1.4.0

Changelog

1.4.0

Private State Migration

Hyperledger Besu v1.4 implements a new data structure for private state storage that is not backwards compatible.
A migration will be performed when starting v1.4 for the first time to reprocess existing private transactions
and re-create the private state data in the v1.4 format.

If you have existing private transactions, see migration details.

Additions and Improvements

• TLS support to secure client and server communication.

• Multi-tenancy to enable multiple participants to use the same Besu and Orion node.

• Plugin APIs to enable building of Java plugins to extend Hyperledger Besu.

• Support for additional NAT methods.

• Added priv_call which invokes
  a private contract function locally and does not change the private state.

• Besu has moved from an internal Bytes library to the Apache Tuweni Bytes library.
  This includes using the library in the Plugins API interfaces. #295 and #215

Early Access Features

Early access features are available features that are not recommended for production networks and may
have unstable interfaces.

• Reorg compatible privacy
  to enable private transactions on networks using consensus mechanisms that fork.

• Tracing API to obtain detailed information about transaction processing.

Bug Fixes

See RC and Beta sections below.

Known Issues

Fast sync defaulting to full sync

• When fast sync cannot find enough valid peers rapidly enough, Besu defaults to full sync.

Workarounds:

1. To re-attempt fast syncing rather than continue full syncing, stop Besu, delete your database,
   and start again.
2. When fast syncing, explicitly disable pruning using --pruning-enabled=false to reduce the likelihood
   of encountering the pruning bug.

A fix to remove the default to full sync is in progress
and is planned for inclusion in v1.4.1.

Error full syncing with pruning

• Error syncing with mainnet on Besu 1.3.7 node - MerkleTrieException #BESU-160
  The associated error is Unable to load trie node value for hash and is caused by the combination of
  full sync and pruning.

Workarounds:

1. Explicitly disable pruning using --pruning-enabled=false when using fast sync.
2. If the MerkleTrieException occurs, delete the database and resync.

Investigation of this issue is in progress and a fix is targeted for v1.4.1.

Bootnodes must be validators when using onchain permissioning

• Onchain permissioning nodes can't peer when using a non-validator bootnode #BESU-181

Workaround -> When using onchain permissioning, ensure bootnodes are also validators.

1.4.0-RC2

Private State Migration

Hyperledger Besu v1.4 implements a new data structure for private state storage that is not backwards compatible.
A migration will be performed when starting v1.4 for the first time to reprocess existing private transactions
and re-create the private state data in the v1.4 format.
If you have existing private transactions, see migration details.

Additions and Improvements

• Automatic Transaction Log Bloom Filter Caching

Add a new option --auto-logs-bloom-indexing-enabled which defaults to true. This performs the equivalent of the operator generate-log-bloom-cache CLI task or admin_generateLogBloomCache RPC call for each block as it arrives, in addition to caching older logs on first startup.

1.4.0-RC1

1.4.0 RC-1

Additions and Improvements

• Newtrace_replayBlockTransactions JSON-RPC API

This can be enabled using the --rpc-http-api TRACE CLI flag. There are some philosophical differences between Besu and other implementations that are outlined in trace_rpc_apis.

• Ability to automatically detect Docker NAT settings from inside the conainter.

The default NAT method (AUTO) can detect this so no user intervention is required to enable this.

• Added Multi-tenancy support which allows multiple participants to use the same Besu node for private transactions.

• Added TLS support for communication with privacy enclave

Bug Fixes

• Private transactions are now validated before sent to the enclave #356

Known Bugs

• Error syncing with mainnet on Besu 1.3.7 node - MerkleTrieException #BESU-160

Workaround -> Don't enable pruning when syncing to mainnet.

• Onchain permissioning nodes can't peer when using a non-validator bootnode #BESU-181

Workaround -> When using onchain permissioning, ensure bootnodes are also validators.

1.3.9 - ETC Aztlan Support

Technical Improvements

• ETC Aztlan fork support 366 and 371

1.4.0-beta3

Additions and Improvements

• CLI option to enable TLS client auth for JSON-RPC HTTP #340

Added CLI options to enable TLS client authentication and trusting client certificates:

--rpc-http-tls-client-auth-enabled - Enable TLS client authentication for the JSON-RPC HTTP service (default: false)
--rpc-http-tls-known-clients-file - Path to file containing client's certificate common name and fingerprint for client authentication.
--rpc-http-tls-ca-clients-enabled - Enable to accept clients certificate signed by a valid CA for client authentication (default: false)

If client-auth is enabled, user must either enable CA signed clients OR provide a known-clients file. An error is reported
if both CA signed clients is disabled and known-clients file is not specified.

