As a result of CVE-2020-7919, binary versions of Cothority from before v3.4.1 are vulnerable to malicious input on the conode-conode channel.

This release is built with Go 1.13.7, which has a solution to CVE-2020-7919.

Other fixes in this version:

• #2181 GetUpdateChain sends all available updates
• e-voting: LookupSciper now uses LDAP
• Usability improvements to bcadmin
• Cleanup in personhood, replay
• Bevm: Use reflection to handle in/out call args, and many other cleanups

Changes recently released via NPM:

• KyberJS
  • #2177: correct KyberJS to do a mod after a neg operation
  • #2172: fix curve point double stability
• CothorityJS
  • Use crypto-browserify to work in more environments
  • #2154: expose protobuf
  • improve reliability of wait proof
  • additional marshalling methods available

Important changes in this version:

• #2161: Personhood uses new dark rule only with version 3
• dedis/onet#606: Fix a problem with simulation live lock
• #2128: Clean block cache correctly

Stability improvements

• Clean the block-cache correctly #2128
• Atomically commit forward-link and new block #2122
• Limit viewchange timeout #2121
• a tool to fix a blocked Byzcoin ledger: reset forward links of latest block #2120, #2118

There are additional usability improvements and logging improvements as well.

An experimental contract has been added to ByzCoin making it possible to use Ethereum contracts. See directory bevm.

The ByzCoin client-side API version number has changed from 1 to 2. Callers should use the new version in their requests, but the change is backwards compatible and old clients will still work.

ATTENTION: This release is deprecated due to dedis/onet#583.

An experimental contract has been added to ByzCoin making it possible to use Ethereum contracts. See directory bevm.

The ByzCoin client-side API version number has changed from 1 to 2. Callers should use the new version in their requests, but the change is backwards compatible and old clients will still work.

This is the first version of the new v3.2.x branch. It includes these new features:

• Version numbers in blocks, making block structure evolution possible in the future. #1854
• Added extended attributes to DARCs #2033

And fixes like:

• Fixes to the Personhood protocols
• Fixes to deferred transactions
• Better docs
• #1990 Fix instruction hash
• #2028 Fix phantom skipchains when getting byzcoin IDs

Version 3.2.x will be the final minor release on Cothority 3. We will soon start development on Cothority 4. The 3.2.x branch will receive back ports of some new work (depending on complexity and need).

Usability and stability updates:

• Return better errors in AddTransactionAndWait
• Uses the latest SendProtobufParallel from onet to simplify and speed up real-life usage of byzcoin
• Added a CLI for the Calypso service
• Stability improvements
  • #2009 Return error if bucket does not exist
  • #1980 syncChain can go into an infinite loop
  • #1996 Fix consistency issue if any

• Naming contract
• Repair database on boot for catastrophic crashes
• Stability fixes

• Multiple fixes to the byzcoin service

Java library: v3.1.2 Javascript library v3.1.2

• New signature scheme called BDN that is more secure than BLS and thus is used by default for new skipchains

• Deferred contract to simplify the way multi-signatures instruction are handled

• REST+JSON support

• Multiple bug fixes