run independently
- Eth2 slashing protection. Requires a PostgreSQL database to store eth2 signed blocks and attestations
- Ethereum secp256k1 signing of data
- Use yaml configuration of signing keys
- Support for Filecoin JSON RPCs
- Azure secret vault support for eth2 keys to load all secrets from a given vault
- Added a Prometheus metrics endpoint
- Use native BLS signing and verification
- Added helm charts
Initial release of Eth2Signer
- Signing of data using a BLS key. Supports BLS private keys in unencrypted files, BLS12-381 keystore files and keys in Hashicorp
- TLS support for rest API
- OpenAPI documentation