Skip to content

Releases: XRPLF/rippled

rippled (XRP Ledger server) Version 1.9.1

23 May 21:58
e32bc67
Compare
Choose a tag to compare

Version 1.9.1 of rippled, the reference server implementation of the XRP Ledger protocol, is now available. This release includes several important fixes, including a fix for a syncing issue from 1.9.0, a new fix amendment to correct a bug in the new Non-Fungible Tokens (NFTs) code, and a new amendment to allow multi-signing by up to 32 signers.

Action Required

This release introduces two new amendments to the XRP Ledger protocol. These amendments are now open for voting according to the XRP Ledger's amendment process, which enables protocol changes following two weeks of >80% support from trusted validators.

If you operate an XRP Ledger server, then you should upgrade to version 1.9.1 within two weeks, to ensure service continuity. The exact time that protocol changes take effect depends on the voting decisions of the decentralized network.

The fixNFTokenDirV1 amendment fixes a bug in code associated with the NonFungibleTokensV1 amendment, so the fixNFTokenDirV1 amendment should be enabled first. All validator operators are encouraged to configure amendment voting to oppose the NonFungibleTokensV1 amendment until after the fixNFTokenDirV1 amendment has become enabled. For more information about NFTs on the XRP Ledger, see NFT Conceptual Overview.

The ExpandedSignerList amendment extends the ledger's built-in multi-signing functionality so that each list can contain up to 32 entries instead of the current limit of 8. Additionally, this amendment allows each signer to have an arbitrary 256-bit data field associated with it. This data can be used to identify the signer or provide other metadata that is useful for organizations, smart contracts, or other purposes.

Install / Upgrade

On supported platforms, see the instructions on installing or updating rippled.

Changelog

This release contains the following features and improvements.

New Features and Amendments

  • Introduce fixNFTokenDirV1 Amendment - This amendment fixes an off-by-one error that occurred in some corner cases when determining which NFTokenPage an NFToken object belongs on. It also adjusts the constraints of NFTokenPage invariant checks, so that certain error cases fail with a suitable error code such as tecNO_SUITABLE_TOKEN_PAGE instead of failing with a tecINVARIANT_FAILED error code. (#4155)

  • Introduce ExpandedSignerList Amendment - This amendment expands the maximum signer list size to 32 entries and allows each signer to have an optional 256-bit WalletLocator field containing arbitrary data. (#4097)

  • Pause online deletion rather than canceling it if the server fails health check - The server stops performing online deletion of old ledger history if the server fails its internal health check during this time. Online deletion can now resume after the server recovers, rather than having to start over. (#4139)

Bug Fixes and Performance Improvements

  • Fix performance issues introduced in 1.9.0 - Readjusts some parameters of the ledger acquisition engine to revert some changes introduced in 1.9.0 that had adverse effects on some systems, including causing some systems to fail to sync to the network. (#4152)

  • Improve Memory Efficiency of Path Finding - Finding paths for cross-currency payments is a resource-intensive operation. While that remains true, this fix improves memory usage of pathfinding by discarding trust line results that cannot be used before those results are fully loaded or cached. (#4111)

  • Fix incorrect CMake behavior on Windows when platform is unspecified or x64 - Fixes handling of platform selection when using the cmake-gui tool to build on Windows. The generator expects Win64 but the GUI only provides x64 as an option, which raises an error. This fix only raises an error if the platform is Win32 instead, allowing the generation of solution files to succeed. (#4150)

  • Fix test failures with newer MSVC compilers on Windows - Fixes some cases where the API handler code used string pointer comparisons, which may not work correctly with some versions of the MSVC compiler. (#4149)

  • Update minimum Boost version to 1.71.0 - This release is compatible with Boost library versions 1.71.0 through 1.77.0. The build configuration and documentation have been updated to reflect this. (#4134)

  • Fix unit test failures for DatabaseDownloader - Increases a timeout in the DatabaseDownloader code and adjusts unit tests so that the code does not return spurious failures, and more data is logged if it does fail. (#4021)

  • Refactor relational database interface - Improves code comments, naming, and organization of the module that interfaces with relational databases (such as the SQLite database used for tracking transaction history). (#3965)

Contributions

GitHub

The public source code repository for rippled is hosted on GitHub at https://github.com/ripple/rippled.

We welcome contributions, big and small, and invite everyone to join the community of XRP Ledger developers and help us build the Internet of Value.

Credits

The following people contributed directly to this release:

For a real-time view of all lifetime contributors, including links to the commits made by each, please visit the "Contributors" section of the GitHub repository: https://github.com/ripple/rippled/graphs/contributors.

We welcome external contributions and are excited to see the broader XRP Ledger community continue to grow and thrive.

rippled (XRP Ledger server) Version 1.9.0

07 Apr 17:32
7c66747
Compare
Choose a tag to compare

Version 1.9.0

This is the 1.9.0 release of rippled, the reference implementation of the XRP Ledger protocol. This release brings several features and improvements.

