Summary

This is a maintenance release that addresses several issues along with minor enhancements.

What’s New

Canton and Ledger API

The internal package dependency resolver is used in various topology state checks and transaction processing.  It has been enhanced so its cache is now configurable via canton.parameters.general.caching.package-dependency-cache. By default, the cache is size-bounded at 10000 entries and a 15-minutes expiry-after-access eviction policy.

The LAPI now allows for increasing the maximum allowed HTTP2 headers to support larger JWT tokens  The configuration parameter is:  canton.participants.participant.ledger-api.max-inbound-metadata-size=10240.

Contract prefetching is now also supported for createAndExercise command, including supporting recursive prefetching of referenced contract IDs. The default max prefetching level is 3 and can be configured using canton.participants.participant.ledger-api.command-service.contract-prefetching-depth = 3.

The kms-driver-api and kms-driver-testing artifacts declared invalid dependencies in the Maven pom.xml files, which caused issues in fetching those artifacts. The invalid dependencies have been resolved.

IDE

Increased the security of package.json dependencies for create-daml-app by shipping the package-lock.json along with create-daml-app's template.

PQS

NOTE:  The PQS Docker image now supports the Canton 2.x and 3.x release lines with the default being Canton 3.x.  If you are using a Docker image to run PQS, you will need to  set the working directory to daml2 to maintain alignment with Canton 2.x.  

PQS no longer silently discards some Canton default packages. If you wish to continue excluding these from database, please include in your configuration: --pipeline-filter-contracts "(* & !(AdminWorkflows:* | AdminWorkflowsWithVacuuming:*))".

Improvements that have been made to PQS in this release are:

• Allow selection of PostgreSQL schema (default: public).  This allows the same postgresDB to support multiple PQS instances.
• Add controllers to exercise data (acting_parties)
• Add the ability to filter by package version and package id
• Performance improvement using a partition optimization of exercise queries.

Some fixes that are available in this release are:

• Avoid a potential deadlock during Canton pruning or startup/resync.
• Warn, instead of error, on retroactive interfaces found in Daml packages.
• Ensure logging never disclose any auth token components, even in debug mode.

Daml Shell

Selection of the PQS's PostgreSQL schema (default: public) is possible.  It also now supports virtual terminals which may have zero width.

Download and Installation 

The Daml 2.10.2 SDK has been released. You can install it using the command: daml install 2.10.2.

The table below lists how you can download Daml Enterprise or individual components.

If you are using Oracle JVM and testing security provider signatures, note that the Canton JAR file embeds the Bouncy Castle provider as a dependency. To enable the JVM to verify the signature, put the bcprov JAR on the classpath before the Canton standalone JAR. For example:

java -cp bcprov-jdk15on-1.70.jar:canton-with-drivers-2.10.2-all.jar com.digitalasset.canton.CantonEnterpriseApp

Note: These Docker images are designed to be suitable for production use, with minimal size and attack surface. Minimal images can sometimes make debugging difficult (e.g. no shell in the containers). For convenience, we provide “debug” versions of each of the above images, which you can access by appending “-debug” to the image tag (e.g. digitalasset-docker.jfrog.io/http-json:2.10.2-debug).