Voting is open for a new IC release - 3b5d893

Hello there!

we are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: IC NNS Proposal 63228.

There are lots of exciting new features and bugfixes. Here is a more complete list of changes:

* Consensus: Add canister http pool manager
* Consensus: Fix for node membership check in tECDSA
* Consensus: Implement CanisterHttpPayloadBuilder
* Consensus: IngressManager always builds payloads that pass size validation even after serialization
* Consensus: Start delivering responses associated with canister http to execution
* Consensus: Update ECDSA Payload Verifier
* Crypto: Generate serial for TLS certificate directly in generate_tls_key_pair instead of taking it as param
* Execution: Refactor execute_response
* Execution: Refactoring: support multiple `TxIn`/`TxOut`'s within one bitcoin transaction in `TransactionBuilder`.
* Message Routing: Add NNS function and admin proposals for canister migration
* Message Routing: Add registry canister methods for migrations
* Networking: Add a global concurrency limit for the read_state, status and dashboard endpoints
* Networking: Remove tokio::main from rs/replica/src/
* Networking: Set the prost crate version to 0.10.4
* Node: Create extra disk- and update-image archives with Zstandard (zstd) compression
* Node: Force wiping signatures on LVs created at boot
* Node: Generate 'generic-guest-os' images with Zstandard (zstd) compression
* Node: Make unconfined_t permissive for now
* Node: SELinux fix around machine-id
* Node: SELinux fixes for ic_canister_sandbox
* Node: Various SELinux fixes
* Orchestrator: remove idkg key update mechanism
* Runtime: Get ECDSA queue size from Registry
* Runtime: Limit wasm code complexity
* Various bug fixes and test updates

And a complete list of changes can of course be found on GitHub.
Please reply to this message if you have any questions or comments.


We just proposed a small fix on top of the above release:

ToniqLabs has accidentally broken one of their NFT canisters by setting the freezing threshold of the canister too high. Now the canister is frozen and they cannot lower the threshold because the replica tries to charge fee for the UpdateSettings message and fails.
We will apply a fix on subnet 6pbhf to unblock ToniqLabs and we’re internally discussing whether (security wise) we can make the change permanently, for all subnets from now on.