New and Improved Features

  • Introduce NFT support (XLS-20): This release introduces support for non-fungible tokens, currently available to the developer community for broader review and testing. Developers can create applications that allow users to mint, transfer, and ultimately burn (if desired) NFTs on the XRP Ledger. You can try out the new NFT transactions using the nft-devnet. Note that some fields and error codes from earlier releases of the supporting code have been refactored for this release, shown in the Code Refactoring section, below. (70779f)

  • Simplify the Job Queue: This is a refactor aimed at cleaning up and simplifying the existing job queue. Currently, all jobs are canceled at the same time and in the same way, so this commit removes the unnecessary per-job cancellation token. (#3656)

  • Optimize trust line caching: The existing trust line caching code was suboptimal in that it stored redundant information, pinned SLEs into memory, and required multiple memory allocations per cached object. This commit eliminates redundant data, reduces the size of cached objects and unpinning SLEs from memory, and uses value types to avoid the need for std::shared_ptr. As a result of these changes, the effective size of a cached object includes the overhead of the memory allocator, and the std::shared_ptr should be reduced by at least 64 bytes. This is significant, as there can easily be tens of millions of these objects. (4d5459)

  • Incremental improvements to pathfinding memory usage: This commit aborts background pathfinding when closed or disconnected, exits the pathfinding job thread if there are no requests left, does not create the path find a job if there are no requests, and refactors to remove the circular dependency between InfoSub and PathRequest. (#4111)

  • Improve deterministic transaction sorting in TxQ: This commit ensures that transactions with the same fee level are sorted by TxID XORed with the parent ledger hash, the TxQ is re-sorted after every ledger, and attempts to future-proof the TxQ tie-breaking test. (#4077)

  • Improve stop signaling for Application: (34ca45)

  • Eliminate SHAMapInnerNode lock contention: The SHAMapInnerNode class had a global mutex to protect the array of node children. Profiling suggested that around 4% of all attempts to lock the global would block. This commit removes that global mutex, and replaces it with a new per-node 16-way spinlock (implemented so as not to affect the size of an inner node object), effectively eliminating the lock contention. (1b9387)

  • Improve ledger-fetching logic: When fetching ledgers, the existing code would isolate the peer that sent the most useful responses, and issue follow-up queries only to that peer. This commit increases the query aggressiveness, and changes the mechanism used to select which peers to issue follow-up queries to so as to more evenly spread the load among those peers that provided useful responses. (48803a)

  • Simplify and improve order book tracking: The order book tracking code would use std::shared_ptr to track the lifetime of objects. This commit changes the logic to eliminate the overhead of std::shared_ptr by using value types, resulting in significant memory savings. (b9903b)

  • Negative cache support for node store: This commit allows the cache to service requests for nodes that were previously looked up but not found, reducing the need to perform I/O in several common scenarios. (3eb8aa)

  • Improve asynchronous database handlers: This commit optimizes the way asynchronous node store operations are processed, both by reducing the number of times locks are held and by minimizing the number of memory allocations and data copying. (6faaa9)

  • Cleanup AcceptedLedger and AcceptedLedgerTx: This commit modernizes the AcceptedLedger and AcceptedLedgerTx classes, reduces their memory footprint, and reduces unnecessary dynamic memory allocations. (8f5868)

Code Refactoring

This release includes name changes in the NFToken API for SFields, RPC return labels, and error codes for clarity and consistency. To refactor your code, migrate the names of these items to the new names as listed below.

SField name changes:

  • TokenTaxon -> NFTokenTaxon
  • MintedTokens -> MintedNFTokens
  • BurnedTokens -> BurnedNFTokens
  • TokenID -> NFTokenID
  • TokenOffers -> NFTokenOffers
  • BrokerFee -> NFTokenBrokerFee
  • Minter -> NFTokenMinter
  • NonFungibleToken -> NFToken
  • NonFungibleTokens -> NFTokens
  • BuyOffer -> NFTokenBuyOffer
  • SellOffer -> NFTokenSellOffer
  • OfferNode -> NFTokenOfferNode

RPC return labels

  • tokenid -> nft_id
  • index -> nft_offer_index

Error codes

  • temBAD_TRANSFER_FEE -> temBAD_NFTOKEN_TRANSFER_FEE
  • tefTOKEN_IS_NOT_TRANSFERABLE -> tefNFTOKEN_IS_NOT_TRANSFERABLE
  • tecNO_SUITABLE_PAGE -> tecNO_SUITABLE_NFTOKEN_PAGE
  • tecBUY_SELL_MISMATCH -> tecNFTOKEN_BUY_SELL_MISMATCH
  • tecOFFER_TYPE_MISMATCH -> tecNFTOKEN_OFFER_TYPE_MISMATCH
  • tecCANT_ACCEPT_OWN_OFFER -> tecCANT_ACCEPT_OWN_NFTOKEN_OFFER

Bug Fixes

  • Fix deletion of orphan node store directories: Orphaned node store directories should only be deleted if the proper node store directories are confirmed to exist. 06e87e

rippled (XRP Ledger server) Version 1.8.5

08 Feb 03:25
72377e7
Compare
Choose a tag to compare

Version 1.8.5

This is the 1.8.5 release of rippled, the reference implementation of the XRP Ledger protocol. This release includes fixes and updates for stability and security, and improvements to build scripts. There are no user-facing API or protocol changes in this release.

