Releases: Consensys/web3signer
Releases · Consensys/web3signer
25.2.0
Important
This is a required update for nodes running on Holesky or Sepolia network as it contains the configuration for the
Electra hard fork.
Breaking Changes
- The behavior of reload API endpoint has been modified due to issue #1018 implemented by PR #1054.
The reload API call will remove stale keys therefore they will not be return in public_keys endpoint neither will be
able to perform any signing requests. - The AWS secrets manager and KMS tag filter cli options has been modified. Following cli options has been removed:
--aws-kms-tag-names-filter
--aws-kms-tag-values-filter
--aws-secrets-tag-names-filter
--aws-secrets-tag-values-filter
The above are replaced by:
--aws-kms-tag <TagName>=<TagValue>
--aws-secrets-tag <TagName>=<TagValue>
--Xworker-pool-sizedeprecated cli option has been removed. Use--vertx-worker-pool-sizeinstead.
Features Added
- Remove stale keys during reload API call. #1018 #1054
- Use single cli option to specify AWS KMS tag name/value pairs. #1055
- Use single cli option to specify AWS Secrets tag name/value pairs. #1055
- Teku libraries updated to 25.2.0 with changes related to Electra hard fork on Holesky and Sepolia networks.
Bugs Fixed:
- AWS KMS tag filter behavior has been fixed. #1055
- Upgrade Netty library to 4.1.118.Final to fix CVE-2025-24970.
Full Changelog: 24.12.0...25.2.0
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | 2445eaea11755621626a92d18f12c62676eb9f12ee8c8259b222d87d27505578 |
| web3signer.zip | 9d3be0ceeef54bfa120b85f4eceb9c15436befcf6ad86262fdc18785cda4f77c |
Docker
docker pull consensys/web3signer:25.2.0
24.12.0
This release contains various libraries updates, including Teku libraries, which brings changes for new test networks and Prague-Electra fork. and is recommended for all users. There are no database migration scripts changes in this release.
Highlights
Breaking Changes
- Java 21 is required to build and run Web3Signer. This may affect users who use Java 17 to directly run Web3Signer binaries. The docker image was already using Java 21 for runtime in past releases.
- Filecoin mode has been removed.
Features Added
- Java 21 for build and runtime. #995
- Electra fork support. #1020 and #1023
- Teku and Besu libraries updated to 24.10.3 and 24.10.0 respectively.
- Commit Boost API - Get Public Keys #1031, Generate Proxy Keys #1043 and Request Signature #1045.
Bugs fixed
- Various libraries updates to address reported vulnerabilities.
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | 5d2eff119e065a50bd2bd727e098963d0e61a3f6525bdc12b11515d3677a84d1 |
| web3signer.zip | 150cb52ed20a2f430f0cb4b125c58430c456a88c95b3a21255a97d349e360fd8 |
Docker
docker pull consensys/web3signer:24.12.0
What's Changed
- Bump owasp suppressions and versions to fix build by @jframe in #1003
- build: Upgrade owasp dependency check gradle plugin version by @usmansaleem in #1007
- fix(build): Update various dependencies by @usmansaleem in #1008
- fix(ci): Update circleci build task to use correct context by @usmansaleem in #1010
- Upgrade to Java 21 by @usmansaleem in #995
- Moved teku deserializers from teku into web3signer by @rolfyone in #1015
- Added trusted-setup cli arg back in for teku acceptance testing by @rolfyone in #1016
- Bump versions by @jframe in #1019
- feat: Adding Electra fork support by @usmansaleem in #1020
- Update protobuf and google secrets manager versions by @usmansaleem in #1024
- feat: Adding Electra fork support for AggregateAndProof by @usmansaleem in #1023
- Remove filecoin mode by @usmansaleem in #1027
- Add false positive suppression for dependency check by @usmansaleem in #1029
- feat: Refactor eth1 and eth2 routes by @usmansaleem in #1028
- feat: Commit boost API - Get Public Keys by @usmansaleem in #1031
- Use fallback trivy db repos in testDocker by @usmansaleem in #1034
- Refactor ArtifactSignature to provide signature as hex string by @usmansaleem in #1036
- ci: Run dependency scan with nightly job and upon merge to master branch by @usmansaleem in #1038
- Refactor EthPublicKeyUtils to convert public key between Java, BC and Web3J libraries by @usmansaleem in #1037
- Upgrade owasp plugin version by @usmansaleem in #1039
- fix: Update netty version to 4.1.115 to fix cve-2024-47535 by @usmansaleem in #1042
- Commit Boost Acceptance Test for List Pub Keys by @usmansaleem in #1040
- Update Teku and Besu version to 24.10.3 and 24.10.0 respectively by @usmansaleem in #1044
- feat: Commit boost API - Generate Proxy Key by @usmansaleem in #1043
- feat: Commit Boost API - Request Signature by @usmansaleem in #1045
- Changelog for 24.12.0 by @usmansaleem in #1046
- Upgrade various libraries by @usmansaleem in #1047
New Contributors
Full Changelog: 24.6.0...24.12.0
Contributors
usmansaleem, jframe, and rolfyone
Assets 2
24.6.0
This release contains various libraries updates and is recommended for all users.
