EOSIO Contracts v1.5.0 Release Notes
This release includes an unintentional backwards incompatible change to the eosio.system ABI which was introduced in the v1.4.0 release. Please use v1.5.1 instead to avoid this specific backwards incompatibility.
All contracts
Changes related to the new eosio.cdt dependency
The minimum dependency on eosio.cdt is now v1.4.x. The 1.4 version of eosio.cdt will now generate eosio::abi/1.1 version-compatible ABIs, and therefore all contracts in this release (whether their source has been updated or not) will generate different ABI files compared to the previous release.
Version 1.1 of EOSIO ABIs support binary extensions (EOSIO/eos#5600) and variants (EOSIO/eos#5599). The ABI serialization/deserialization libraries contained within nodeos and cleos have supported version 1.1 of EOSIO ABI since the v1.3.0 release of eosio. Tools/libraries such as abieos and eosjs2 have also been updated to support version 1.1 of EOSIO ABI.
Keep in mind that other tools may still only have support for version 1.0 of EOSIO ABI, and these tools might have problems interacting with the contracts in this release deployed with version 1.1 of the generated ABI file. If the tools are permissive enough to accept an ABI version string of eosio::abi/1.x (where x can be any digit), then the tools will likely not have any problems pushing actions to or getting tables from any of the contracts in this release other than eosio.msig. However, the eosio.msig contract source has been modified to use binary extensions for the eosio.msig::approve action, and so tools that only understand version 1.0 of EOSIO ABI will likely have problems pushing the eosio.msig::approve action.
Changes related to the new eosio dependency
The minimum dependency on eosio is now v1.4.x. The 1.4 release of eosio is set up to allow CMake find_package to be used by other projects (such as eosio.contract) that need to use it as a dependency. With this release, eosio.contracts has been updated (#119) to just use find_package in its build system for both the eosio.cdt and eosio dependencies. Therefore, this release of eosio.contract will no longer build with eosio v1.3.x.
System contract
Improvements to the assertion checks in eosio::init (#114).
Multisig contract
The eosio.msig::approve action arguments have been augmented with a binary extension to optionally take a proposal_hash (of the builtin checksum256 ABI type) and check that against the hash of the current proposed transaction (i.e. the transaction ID of the proposed transaction) prior to approval (#121). Due to the use of binary extensions, the new eosio.msig::approve action is backwards compatible with any smart contract that may be sending it as an inline action or including it in a sent deferred transaction. It should also be backwards compatible with any tools that push the eosio.msig::approve action (such as cleos) as long as the tool supports EOSIO ABI version 1.1.
Users are recommended to use the new proposal_hash argument of the eosio.msig::approve action when approving proposed transactions to avoid being vulnerable to issues like the one discussed in #87. The JSON representation of the eosio.msig::approve action payload simply needs to have the proposal_hash field set to a string consisting of transaction ID (as a hex string) of the proposed transaction that the user believes they are approving. If the proposal_hash does not match, the transaction will fail and the approval will not occur. While it is possible to use tools like cleos push action to do this now (assuming the new eosio.msig was deployed), it is not convenient and requires manually calculating the SHA256 hash of the packed_transaction in the current retrieved proposal. A future release of eosio should enhance the cleos multisig sub-commands to make it much easier to use this new feature.
Dependencies
This release depends on eosio.cdt v1.4.x and eosio v1.4.x. To compile the contracts in this release, first build and install eosio.cdt v1.4.0 and eosio v1.4.3.