There are lots of exciting new features and bugfixes.
A particular highlight is the enablement of verity for an additional security protection.
With verity, the entire IC-OS system is now cryptographically integrity-protected. This covers the entire running code (both IC software as well as underlying operating system) as well as deployed configuration. Integrity is continuously checked at runtime, and any attempt at tampering is detected.
Here is a more complete list of changes:
* Consensus: Purge inactive transcripts * Crypto: Delete AllowClients certs field * Crypto: Make tECDSA Polynomial::random infallible * Crypto: Move conversions from ic-crypto utils-threshold-sig to ic-crypto-utils-threshold-sig-der * Crypto: Remove OpenSSL support from TlsStream * Crypto: Remove obsolete OpenSSL TLS integration tests * Crypto: Remove unused add_node_record from TlsRegistry * Crypto: Update rand dependency to 0.8 in ic-nns-governance and ic-nns-gtc * Crypto: Upgrade cycles-minting-canister's rand to 0.8 * Crypto: implement NAF representation for `EccScalar`s and NAF LUT based point multiplication * Crypto: make EccScalar::random infallible * Execution: Postpone charging for allocation when long running execution is in progress * Message Routing: Added an iterator to time out requests in OutputQueue. * Message Routing: Initialize StateLayout subdirs statically at startup * Message Routing: Make manifests immutable and cheap to clone * Message Routing: Only access tip from State Manager * Message Routing: Remove fs_tmp at startup * Node: Revert earlier timeout attempt * Orchestrator: Fetch the entire registry from ic.json5 NNS URLs * Orchestrator: Registry Replicator Metrics * Orchestrator: ic-recovery: fix hash selection for the blessing proposal * Runtime: Disable DTS if sandboxing is disabled in state machine tests * Runtime: Fix index calculation/reporting for rosetta ledger sync * Runtime: Full support of DTS in `install_code` * Runtime: Increase compilation cost * Runtime: Increase function limit * Runtime: Re-enable compute allocation * Runtime: Refactor task queue getters * Runtime: Remove stale invariant from registry invariants * Runtime: Rewrite update call DTS to use the helper pattern * Runtime: Separate update and replicated query execution * Runtime: Use slice instruction limit in scheduler
And a complete list of changes can of course be found on GitHub.
Please reply to this message if you have any questions or comments.