Bug Fixes

This release contains the following bug fixes and under-the-hood improvements:

  • Correct TaggedPointer move constructor: Fixes a bug in unused code for the TaggedPointer class. The old code would fail if a caller explicitly tried to remove a child that is not actually part of the node. (61389a8)

  • Ensure protocol buffer prerequisites are present: The build scripts and packages now properly handle Protobuf packages and various packages. Prior to this change, building on Ubuntu 21.10 Impish Indri would fail unless the libprotoc-dev package was installed. (b7e0306)

  • Improve handling of endpoints during peer discovery. This hardens and improves handling of incoming messages on the peer protocol. (289bc0a)

  • Run tests on updated linux distros: Test builds now run on Rocky Linux 8, Fedora 34 and 35, Ubuntu 18, 20, and 22, and Debian 9, 10, and 11. (a9ee802)

  • Avoid dereferencing empty optional in ReportingETL: Fixes a bug in Reporting Mode that could dereference an empty optional value when throwing an error. (5b085a7)

  • Correctly add GIT_COMMIT_HASH into version string: When building the server from a non-tagged release, the build files now add the commit ID in a way that follows the semantic-versioning standard, and correctly handle the case where the commit hash ID cannot be retrieved. (d23d37f)

  • Update RocksDB to version 6.27.3: Updates the version of RocksDB included in the server from 6.7.3 (which was released on 2020-03-18) to 6.27.3 (released 2021-12-10). (c5dc00a)

rippled (XRP Ledger server) Version 1.8.4

31 Jan 20:48
d49b486
Compare
Choose a tag to compare

Version 1.8.4

This is the 1.8.4 release of rippled, the reference implementation of the XRP Ledger protocol.

This release corrects a technical flaw introduced with 1.8.3 that may result in failures if the newly-introduced 'fast loading' is enabled. The release also adjusts default parameters used to configure the pathfinding engine to reduce resource usage.

Bug Fixes

  • Adjust mutex scope in walkMapParallel: This commit corrects a technical flaw introduced with commit 7c12f01 that would result in undefined behavior if the server operator configured their server to use the 'fast loading' mechanism introduced with 1.8.3.

  • Adjust pathfinding configuration defaults: This commit adjusts the default configuration of the pathfinding engine, to account for the size of the XRP Ledger mainnet. Unless explicitly overriden, the changes mean that pathfinding operations will return fewer, shallower paths than previous releases.

Version 1.8.3

This is the 1.8.3 release of rippled, the reference implementation of the XRP Ledger protocol.

This release implements changes that improve the syncing performance of peers on the network, adds countermeasures to several routines involving LZ4 to defend against CVE-2021-3520, corrects a minor technical flaw that would result in the server not using a cache for nodestore operations, and adjusts tunable values to optimize disk I/O.

Summary of Issues

Recently, servers in the XRP Ledger network have been taking an increasingly long time to sync back to the network after restartiningg. This is one of several releases which will be made to improve on this issue.

Bug Fixes

  • Parallel ledger loader & I/O performance improvements: This commit makes several changes that, together, should decrease the time needed for a server to sync to the network. To make full use of this change, rippled needs to be using storage with high IOPS and operators need to explicitly enable this behavior by adding the following to their config file, under the [node_db] stanza:

    [node_db]
    ...
    fast_load=1

Note that when 'fast loading' is enabled the server will not open RPC and WebSocket interfaces until after the initial load is completed. Because of this, it may appear unresponsive or down.

  • Detect CVE-2021-3520 when decompressing using LZ4: This commit adds code to detect LZ4 payloads that may result in out-of-bounds memory accesses.

  • Provide sensible default values for nodestore cache:: The nodestore includes a built-in cache to reduce the disk I/O load but, by default, this cache was not initialized unless it was explicitly configured by the server operator. This commit introduces sensible defaults based on the server's configured node size.

  • Adjust the number of concurrent ledger data jobs: Processing a large amount of data at once can effectively bottleneck a server's I/O subsystem. This commits helps optimize I/O performance by controlling how many jobs can concurrently process ledger data.

  • Two small SHAMapSync improvements: This commit makes minor changes to optimize the way memory is used and control the amount of background I/O performed when attempting to fetch missing SHAMap nodes.

rippled (XRP Ledger server) Version 1.8.2

21 Dec 00:03
89766c5
Compare
Choose a tag to compare

Version 1.8.2

Ripple has released version 1.8.2 of rippled, the reference server implementation of the XRP Ledger protocol. This release addresses the full transaction queues and elevated transaction fees issue observed on the XRP ledger, and also provides some optimizations and small fixes to improve the server's performance overall.