• Stable Plugins APIs #346

The BesuEvents service and related data package have been marked as a stable plugin API.

Bug Fixes

• Return missing signers from getSignerMetrics #343

Experimental Features

• Experimental support for trace_replayBlockTransactions (many PRs)

We have added support for the trace_replayBlockTransactions JSON-RPC call. To enable this API add
TRACE to your rpc-http-api options (such as --rpc-http-api TRACE at the command line).

This is not a production ready API. There are still bugs relating to traced memory from calls and
returns, and the gas calculation reported in the flat traces does not always match up with the
correct gas calculated for consensus.

1.4.0-beta2

Additions and Improvements

• Enable TLS for JSON-RPC HTTP Service #253

Exposes new command line parameters to enable TLS on Ethereum JSON-RPC HTTP interface to allow clients like EthSigner to connect via TLS:
--rpc-http-tls-enabled=true
(Optional - Only required if --rpc-http-enabled is set to true) Set to true to enable TLS. False by default.
--rpc-http-tls-keystore-file="/path/to/cert.pfx"
(Must be specified if TLS is enabled) Path to PKCS12 format key store which contains server's certificate and it's private key
--rpc-http-tls-keystore-password-file="/path/to/cert.passwd"
(Must be specified if TLS is enabled) Path to the text file containing password for unlocking key store.
--rpc-http-tls-known-clients-file="/path/to/rpc_tls_clients.txt"
(Optional) Path to a plain text file containing space separated client’s certificate’s common name and its sha-256 fingerprints when
they are not signed by a known CA. The presence of this file (even empty) enables TLS client authentication. That is, the client
presents the certificate to server on TLS handshake and server establishes that the client certificate is either signed by a
proper/known CA. Otherwise, server trusts client certificate by reading the sha-256 fingerprint from known clients file specified above.

The format of the file is (as an example):
localhost DF:65:B8:02:08:5E:91:82:0F:91:F5:1C:96:56:92:C4:1A:F6:C6:27:FD:6C:FC:31:F2:BB:90:17:22:59:5B:50

Bug Fixes

• TotalDifficulty is a BigInteger #253.
  Don't try and cast total difficulty down to a long because it will overflow long in a reasonable timeframe.

1.4.0-beta1

Additions and Improvements

• Besu has moved from an internal Bytes library to the Apache Tuweni Bytes library. This includes using the library in the Plugins API interfaces. #295 and #215
• Besu stops processing blocks if Orion is unavailable #253
• Added priv_call #250. Invokes a private contract function locally and does not change the private state.
• Support for EIP-2124, which results in faster peer discovery #156

1.3.8

Additions and Improvements

• admin_generateLogBloomCache JSON-RPC API to generate a cache of the block bloombits that improves performance for log queries #262

1.3.7

1.3.7

Critical Fix in 1.3.7

1.3.7 includes a critical fix for Ethereum MainNet users and the Muir Glacier upgrade. We recommend users of Ethereum public networks (MainNet, Ropsten, Rinkeby, and Goerli) upgrade immediately. This upgrade is also strongly recommended for users of private networks.

Muir Glacier Compatibility

For compatibility with Ethereum Muir Glacier upgrade, use v1.3.7 or later.

ETC Agharta Compatibility

For compatibility with ETC Agharta upgrade, use 1.3.7 or later.

Additions and Improvements

• Hard Fork Support: Configures the Agharta activation block for the ETC MainNet configuration #251 (thanks to soc1c)

Bug Fixes

• Resolves a Mainnet consensus issue #254

New Maintainer

Edward Mack added as a new maintainer.

1.3.6

Muir Glacier Compatibility

For compatibility with Ethereum Muir Glacier upgrade, use v1.3.6 or later.

Additions and Improvements

• Performance improvements:
  • Multithread Websockets to increase throughput #231
  • NewBlockHeaders performance improvement #230
• EIP2384 - Ice Age Adustment around Istanbul #211
• Documentation updates include:
  • Configuring mining using the Stratum protocol
  • ETC network command line options
• Hard Fork Support:
  • MuirGlacier for Ethereum Mainnet and Ropsten Testnet
  • Agharta for Kotti and Mordor Testnets

Bug Fixes

• #210 fixes WebSocket frames handling
  User impact: PING/PONG frames handling in Websocket services was not implemented