Release of Daml 2.8.4
Summary
This is a maintenance release that addresses several issues.
What’s New
When a ledger API event stream’s JWT token expires, the stream is closed and the error code returned is now UNAUTHENTICATED(ACCESS_TOKEN_EXPIRED). It used to return a PERMISSION_DENIED(PERMISSION_DENIED) error which was too generic an error message. A ledger API event stream client will need to change to accommodate the new error code.
PQS now performs a transparent JWT token refresh in the background and reopens the event stream when it detects an UNAUTHENTICATED(ACCESS_TOKEN_EXPIRED) error code from the ledger API.
PQS has significant read performance improvements. This has resulted in some columns being added for Read API results. Some column results between Read API table functions have been adjusted for consistent terminology.
PQS has improved how it handles Daml interfaces by providing a consistent view across all templates that implement a given interface. This also fixed some bugs around interface handling that were raised by clients.
If PQS calls the Ledger API without authorization, PQS will ignore non-local parties from the participant node it is part of.
PQS has added a stored procedure to easily create indexes on contract data (create_index_for_contract).
Fixed a rare race condition where the JSON API could return archived contracts on the very first query of a new (to the JSON API) party.
The package multi-build feature has had two bugs fixed. First, package multi-build no longer ignores DARs listed under dependencies in the daml.yaml. Secondly, the daml build --all top level build order now matches the multi-package.yaml.
Download and Installation
The Daml 2.8.4 SDK has been released. You can install it using the command: daml install 2.8.4.
The table below lists how you can download Daml Enterprise or individual components.
|
Daml Enterprise v2.8.4 |
||
|
Component |
File download |
Container Image |
|
SDK |
digitalasset/daml-sdk:2.8.4 |
|
|
Canton for Daml Enterprise |
digitalasset-docker.jfrog.io/canton-enterprise:2.8.4 |
|
|
Daml Finance |
NA |
|
|
HTTP JSON API Service |
digitalasset-docker.jfrog.io/http-json:2.8.4 |
|
|
Trigger Service |
digitalasset-docker.jfrog.io/trigger-service:2.8.4 |
|
|
OAuth 2.0 middleware (Open-Source) |
digitalasset-docker.jfrog.io/oauth2-middleware:2.8.4 |
|
|
Participant Query Store |
digitalasset-docker.jfrog.io/participant-query-store:0.2.1 |
|
|
Trigger Runner |
digitalasset-docker.jfrog.io/trigger-runner:2.8.4 |
|
|
Daml Script |
digitalasset-docker.jfrog.io/daml-script:2.8.4 |
|
If you are using Oracle JVM and testing security provider signatures, note that the Canton JAR file embeds the Bouncy Castle provider as a dependency. To enable the JVM to verify the signature, put the bcprov JAR on the classpath before the Canton standalone JAR. For example:
java -cp bcprov-jdk15on-1.70.jar:canton-with-drivers-2.8.4-all.jar com.digitalasset.canton.CantonEnterpriseApp
Note: These Docker images are designed to be suitable for production use, with minimal size and attack surface. Minimal images can sometimes make debugging difficult (e.g. no shell in the containers). For convenience, we provide “debug” versions of each of the above images, which you can access by appending “-debug” to the image tag (e.g. digitalasset-docker.jfrog.io/http-json:2.8.4-debug).