Summary of Issues

Recently, servers in the XRP Ledger network have had full transaction queues and transactions paying low fees have mostly not been able to be confirmed through the queue. After investigation, it was discovered that a large influx of transactions to the network caused it to raise the transaction costs to be proposed in the next ledger block, and defer transactions paying lower costs to later ledgers. The first part worked as designed, but deferred transactions were not being confirmed as the ledger had capacity to process them.

The root cause was that there were very many low-cost transactions that different servers in the network received in a different order due to incidental differences in timing or network topology, which caused validators to propose different sets of low-cost transactions from the queue. Since none of these transactions had support from a majority of validators, they were removed from the proposed transaction set. Normally, any transactions removed from a proposed transaction set are supposed to be retried in the next ledger, but servers attempted to put these deferred transactions into their transaction queues first, which had filled up. As a result, the deferred transactions were discarded, and the network was only able to confirm transactions that paid high costs.

Bug Fixes

  • Address elevated transaction fees: This change addresses the full queue problems in two ways. First, it puts deferred transactions directly into the open ledger, rather than transaction queue. This reverts a subset of the changes from ximinez@62127d7. A transaction that is in the open ledger but doesn't get validated should stay in the open ledger so that it can be proposed again right away. Second, it changes the order in which transactions are pulled from the transaction queue to increase the overlap in servers' initial transaction consensus proposals. Like the old rules, transactions paying higher fee levels are selected first. Unlike the old rules, transactions paying the same fee level are ordered by transaction ID / hash ascending. (Previously, transactions paying the same fee level were unsorted, resulting in each server having a different order.)

  • Add ignore_default option to account_lines API: This flag, if present, suppresses the output of incoming trust lines in the default state. This is primarily motivated by observing that users often have many unwanted incoming trust lines in a default state, which are not useful in the vast majority of cases. Being able to suppress those when doing account_lines saves bandwidth and resources. (#3980)

  • Make I/O and prefetch worker threads configurable: This commit adds the ability to specify io_workers and prefetch_workers in the config file which can be used to specify the number of threads for processing raw inbound and outbound IO and configure the number of threads for performing node store prefetching. (#3994)

  • Enforce account RPC limits by objects traversed: This changes the way the account_objects API method counts and limits the number of objects it returns. Instead of limiting results by the number of objects found, it counts by the number of objects traversed. Additionally, the default and maximum limits for non-admin connections have been decreased. This reduces the amount of work that one API call can do so that public API servers can share load more effectively. (#4032)

  • Fix a crash on shutdown: The NuDB backend class could throw an error in its destructor, resulting in a crash while the server was shutting down gracefully. This crash was harmless but resulted in false alarms and noise when tracking down other possible crashes. (#4017)

  • Improve reporting of job queue in admin server_info: The server_info command, when run with admin permissions, provides information about jobs in the server's job queue. This commit provides more descriptive names and more granular categories for many jobs that were previously all identified as "clientCommand". (#4031)

  • Improve full & compressed inner node deserialization: Remove a redundant copy operation from low-level SHAMap deserialization. (#4004)

  • Reporting mode: only forward to P2P nodes that are synced: Previously, reporting mode servers forwarded to any of their configured P2P nodes at random. This commit improves the selection so that it only chooses from P2P nodes that are fully synced with the network. (#4028)

  • Improve handling of HTTP X-Forwarded-For and Forwarded headers: Fixes the way the server handles IPv6 addresses in these HTTP headers. (#4009, #4030)

  • Other minor improvements to logging and Reporting Mode.

rippled (XRP Ledger server) Version 1.8.1

25 Nov 00:32
fbedfb2
Compare
Choose a tag to compare

Version 1.8.0

Ripple has released version 1.8.0 of rippled, the reference server implementation of the XRP Ledger protocol. This release brings several features and improvements.

