Summary
This is a maintenance release that addresses several issues.
What’s New
A runtime memory check can be introduced when starting the node. This check compares the memory allocated to the container with the -Xmx JVM option. The goal is to ensure that the container has sufficient memory to run the application. To configure the memory check behavior, add one of the following to your configuration:
canton.parameters.startup-memory-check-config = warn // Default behavior: Logs a warning.
canton.parameters.startup-memory-check-config = crash // Terminates the node if the check fails.
canton.parameters.startup-memory-check-config = ignore // Skips the memory check entirely.
Two new metrics have been added that count the number of created and archived contracts observed by a participant. Contracts created as part of the standard Canton ping workflow are excluded from the tally.
participant_daml_parallel_indexer_creates
participant_daml_parallel_indexer_archivals
A participant will now crash in exceptional cases during transaction validation instead of remaining in a failed state.
Removed warnings about unhealthy sequencers during startup.
It was found that an ACS export or party replication may not work after hard domain migration. This is caused by not filtering out the inactive domain that results after a hard domain migration. The inactive domains are now filtered out.
Newly onboarded participants could have computed a wrong topology state during bootstrapping because, in rare circumstances, the participant may miss the removal of the topology transaction. This is fixed.
Intermediate certificate renewal could delete topology state as follows. A Canton node uses topology keys to sign topology transactions. The ultimate trust is tied to the root node key, which by default is held by the node, but can be moved offline. In such a case, the node may use an intermediate certificate. Renewal of intermediate certificate to manage the topology state using the convenience function node.topology.all.renew(oldKey, newKey) can unexpectedly delete topology transactions. A bug in the convenience function is fixed.
If an intermediate certificate (see above) was used to sign an identifier delegation (used as an intermediate certificate for a specific uid), then the identifier delegation could not be be renewed. After a restart, if the certificate is loaded again, this may cause a ledger fork. The identifier delegation can now be renewed.
The onboarding timeout for participants was disabled to support onboarding to domains with very large topology states. This reduces unhelpful warning messages.
Removed noisy warnings about failing periodic acknowledgements during initial domain onboarding of participants.
Download and Installation
The Daml 2.9.6 SDK has been released. You can install it using the command: daml install 2.9.6.
The table below lists how you can download Daml Enterprise or individual components.
If you are using Oracle JVM and testing security provider signatures, note that the Canton JAR file embeds the Bouncy Castle provider as a dependency. To enable the JVM to verify the signature, put the bcprov JAR on the classpath before the Canton standalone JAR. For example:
java -cp bcprov-jdk15on-1.70.jar:canton-with-drivers-2.9.6-all.jar com.digitalasset.canton.CantonEnterpriseApp
Note: These Docker images are designed to be suitable for production use, with minimal size and attack surface. Minimal images can sometimes make debugging difficult (e.g. no shell in the containers). For convenience, we provide “debug” versions of each of the above images, which you can access by appending “-debug” to the image tag (e.g. digitalasset-docker.jfrog.io/http-json:2.9.6-debug).