Highlights
Upcoming Breaking Changes
- This is the last Web3Signer release to use Java 17. Web3Signer will start mandating Java 21 for build and runtime after
this release. The Web3Signer docker image will also use Java 21, however, binary distributions (.tar.gz/.zip) will
require Java 21 to be available on the host machine. - This is the last Web3Signer release to use the "filecoin" mode. The "filecoin" mode will be removed in a future release.
Features Added
- Added endpoint
/api/v1/eth2/ext/sign/:identifierwhich is enabled using cli option--Xsigning-ext-enabled=true.
This endpoint allows signing of additional data not covered by the remoting API specs. #982
Bugs fixed
- Update transitive dependency threetenbp and google cloud secretmanager library to fix CVE-2024-23082, CVE-2024-23081
- Update bouncycastle libraries to fix CVE-2024-29857, CVE-2024-30171, CVE-2024-30172
- Update Teku libraries to 24.3.1
- Update Vert.x to 4.5.7 (which include fixes for CVE-2024-1023)
- Fix Host Allow List handler to handle empty host header
- Update Postgresql JDBC driver to fix CVE-2024-1597
- Fix cached gvr to be thread-safe during first boot. #978
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | 5f5d833e86b138a94681597075153fee28fd7f4742e67183e199d29db675b15b |
| web3signer.zip | 8e7063d8f9902320f4c3a8379ed35a663b5712c005697c17835dca701347c217 |
Docker
docker pull consensys/web3signer:24.6.0
What's Changed
- upgrade postgres to 42.5.5 to fix CVE by @gfukushima in #973
- Upgrade postgres jdbc driver to 42.7.2 by @usmansaleem in #975
- fix: Make cached GVR thread-safe by @usmansaleem in #980
- build - suppress unrelated owasp warnings and update azure libraries by @usmansaleem in #981
- fix: Update Vert.x dependency version to 4.4.9 by @usmansaleem in #983
- Upgrade vertx to 4.5.7 by @usmansaleem in #986
- minor: Update Teku libraries to 24.3.1 by @usmansaleem in #987
- fix!: Fix Host Allow List Handler by @usmansaleem in #985
- Libraries upgrade to fix reported CVE by @usmansaleem in #989
- fix - Add adduser in docker image via apt by @usmansaleem in #992
- fix - Update .openapidoc gh-pages version by @usmansaleem in #993
- Extension Signing request endpoint by @usmansaleem in #982
- chore: Update changelog for Java21 upcoming changes by @usmansaleem in #996
- fix: Update Teku version to 24.4.0 by @usmansaleem in #998
- fix: Update Besu version to 24.5.2 by @usmansaleem in #997
- Update changelog for 24.6.0 by @usmansaleem in #1000
- changelog: Update changelog with filecoin change by @usmansaleem in #1001
Full Changelog: 24.2.0...24.6.0
Contributors
usmansaleem and gfukushima
Assets 2
24.2.0
This is a required update for Mainnet users containing the configuration for the Deneb upgrade on March 13th. This update is required for Gnosis Deneb network upgrade on March 11th. For all other networks, this update is optional.
Ethereum Mainnet configuration with Deneb fork scheduled for epoch 269568 (March 13, 2024, 13:55:35 UTC)
Gnosis configuration with Deneb fork scheduled for epoch 889856 (March 11, 2024, 18:30:20 UTC)
Highlights
Upcoming Breaking Changes
- --Xworker-pool-size cli option will be removed in a future release. This option has been replaced with --vertx-worker-pool-size
Features Added
- Add Deneb configuration for Mainnet #971
- Improve Key Manager API import operation to use parallel processing instead of serial processing. Note, if you import a large number of keys while running as a signer, then this may degrade the signing performance for the duration of the import process. It is recommended to import large numbers of keys in batches. #968
Bugs fixed
- Ensure that Web3Signer stops the http server when a sigterm is received
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | a1637bac774a38699a42f0c48706b9c08bed83cf8c8470e11ad6a6dd7280364d |
| web3signer.zip | cd0c2d05dddc663b568c6715096f557e7e9ee07a5cf9f3600e315e986b8fe69e |
Docker
docker pull consensys/web3signer:24.2.0
What's Changed
- Shutdown Vertx as part shutdown hook by @jframe in #967
- Fix typos by @Thabokani in #966
- Upgrade nimbus-jose-jwt version to avoid CVE-2023-52428 by @usmansaleem in #969
- Improve KeyManager API import operation by @usmansaleem in #968
- Upgrade teku to 24.2.0 and prep for release by @siladu in #971
New Contributors
- @Thabokani made their first contribution in #966
Full Changelog: 24.1.1...24.2.0
Contributors
usmansaleem, jframe, and 2 other contributors
Assets 2
24.1.1
24.1.1
This is an optional release for mainnet Ethereum and it includes the updated network configuration for the Sepolia, Holesky and Chiado Deneb forks.