New and Improved Features

  • Improve History Sharding: Shards of ledger history are now assembled in a deterministic way so that any server can make a binary-identical shard for a given range of ledgers. This makes it possible to retrieve a shard from multiple sources in parallel, then verify its integrity by comparing checksums with peers' checksums for the same shard. Additionally, there's a new admin RPC command to import ledger history from the shard store, and the crawl_shards command has been expanded with more info. (#2688, #3726, #3875)
  • New CheckCashMakesTrustLine Amendment: If enabled, this amendment will change the CheckCash transaction type so that cashing a check for an issued token automatically creates a trust line to hold the token, similar to how purchasing a token in the decentralized exchange creates a trust line to hold the token. This change provides a way for issuers to send tokens to a user before that user has set up a trust line, but without forcing anyone to hold tokens they don't want. (#3823)
  • Automatically determine the node size: The server now selects an appropriate [node_size] configuration value by default if it is not explicitly specified. This parameter tunes various settings to the specs of the hardware that the server is running on, especially the amount of RAM and the number of CPU threads available in the system. Previously the server always chose the smallest value by default.
  • Improve transaction relaying logic: Previously, the server relayed every transaction to all its peers (except the one that it received the transaction from). To reduce redundant messages, the server now relays transactions to a subset of peers using a randomized algorithm. Peers can determine whether there are transactions they have not seen and can request them from a peer that has them. It is expected that this feature will further reduce the bandwidth needed to operate a server.
  • Improve the Byzantine validator detector: This expands the detection capabilities of the Byzantine validation detector. Previously, the server only monitored validators on its own UNL. Now, the server monitors for Byzantine behavior in all validations it sees.
  • Experimental tx stream with history for sidechains: Adds an experimental subscription stream for sidechain federators to track messages on the main chain in canonical order. This stream is expected to change or be replaced in future versions as work on sidechains matures.
  • Support Debian 11 Bullseye: This is the first release that is compatible with Debian Linux version 11.x, "Bullseye." The .deb packages now use absolute paths only, for compatibility with Bullseye's stricter package requirements. (#3909)
  • Improve Cache Performance: The server uses a new storage structure for several in-memory caches for greatly improved overall performance. The process of purging old data from these caches, called "sweeping", was time-consuming and blocked other important activities necessary for maintaining ledger state and participating in consensus. The new structure divides the caches into smaller partitions that can be swept in parallel.
  • Amendment default votes: Introduces variable default votes per amendment. Previously the server always voted "yes" on any new amendment unless an admin explicitly configured a voting preference for that amendment. Now the server's default vote can be "yes" or "no" in the source code. This should allow a safer, more gradual roll-out of new amendments, as new releases can be configured to understand a new amendment but not vote for it by default. (#3877)
  • More fields in the validations stream: The validations subscription stream in the API now reports additional fields that were added to validation messages by the HardenedValidations amendment. These fields make it easier to detect misconfigurations such as multiple servers sharing a validation key pair. (#3865)
  • Reporting mode supports validations and manifests streams: In the API it is now possible to connect to these streams when connected to a servers running in reporting. Previously, attempting to subscribe to these streams on a reporting server failed with the error reportingUnsupported. (#3905)

Bug Fixes

  • Clarify the safety of NetClock::time_point arithmetic: * NetClock::rep is uint32_t and can be error-prone when used with subtraction. * Fixes #3656
  • Fix out-of-bounds reserve, and some minor optimizations
  • Fix nested locks in ValidatorSite
  • Fix clang warnings about copies vs references
  • Fix reporting mode build issue
  • Fix potential deadlock in Validator sites
  • Use libsecp256k1 instead of OpenSSL for key derivation: The deterministic key derivation code was still using calls to OpenSSL. This replaces the OpenSSL-based routines with new libsecp256k1-based implementations
  • Improve NodeStore to ShardStore imports: This runs the import process in a background thread while preventing online_delete from removing ledgers pending import
  • Simplify SHAMapItem construction: The existing class offered several constructors which were mostly unnecessary. This eliminates all existing constructors and introduces a single new one, taking a Slice. The internal buffer is switched from std::vector to Buffer to save a minimum of 8 bytes (plus the buffer slack that is inherent in std::vector) per SHAMapItem instance.
  • Redesign stoppable objects: Stoppable is no longer an abstract base class, but a pattern, modeled after the well-understood std::thread. The immediate benefits are less code, less synchronization, less runtime work, and (subjectively) more readable code. The end goal is to adhere to RAII in our object design, and this is one necessary step on that path.

rippled (XRP Ledger server) Version 1.7.3

27 Aug 21:29
96bbabb
Compare
Choose a tag to compare

Version 1.7.3

This is the 1.7.3 release of rippled, the reference implementation of the XRP Ledger protocol. This release addresses an OOB memory read identified by Guido Vranken, as well as an unrelated issue identified by the Ripple C++ team that could result in incorrect use of SLEs. Additionally, this version also introduces the NegativeUNL amendment, which corresponds to the feature which was introduced with the 1.6.0 release.

Action Required

If you operate an XRP Ledger server, then you should upgrade to version 1.7.3 at your earliest convenience to mitigate the issues addressed in this hotfix. If a sufficient majority of servers on the network upgrade, the NegativeUNL amendment may gain a majority, at which point a two week activation countdown will begin. If the NegativeUNL amendment activates, servers running versions of rippled prior to 1.7.3 will become amendment blocked.

Bug Fixes

Improve SLE usage in check cashing: Fixes a situation which could result in the incorrect use of SLEs.
Address OOB in base58 decoder: Corrects a technical flaw that could allow an out-of-bounds memory read in the Base58 decoder.
Add NegativeUNL as a supported amendment: Introduces an amendment for the Negative UNL feature introduced in rippled 1.6.0.

rippled (XRP Ledger server) Version 1.7.2

24 May 22:45
34ee4ca
Compare
Choose a tag to compare

This the 1.7.2 release of rippled, the reference server implementation of the XRP Ledger protocol. This release protects against the security issue CVE-2021-3499 affecting OpenSSL, adds an amendment to fix an issue with small offers not being properly removed from order books in some cases, and includes various other minor fixes. Version 1.7.2 supersedes version 1.7.1 and adds fixes for more issues that were discovered during the release cycle.

