23.6.0

As part of our ongoing commitment to deliver the best remote signing solutions, we are announcing a change in our product offerings.

We have decided to deprecate our EthSigner product to focus our efforts on enhancing Web3Signer, our newly comprehensive remote signing solution. This is rooted in our strategy to streamline our offerings and focus on a single, robust product that will provide functionality for both transaction and Ethereum validator signing. We hope this makes it applicable to all your use-cases like public Ethereum signing, staking infrastructure offerings, and in private network contexts.

Rest assured, we are not dropping existing EthSigner functionality. We are updating Web3Signer to incorporate the functionalities of EthSigner alongside everything else in Web3Signer. We will ensure a smooth transition by maintaining EthSigner with necessary patches for an additional six months. We hope this provides ample time for any necessary migration to Web3Signer.

We have begun adding EthSigner functionality to Web3Signer. This is a work in progress and not complete.

Features Added

• Optional Azure bulk loading tags support using cli option --azure-secrets-tags.
• Support Prometheus Push Gateway Metrics #796
• Cache Genesis Validators Root (GVR) in-memory on first database lookup. This would eliminate further database lookups
  for GVR during sign operations and improve their performance. #600
• Add RPC proxy support to execution client under the eth1 subcommand #775
• Add eth_accounts RPC method under the eth1 subcommand #784

Bugs Fixed

• Upgrade jackson and vertx to upgrade snakeyaml to 2.0 to fix CVE-2022-1471
• Fixed handling of very large number (30,000+) of signing metadata files with Hashicorp connection by introducing
  experimental flag to disable parallel processing --Xmetadata-files-parallel-processing-enabled.
  #794
• Fixed startup error with web3signer where openAPI spec cannot be loaded #772
• Removed unmaintained and out-of-date helm chart #802

---

Downloads

File	Checksum (sha256)
web3signer.tar.gz	250c91e7fa18ae9d4962b083a95a7018775a6b99991f1423ce99ffef0366d4a5
web3signer.zip	cb92a7bd50f2efe9d9c63d5db8fc10483b58912d08f96e13e0e50c2f8a33563d

Docker

• docker pull consensys/web3signer:23.6.0
• docker pull consensys/web3signer:23.6.0-jdk11

23.3.1

23.3.1

Web3Signer 23.3.1 is a required update for Mainnet users. Mainnet Capella hard fork is scheduled for April 12, 2023, 10:27:35pm UTC.

There are no database schema changes in this release.

Features Added

• Add support for Capella milestone in Mainnet
• Enhanced Healthcheck endpoint reporting status of loading of signers keys #738
• Optional AWS endpoint overriding for bulk loading --aws-endpoint-override. Useful for local testing against localstack. #730

Bugs Fixed

• Update of Azure libraries (transitive via signers library) and manual override to fix CVE-2023-1370
• Fix issue with some third-party libraries not including logs in the web3signer logs due to missing slf4j2 library

---

Downloads

File	Checksum (sha256)
web3signer.tar.gz	32dfbfd8d5900f19aa426d3519724dd696e6529b7ec2f99e0cb1690dae52b3d6
web3signer.zip	117bcd1115ff458b700562189c78d020390bd7b6f963a614f3800940a83a83fc

Docker

• docker pull consensys/web3signer:23.3.1
• docker pull consensys/web3signer:23.3.1-jdk11

23.3.0

There are database schema changes in this release. See Web3Signer slashing protection doc for details on how to upgrade the database schema

Web3Signer 23.3.0 is a required update for Goerli users. This update is optional for Mainnet users

Goerli Capella hard fork is scheduled for Tuesday, March 14, 2023 10:25:36 PM UTC

Breaking Changes

• Slashing protection database schema has been updated to support indexes with bigint type and after the upgrade will no longer work with older versions of Web3Signer.

Features Added

• Add support for Capella milestone in Goerli
• Introduced cli option --key-store-config-file-max-size to change the default value of configuration file size. #719

Bugs fixed

• Fix issue with slashing protection database failing once reaching max integer index value #705
• Fix issue with Web3Signer startup when configuration file size is greater than 3 MB #719

---

Downloads

File	Checksum (sha256)
web3signer.tar.gz	8f6447d473c4362569ff93c699f1fa27b090ff46b84087f0ff228ae17d173302
web3signer.zip	fc8c07735e382eeaa24af07933ad8f601b9320ce9c6cbdb151c393c78e38d3d8

Docker

• docker pull consensys/web3signer:23.3.0
• docker pull consensys/web3signer:23.3.0-jdk11

23.2.1

23.2.1

Web3Signer 23.2.1 is a required update for Sepolia users

This update is optional for Mainnet users

Sepolia Capella hardfork scheduled for: Tue Feb 28 2023 04:04:48 UTC

Features Added

• Add support for Capella milestone in Sepolia
• Add Block signing support for Capella

Bugs fixed

• Upgrade to Vertx 4.3.8 to address CVE-2023-24815
• Updated docker image with latest libssl3

Full Changelog: 23.2.0...23.2.1

---

Downloads

File	Checksum (sha256)
web3signer.tar.gz	652f88bce1945f1c8ad3943b20c7c9adba730b2e4a5b9dec13a695c41f3e2ff1
web3signer.zip	f187353312551d4a6a0789f47d527da44a01d7f52884c405dce4648b27a4efca

Docker

• docker pull consensys/web3signer:23.2.1
• docker pull consensys/web3signer:23.2.1-jdk11

