Hello there!

We are happy to announce that voting is now open for a new IC release .
The NNS proposal is here: IC NNS Proposal 126293.

Here is a summary of the changes since the last release:

## Features:

• [e920a65] Boundary Nodes,Node(boundary-node): remove boundary node rate-limit for update calls
• [841615d] Execution: add node metrics API endpoint
• [d16296c] Message Routing,Runtime: Reading and writing overlay files

## Bugfixes:

• [77ec30b] Consensus(ecdsa): Fix tECDSA key transcripts being reshared twice
• [6b292dc] Execution: Fix querying bitcoin_get_balance_query from an ingress message currently returns the error
• [c27930e] Execution,Runtime: bump canister version in DTS for install_code
• [8c9e85f] Message Routing: Consolidate mapping of StateError to ErrorCode / RejectCode
• [3ece7be] Networking(p2p-consensus): Handle duplicate adverts from same peer
• [54e6ab6] Networking: increase the message size limit to 128 MB
• [d2679ab] Execution,Runtime: Fix system state updates in canister install/upgrade with DTS

## Performance improvements:

• [7ff347f] Crypto: Don’t verify the PoP when decrypting a MEGa ciphertext
• [a40e460] Crypto: Add an optimized gx+hy computation for tECDSA
• [74b90dd] Crypto: remove references from the vault API
• [a2ad9f5] Crypto: remove all redundant serialization in remote vault for I-DKG
• [7feca89] Execution,Runtime: Add logic to execute subnet messages in inner round loop

## Chores:

• [42b5507] Crypto: remove unused crates and bump crates starting with a
• [ca9c2ba] Execution(fuzzing): remove serialization roundtrip for mgmt canister candid args fuzzers
• [ba4281f] Networking(consensus_manager): remove bincode in favor of protobufs
• [8dd5cd0] Networking(quic-transport): Add metric for CWND

## Refactoring:

• [4ca91f6] Networking: remove old p2p statesync code

## Other changes:

• [8db486b] General(crypto): Upgrade k256 to 0.13.2
• [e6c969b] General(crypto): Remove openssl as in/direct dependency (still keeping openssl-sys)
• [feb867c] General: Prevent spurious build_info_build rebuilds
• [721352c] General: Update metrics-proxy to address dependency issues created by its inclusion.
• [0b0f75b] General: upgrade sns-quil: 0.4.0 → 0.4.2-beta.1
• [aa4647f] Execution,Runtime: Revert “fix: broken invariant on canister”
• [fcb42ce] IDX: Add the ability to test the size of the compressed wasm canisters
• [0494297] IDX: disable separate static openssl builds
• [0eeeee8] IDX(container-run): bind-mount /tmp
• [709c0a6] IDX: reset the value for problematic flag for all profiles.
• [de74dc3] IDX(json.wasm): BD issue [hotfix]
• [ed69710] IDX: add buildifier user
• [41b5b68] IDX: fix Update rules_rust to v0.32.0
• [9748cae] IDX: update rules_rust to v0.31.0
• [734fe50] IDX(container-run): bind-mounts for uid != 1000
• [0fb2fe4] Interface(protobuf): Remove duplicate proto definitions of signatures in xnet
• [b53c7ff] Node: Updating container base images refs [2023-11-28-0933]
• [559ee34] Node: Fix the nftables rules added by metrics-proxy so they allow nftables to start.
• [d1764b1] Node: Updating container base images refs [2023-11-24-0938]

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/087190165198a9dc7b3c9cf80e0812c0c03964c6/gitlab-ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c 087190165198a9dc7b3c9cf80e0812c0c03964c6

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

Reviewers for the CodeGov project have completed our review of this replica update.

Proposal ID: 126293
Vote: ADOPT
Full report: CodeGov portal on DSCVR

At the time of this comment on the forum there are still 2 days left in the voting period, which means there is still plenty of time for others to review the proposal and vote independently.

We had several very good reviews of the Release Notes on these proposals by @Zane, @cyberowl, @ZackDS, @massimoalbarello, and @ilbert. The IC-OS Verification was also performed by @Gekctek and @tiago89. I recommend folks talk a look and see the excellent work that was performed on these reviews by the entire CodeGov team. Feel free to comment here if you have any questions or suggestions.

RECRUITING NOTE:
The CodeGov Project is offering attractive bounty payments to experienced Rust developers who are interested in spending a few hours each week reviewing Replica Version Management proposals, which are code changes that are submitted to the Internet Computer Protocol (ICP) governance system for adoption or rejection. We do this through IC-OS Verification and by performing a sanity check on the Release Notes. Our votes are cast according to the findings of our reviewers. Proposals are usually submitted on a Friday and we complete our reviews within 48 hours. Each reviewer posts a summary of their findings in the CodeGov portal on DSCVR and the bounty payment is made using the tipping feature of DSCVR with ckBTC equivalent to USD. The bounty is always announced in this bounty payment post on the portal and the deliverables for each review can be found on the codegov.org website. It is a requirement to Apply on the codegov.org website and to complete either Form W-9 or Form W-8BEN in order to get paid the bounty. Please send me a DM or an email at codegov.org@gmail.com if you would like to discuss this opportunity further.

Here are a few highlights from the CodeGov reviews this week…

@ZackDS commented “The new categorization of the release notes in the proposal summary is very nice and makes it easier to follow.”

@Zane indicated…
[6b292dc]
call method of QueryService now returns a bad request status code if the calling canister isn’t the management canister and the canister id is not equal to the effective id.
Not sure how it relates to the described fix.

@zane indicated…
[54e6ab6]
Increased MAX_MESSAGE_SIZE_BYTES from 8 to 128MBs, QuicTransport struct has seen minor modifications: rt field is now an immutable reference to tokio runtime handle instead of a copy and the router is no longer an optional value, most lines changed are related to updating the code to the new interface.
It matches the description, the one in the dashboard only mentions the size increase but the detailed one contains all the changes.

@cyberowl found a small grammar issue in [d16296c] and reported it here.

@massimoalbarello commented…
[d16296c] added logic to persist page deltas in an overlay file, together with the related storage metrics. Found incomplete documentation (nothing important) and reported it here.

@massimoalbarello indicated…
[6b292dc] not sure how the changes fix what is described. I asked for more info here.

@ilbert left a question on GitHub about why the rate limit has been removed in [e920a65]

@ilbert left a comment on GitHub about a typo in [d16296c]

@ilbert left a comment on GitHub about a typo in [54e6ab6]

@ilbert left two comments here and here about typos in [7feca89]