Action Required

This release introduces a new amendment to the XRP Ledger protocol: fixRmSmallIncreasedQOffers. This amendment is now open for voting according to the XRP Ledger's amendment process, which enables protocol changes following two weeks of >80% support from trusted validators. If you operate an XRP Ledger server, then you should upgrade to version 1.7.2 within two weeks, to ensure service continuity. The exact time that protocol changes take effect depends on the voting decisions of the decentralized network. If you operate an XRP Ledger validator, please learn more about this amendment so you can make informed decisions about how your validator votes. If you take no action, your validator begins voting in favor of any new amendments as soon as it has been upgraded.

Bug Fixes

fixRmSmallIncreasedQOffers Amendment: This amendment fixes an issue where certain small offers can be left at the tip of an order book without being consumed or removed when appropriate and causes some payments and Offers to fail when they should have succeeded (#3827).
Adjust OpenSSL defaults and mitigate CVE-2021-3499: Prior to this fix, servers compiled against a vulnerable version of OpenSSL could have a crash triggered by a malicious network connection. This fix disables renegotiation support in OpenSSL so that the rippled server is not vulnerable to this bug regardless of the OpenSSL version used to compile the server. This also removes support for deprecated TLS versions 1.0 and 1.1 and ciphers that are not part of TLS 1.2 (#79e69da).
Support HTTP health check-in reporting mode: Enables the Health Check special method when running the server in the new Reporting Mode introduced in 1.7.0 (9c8cadd).
Maintain compatibility for forwarded RPC responses: Fixes a case in API responses from servers in Reporting Mode, where requests that were forwarded to a P2P-mode server would have the result field nested inside another result field (8579eb0).
Add load_factor in reporting mode: Adds a load_factor value to the server info method response when running the server in Reporting Mode so that the response is compatible with the format returned by servers in P2P mode (the default) (430802c).
Properly encode metadata from tx RPC command: Fixes a problem where transaction metadata in the tx API method response would be in JSON format even when the binary was requested (7311629).
Updates to Windows builds: When building on Windows, use vcpkg 2021 by default and add compatibility with MSVC 2019 (36fe196), (30fd458).

rippled (XRP Ledger server) Version 1.7.0

24 Feb 16:31
c0a0b79
Compare
Choose a tag to compare

Ripple has released version 1.7.0 of rippled, the reference server implementation of the XRP Ledger protocol. This release significantly improves memory usage, introduces a protocol amendment to allow out-of-order transaction execution with Tickets, and brings several other features and improvements.

Upgrading (SPECIAL ACTION REQUIRED)
If you use the precompiled binaries of rippled that Ripple publishes for supported platforms, please note that Ripple has renewed the GPG key used to sign these packages. If you are upgrading from a previous install, you must download and trust the renewed key. Automatic upgrades will not work until you have re-trusted the key.

Red Hat Enterprise Linux / CentOS

(These instructions have been updated.) First, re-add the repository to get the updated key.

cat << REPOFILE | sudo tee /etc/yum.repos.d/ripple.repo 
[ripple-stable]
name=XRP Ledger Packages
enabled=1
gpgcheck=0
repo_gpgcheck=1
baseurl=https://repos.ripple.com/repos/rippled-rpm/stable
gpgkey=https://repos.ripple.com/repos/rippled-rpm/stable/repodata/repomd.xml.key
REPOFILE

Then perform a manual upgrade. When prompted, confirm that the key's fingerprint matches the following example, then press y to accept the updated key:

$ sudo yum install rippled
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.web-ster.com
* epel: mirrors.syringanetworks.net
* extras: ftp.osuosl.org
* updates: mirrors.vcea.wsu.edu
ripple-nightly/signature 
|  650 B  00:00:00    
Retrieving key from https://repos.ripple.com/repos/rippled-rpm/nightly/repodata/repomd.xml.key
Importing GPG key 0xCCAFD9A2:
Userid     : "TechOps Team at Ripple <[email protected]>"
Fingerprint: c001 0ec2 05b3 5a33 10dc 90de 395f 97ff ccaf d9a2
From       : https://repos.ripple.com/repos/rippled-rpm/nightly/repodata/repomd.xml.key
Is this ok [y/N]: y

Ubuntu / Debian
Download and trust the updated public key, then perform a manual upgrade as follows:

wget -q -O - "https://repos.ripple.com/repos/api/gpg/key/public" | \
    sudo apt-key add -
sudo apt -y update
sudo apt -y install rippled