- Sepolia is scheduled for 2024-01-30 22:51:12 UTC
- Chiado is scheduled for 2024-01-31 18:15:40 UTC
- Holesky is scheduled for 2024-02-07 11:34:24 UTC
Features Added
- Add Deneb configuration for Sepolia, Holesky and Chiado forks
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | a4041cfdb40e6b7cc3f3da101fedd4aa50b935ec92f1bd842fa81054ce65c17a |
| web3signer.zip | 2efeb0330583011e89374613a90b5d67181c556625ab0639b8adcedeae86fab0 |
Docker
docker pull consensys/web3signer:24.1.1
24.1.0
24.1.0
This is an optional release for mainnet Ethereum, required for the upcoming Goerli Deneb fork.
The Goerli upgrade is scheduled on 2024-01-17 06:32:00 UTC (timestamp 1705473120).
Bugs fixed
- Update reactor-netty-http to fix CVE-2023-34062
Features Added
- Add Deneb configuration for Goerli #960
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | 6fb520db5f0ad54d0be897fb139a0cb808dbcf7960f14d822fa647f781163d07 |
| web3signer.zip | e599f67bf32b7a4ab269fce62e4179436caefbe6f707d64f8765ef79a063c86a |
Docker
docker pull consensys/web3signer:24.1.0
23.11.0
23.11.0
This release patches a vulnerable dependency and is recommended for all users.
Upcoming Breaking Changes
--Xworker-pool-sizecli option will be removed in a future release. This option has been replaced with--vertx-worker-pool-size.
Bugs fixed
- Update netty to fix CVE-2023-44487
Features Added
- Google Cloud Secret Manager bulk loading support for BLS keys in eth2 mode via PR #928 contributed by Sergey Kisel.
- Removed hidden option
--Xtrusted-setupas Web3Signer does not need KZG trusted setup file anymore. - Make Vert.x worker pool size configurable using cli option
--vertx-worker-pool-size(replaces the now deprecated:--Xworker-pool-size). #920
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | e7643a6aa32efd859e96a82cb3ea03a294fd92c22fffeab987e5ec97500867a8 |
| web3signer.zip | 9ba56683228ca356326c087b5f1e576e7d2081fc90450f049d9b869020ee929a |
Docker
docker pull consensys/web3signer:23.11.0
23.9.1
23.9.1
This is an optional release for mainnet Ethereum and it includes the updated configuration for the upcoming Holesky testnet launch.
Breaking Changes
- Remove --validator-ids option from watermark-repair subcommand #909
Features Added
- Aws bulk loading for secp256k1 keys in eth1 mode #889
- Add High Watermark functionality #696
- Add network configuration for revised Holesky testnet
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | aec9dc745cb25fd8d7b38b06e435e3138972c2cf842dd6f851d50be7bf081629 |
| web3signer.zip | 96b219817dd178235bebd9638b44263a457562e0ed8925c6c5315f7e23098a2f |
Docker
docker pull consensys/web3signer:23.9.1
23.9.0
23.9.0
This an optional release for mainnet Ethereum and includes further improvements on the Web3Signer <> EthSigner feature consolidation. It also includes the upcoming Holesky testnet configuration.
Features Added
- Signing support for BlobSidecar and BlindedBlobSidecar in Deneb fork.
- Add
--azure-response-timeoutto allow request response timeout to be configurable, the fieldtimeoutis also accepted in the Azure metadata file. #888 - Bulk load Ethereum v3 wallet files in eth1 mode.
- Eth2 Signing request body now supports both
signingRootand thesigning_rootproperty - Add network configuration for Holesky testnet
- Add
eth_signTypedDataRPC method under the eth1 subcommand. #893
Bugs fixed
- Upcheck was using application/json accept headers instead text/plain accept headers
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | 7af5cd0589f6105f2267b6c9e6eedda077d597e6410975e1687a6a20e7f1518c |
| web3signer.zip | c2b63dbbce20353e501a1453beeb33d6fc23de8ac4b0dce2675132232569f691 |
Docker
docker pull consensys/web3signer:23.9.0
23.8.1
23.8.1
This release patches a vulnerable dependency and is recommended for all users. This update has no other changes. Please see the release notes for version 23.8.0 for more information on the latest features, enhancements, and fixes in Web3Signer: https://github.com/Consensys/web3signer/releases/tag/23.8.0
Bugs fixed
- Update grpc library to version 1.57.2 to fix CVE-2023-33953
Downloads
| File | Checksum (sha256) |
|---|---|
| web3signer.tar.gz | dc51228c4462ac15cb5dc221e1e864063aa3f48038989063599f92c74e850760 |
| web3signer.zip | b16b6165369b1ef45df56196e56edf63d8c228d537796d9cdc2114328e1ca2cf |
Docker
docker pull consensys/web3signer:23.8.1