23.2.0

Features Added

• AWS Secrets Manager bulkload mode can now load multiple keys from same secret where keys are separated by line terminating
  character (such as \n). #706
• Upgrade of Postgresql JDBC driver

Full Changelog: 23.1.0...23.2.0

---

Downloads

File	Checksum (sha256)
web3signer.tar.gz	878cb37d4639c7aaeef13b4a767061ae9baf916e105efd3d596497179e2e8a73
web3signer.zip	f272ef7e120e4294220e50c66b28bc499e53d561d8b21a40cb1eedb2e9a845a1

Docker

• docker pull consensys/web3signer:23.2.0
• docker pull consensys/web3signer:23.2.0-jdk11

23.1.0

23.1.0

Features Added

• Multiple Signing Key configurations can be specified in single YAML file using triple-dash --- separator.
  #689
• Reloading of signing key configuration file (via /reload endpoint) will process new or modified configuration files. #689
• Updated Teku libraries version to 22.12.0

Bugs Fixed

• Upgrade various dependencies including netty libraries to address CVE-2022-41881 and CVE-2022-41915

Full Changelog: 22.11.0...23.1.0

---

Downloads

File	Checksum (sha256)
web3signer.tar.gz	47b6ff266d0c99185e4a4a595bc2e0578f0f722fb08baa80df462938f2f8fe74
web3signer.zip	29916cd8ffe3e7a79e1c52a31c04f7a8e6f7100914ed837285565498dee6e5bc

Docker

• docker pull consensys/web3signer:23.1.0
• docker pull consensys/web3signer:23.1.0-jdk11

22.11.0

Breaking Changes

• Slashing protection imports will now only fail for an individual validator instead for all validators allowing partial
  import if there is valid and invalid data.

Features Added

• Introduced cli option to specify Hikari configuration for pruning database connection #661
• Better database pruning default values: Pruning enabled by default with
  slashing-protection-pruning-epochs-to-keep = 250, slashing-protection-pruning-at-boot-enabled = false and
  slashing-protection-pruning-interval = 12.
• Improved performance for slashing protection import
• Introduced experimental cli option --Xslashing-protection-db-connection-pool-enabled to disable internal database
  connection pool (Hikari) to allow using external database connection pool such as pgBouncer.
  --slashing-protection-db-pool-configuration-file and --slashing-protection-pruning-db-pool-configuration-file can be
  reused to specify PG Datasource properties. #662
• Added new subcommand watermark-repair to update low watermarks

Full Changelog

22.10.0...22.11.0

---

Downloads

File	Checksum (sha256)
web3signer.tar.gz	c13b63ab9c3750e7298452a9fa518776cfe8cd17214e03eaf3973c5307a00666
web3signer.zip	3aea1bc26a22cc328498a0a20115b989150369cde29442e19257657423eaa955

Docker

• docker pull consensys/web3signer:22.11.0
• docker pull consensys/web3signer:22.11.0-jdk11

22.10.0

Features Added

• Log eth2 network configuration on startup #640
• Updated internal Teku libraries to 22.10.1
• Updated HikariCP to 5.0.1

Bugs Fixed

• Upgrade jackson libraries to fix CVE-2022-25857, CVE-2022-38751, CVE-2022-38752 and CVE-2022-42003
• Upgrade protobufs to fix CVE-2022-3171

Full Changelog

22.8.1...22.10.0

New Contributors

• @jtraglia made their first contribution in #632

Downloads

web3signer.tar.gz

• Download Checksum (sha256) 615cb7c99fec0e5cb7e27f1752a16dc73b8551dd1264a90d83dae21a47421f18

web3signer.zip

• Download Checksum (sha256) 5c61f00d215b02266caa9bcda129f24877262ec598b253a57a5a0718d6338e32

Docker

• docker pull consensys/web3signer:22.10.0
• docker pull consensys/web3signer:22.10.0-jdk11

22.8.1

Features Added

• Updated internal Teku libraries to 22.8.1. This update includes Bellatrix network upgrade and merge transition configuration for Mainnet.

Downloads

web3signer.tar.gz

• Download Checksum (sha256) ec888222484c4d1b6203bd6d248890adf713f8bf47fb362fb36e8d47a98cb401

web3signer.zip

• Download Checksum (sha256) f5bbe2772c79adcce850a34cc665a6a43a5a0ed7edca80e2cd9a020eec10a73d

Docker

• docker pull consensys/web3signer:22.8.1
• docker pull consensys/web3signer:22.8.1-jdk11

22.8.0

Features Added

• Added health check endpoint #538.
• Introduced --slashing-protection-db-health-check-timeout-milliseconds to specify the timeout of the slashing db health check procedure.
• Introduced --slashing-protection-db-health-check-interval-milliseconds to specify the interval between slashing db health check procedures.
• Updated Teku libraries version (support for Prater/Görli merge).

Bugs Fixed

• Updated to PostgreSQL JDBC driver to 42.4.1. Resolves a potential vulnerability CVE-2022-31197.

Downloads

web3signer.tar.gz

• Download Checksum (sha256) 5f9d702f0b5e8dfc2329df5919c9936bfda2d79b521fd7cdfe382be27ef9ecd0

web3signer.zip

• Download Checksum (sha256) e058f1f22644a80cf29bc1004fc2f94c8eda4f523fd4884d5111e25f53000cf1

Docker

• docker pull consensys/web3signer:22.8.0
• docker pull consensys/web3signer:22.8.0-jdk11