New and Improved Features

  • Rework deferred node logic and async fetch behavior: This change significantly improves ledger sync and fetch times while reducing memory consumption. (https://blog.ripplex.io/how-ripples-c-team-cut-rippleds-memory-footprint-down-to-size/)
  • New Ticket feature: Tickets are a mechanism to prepare and send certain transactions outside of the normal sequence order. This version reworks and completes the implementation for Tickets after more than 6 years of development. This feature is now open for voting as the newly-introduced TicketBatch amendment, which replaces the previously-proposed Tickets amendment. The specification for this change can be found at: XRPLF/XRPL-Standards#16
  • Add Reporting Mode: The server can be compiled to operate in a new mode that serves API requests for validated ledger data without connecting directly to the peer-to-peer network. (The server needs a gRPC connection to another server that is on the peer-to-peer network.) Reporting Mode servers can share access to ledger data via Apache Cassandra and PostgreSQL to more efficiently serve API requests while peer-to-peer servers specialize in broadcasting and processing transactions. (#3609)
  • Optimize relaying of validation and proposal messages: Servers typically receive multiple copies of any given message from directly connected peers; in particular, consensus proposal and validation messages are often relayed with extremely high redundancy. For servers with several peers, this can cause redundant work. This commit introduces experimental code that attempts to optimize the relaying of proposals and validations by allowing servers to instruct their peers to "squelch" delivery of selected proposals and validations. This change is considered experimental at this time and is disabled by default because the functioning of the consensus network depends on messages propagating with high reliability through the constantly-changing peer-to-peer network. Server operators who wish to test the optimized code can enable it in their server config file.
  • Report server domain to other servers: Server operators now have the option to configure a domain name to be associated with their servers. The value is communicated to other servers and is also reported via the server_info API. The value is meant for third-party applications and tools to group servers together. For example, a tool that visualizes the network's topology can show how many servers are operated by different stakeholders. An operator can claim any domain, so tools should use the xrp-ledger.toml file to confirm that the domain also claims ownership of the servers.
  • Improve handling of peers that aren't synced: When evaluating the fitness and usefulness of an outbound peer, the code would incorrectly calculate the amount of time that the peer spent in a non-useful state. This release fixes the calculation and makes the timeout values configurable by server operators. Two new options are introduced in the 'overlay' stanza of the config file.
  • Persist API-configured voting settings: Previously, the amendments that a server would vote in support of or against could be configured both via the configuration file and via the "feature" API method. Changes made in the configuration file were only loaded at server startup; changes made via the command line take effect immediately but were not persisted across restarts. Starting with this release, changes made via the API are saved to the wallet.db database file so that they persist even if the server is restarted. Amendment voting in the config file is deprecated. The first time the server starts with v1.7.0 or higher, it reads any amendment voting settings in the config file and saves the settings to the database; on later restarts the server prints a warning message and ignores the [amendments] and [veto_amendments] stanzas of the config file. Going forward, use the feature method to view and configure amendment votes. If you want to use the config file to configure amendment votes, add a line to the [rpc_startup] stanza such as the following: [rpc_startup] { "command": "feature", "feature": "FlowSortStrands", "vetoed": true }
  • Support UNLs with future effective dates: Updates the format for the recommended validator list file format, allowing publishers to pre-publish the next recommended UNL while the current one is still valid. The server is still backwards compatible with the previous format, but the new format removes some uncertainty during the transition from one list to the next. Also, starting with this release, the server locks down and reports an error if it has no valid validator list. You can clear the error by loading a validator list from a file or by configuring a different UNL and restarting; the error also goes away on its own if the server is able to obtain a trusted validator list from the network (for example, after an network outage resolves itself).
  • Improve manifest relaying: Servers now propagate change messages for validators' ephemeral public keys ("manifests") on a best-effort basis, to make manifests more available throughout the peer-to-peer network. Previously, the server would only relay manifests from validators it trusts locally, which made it difficult to detect and track validators that are not broadly trusted.
  • Implement ledger forward replay feature: The server can now sync up to the network by "playing forward" transactions from a previously saved ledger until it catches up to the network. Compared with the default behavior of fetching the latest state and working backwards, forward replay can save time and bandwidth by reconstructing previous ledgers' state data rather than downloading the pre-calculated results from the network. As an added bonus, forward replay confirms that the rest of the network followed the same transaction processing rules as the local server when processing the intervening ledgers. This feature is considered experimental this time and can be enabled with an option in the config file.
  • Make the transaction job queue limit adjustable: The server uses a job queue to manage tasks, with limits on how many jobs of a particular type can be queued. The previously hard-coded limit associated with transactions is now configurable. Server operators can increase the number of transactions their server is able to queue, which may be useful if your server has a large memory capacity or you expect an influx of transactions. (#3556)
  • Add public_key to the Validator List method response: The Validator List method can be used to request a recommended validator list from a rippled instance. The response now includes the public key of the requested list. (#3392)
  • Server operators can now configure maximum inbound and outbound peers separately: The new peers_in_max and peers_out_max config options allow server operators to independently control the maximum number of inbound and outbound peers the server allows. [70c4ecc]
  • Improvements to shard downloading: Previously the download_shard command could only load shards over HTTPS. Compressed shards can now also be downloaded over plain HTTP. The server fully checks the data for integrity and consistency, so the encryption is not strictly necessary. When initiating multiple shard downloads, the server now returns an error if there is not enough space to store all the shards currently being downloaded.
  • The manifest command is now public: The manifest API method returns public information about a given validator. The required permissions have been changed so it is now part of the public API.

Bug Fixes

  • Implement sticky DNS resolution for...
Read more

rippled (XRP Ledger server) Version 1.6.0

19 Aug 17:26
01bd5a2
Compare
Choose a tag to compare

This rippled 1.6.0 release introduces several new features including changes to the XRP Ledger's consensus mechanism to make it even more robust in adverse conditions, as well as numerous bug fixes and optimizations.

New and Improved Features

  • Initial implementation of Negative UNL functionality: This change can improve the liveness of the network during periods of network instability, by allowing servers to track which validators are temporarily offline and to adjust quorum calculations to match. This change requires an amendment, but the amendment is not in the 1.6.0 release. Ripple expects to run extensive public testing for Negative UNL functionality on the Devnet in the coming weeks. If public testing satisfies all requirements across security, reliability, stability, and performance, then the amendment could be included in a version 2.0 release. [#3380]
  • Validation Hardening: This change allows servers to detect accidental misconfiguration of validators, as well as potentially Byzantine behavior by malicious validators. Servers can now log a message to notify operators if they detect a single validator issuing validations for multiple, incompatible ledger versions, or validations from multiple servers sharing a key. As part of this update, validators report the version of rippled they are using, as well as the hash of the last ledger they consider to be fully validated, in validation messages. [#3291] Amendment: Required
  • Software Upgrade Monitoring & Notification: After the HardenedValidations amendment is enabled and the validators begin reporting the versions of rippled they are running, a server can check how many of the validators on its UNL run a newer version of the software than itself. If more than 60% of a server's validators are running a newer version, the server writes a message to notify the operator to consider upgrading their software. [#3447]
  • Link Compression: Beginning with 1.6.0, server operators can enable support for compressing peer-to-peer messages. This can save bandwidth at a cost of higher CPU usage. This support is disabled by default and should prove useful for servers with a large number of peers. [#3287]
  • Unconditionalize Amendments that were enabled in 2017: This change removes legacy code which the network has not used since 2017. This change limits the ability to replay ledgers that rely on the pre-2017 behavior. [#3292]
  • New Health Check Method: Perform a simple HTTP request to get a summary of the health of the server: Healthy, Warning, or Critical. [#3365]
  • Start work on API version 2. Version 2 of the API will be part of a future release. The first breaking change will be to consolidate several closely related error messages that can occur when the server is not synced into a single "notSynced" error message. [#3269]
  • Improved shard concurrency: Improvements to the shard engine have helped reduce the lock scope on all public functions, increasing the concurrency of the code. [#3251]
  • Default Port: In the config file, the [ips_fixed] and [ips] stanzas now use the IANA-assigned port for the XRP Ledger protocol (2459) when no port is specified. The connect API method also uses the same port by default. [#2861].
  • Improve proposal and validation relaying. The peer-to-peer protocol always relays trusted proposals and validations (as part of the consensus process), but only relays untrusted proposals and validations in certain circumstances. This update adds configuration options so server operators can fine-tune how their server handles untrusted proposals and validations, and changes the default behavior to prioritize untrusted validations higher than untrusted proposals. [#3391]
  • Various Build and CI Improvements including updates to RocksDB 6.7.3 [#3356], NuDB 2.0.3 [#3437], adjusting CMake settings so that rippled can be built as a submodule [#3449], and adding Travis CI settings for Ubuntu Bionic Beaver [#3319].
  • Better documentation in the config file for online deletion and database tuning. [#3429]

Bug Fixes

  • Fix the 14 day timer to enable amendment to start at the correct quorum size [#3396]
    Improve online delete backend lock which addresses a possibility in the online delete process where one or more backend shared pointer references may become invalid during rotation. [#3342]
  • Address an issue that can occur during the loading of validator tokens, where a deliberately malformed token could cause the server to crash during startup. [#3326]
  • Add delivered amount to GetAccountTransactionHistory. The delivered_amount field was not being populated when calling GetAccountTransactionHistory. In contrast, the delivered_amount field was being populated when calling GetTransaction. This change populates delivered_amount in the response to GetAccountTransactionHistory, and adds a unit test to make sure the results delivered by GetTransaction and GetAccountTransactionHistory match each other. [#3370]
  • Fix build issues for GCC 10 [#3393]
  • Fix historical ledger acquisition - this fixes an issue where historical ledgers were acquired only since the last online deletion interval instead of the configured value to allow deletion.[#3369]
  • Fix build issue with Docker #3416]
  • Add Shard family. The App Family utilizes a single shared Tree Node and Full Below cache for all history shards. This can create a problem when acquiring a shard that shares an account state node that was recently cached from another shard operation. The new Shard Family class solves this issue by managing separate Tree Node and Full Below caches for each shard. #3448]
  • Amendment table clean up which fixes a calculation issue with majority. #3428]
  • Add the ledger_cleaner command to rippled command line help [#3305]
    Various typo and comments fixes.