Add release notes for v2.2.2 (#2232)

Add release notes for v2.2.2

Signed-off-by: David Enyeart <enyeart@us.ibm.com>

release_notes/v2.2.2.md

@@ -1,26 +1,17 @@
 v2.2.2 Release Notes - Date TBD
 =========================================
 
-What's New in Hyperledger Fabric v2.2.2
----------------------------------------
-
-
 Fixes
 -----
 
-**FAB-18192: orderer certificate update - consenter cert validation fails when
-MSP is not part of existing configuration**
+**peer and orderer - Always Finalize the PKCS#11 FindObject Operation**
 
-v2.2.0 introduced validation of the consenter certificates against the orderer
-MSP configuration when adding a node to the consenters set. However, it
-did not allow for updating the consenters set using new MSP configuration
-included in a single config update and required two separate updates - one for
-the MSP configuration and then one for the consenter that referenced the new
-MSP configuration. This fix resolves this by validating new consenter certs
-against the simulated config to ensure it factors in any simultaneous
-config updates.
+In certain error paths, a PKCS#11 session was not finalized, leaving the session
+in a locked state so that it could not be reused.
+This fix finalizes session handles even in error paths, so that the session can be reused
+by subsequent calls.
 
-**FAB-18308: Restore support for MSPs that contain RSA certificate authorities**
+**FAB-18308: peer and orderer - Restore support for MSPs that contain RSA certificate authorities**
 
 While Fabric has never supported RSA for transaction signatures or validation,
 certificate authorities included in MSP definitions could be associated with
@@ -29,6 +20,68 @@ release 2.0 and prevented migration of some networks to a 2.x version. With
 these changes, version 2.x components will no longer panic when attempting to
 initialize MSPs that include CA certificates associated with RSA keys.
 
+**orderer - Allow tick interval override via orderer.yaml**
+
+If a raft network becomes unstable, sometimes, adjusting the tick
+interval duration can be effective to restore it. However, the tick interval is
+stored in the channel configuration, so if the network is not operational,
+modifying it is very challenging. This fix adds Consensus.TickIntervalOverride
+option to orderer.yaml configuration, allowing the channel configuration parameter
+to be overridden from the local configuration.
+
+**FAB-18192: orderer - Consenter certificate validation fails when MSP is not part of existing configuration**
+
+If adding an organization MSP and a Raft consenter in the same configuration update transaction, validation fails
+with error "consensus metadata update for channel config update is invalid" "certificate signed by unknown authority".
+This fix adds logic to verify consenters based on the updated set of organization MSP root CAs.
+
+**FAB-18244: orderer - Single node orderer will not start due to inconsistent state**
+
+If using a single node orderer, it was possible to get into an inconsistent state where
+a Raft WAL snapshot was taken but an in-flight block at the associated height is not yet written.
+This fix resolves the inconsistent state by writing the last block, so that the
+single node orderer can start.
+
+**orderer - Remove duplicate orderer server TLS root CAs**
+
+This fix reduces processing overhead when an ordering service node participates
+in many channels.
+
+**FAB-18298: orderer - Default values for General.Cluster.ClientCertificate and General.Cluster.ClientPrivateKey**
+
+If orderer.yaml configuration options
+`General.Cluster.ClientCertificate` and `General.Cluster.ClientPrivateKey` are not set,
+default them to the server `General.TLS.Certificate` and `General.TLS.PrivateKey` values
+when the orderer is not configured to use a separate cluster port.
+This change simplifies orderer node configuration by not requiring the client certificates to be explicitly set.
+
+**peer - incorrect handling of values set to empty byte array in node chaincode**
+
+Peer should handle key values set to nil or empty byte arrays as a delete of the key.
+While the behavior worked as expected when using Go chaincode and Java chaincode, if using
+node chaincode it did not work correctly when setting key values to empty byte arrays.
+This fix ensures that peer will interpret empty byte arrays as deletes even for node chaincodes.
+If using node chaincode with private data, if you had set private data values to an empty byte array,
+the private data hash would have been committed incorrectly to the state database.
+To repair the state database, after applying the fix, with the peer stopped,
+request that the state database be rebuilt by calling "peer node rebuild-dbs"
+or by deleting the state database. Upon the next start, the peer will rebuild the state
+database from the already processed block store.
+If subsequent transactions had referenced the existence of such a private data hash by
+calling GetPrivateDataHash, then the subsequent transactions may have been
+processed incorrectly and the peer will need to additionally reprocess blocks,
+which can be triggered by calling "peer node reset" instead of "peer node rebuild-dbs".
+If using regular channel data only and not private data, the empty byte array will
+not have been committed, and therefore no action is required on the peer beyond applying the fix.
+
+
+Dependencies
+------------
+Fabric v2.2.2 has been tested with the following dependencies:
+* Go 1.14.12
+* CouchDB v3.1.1
+
+
 Deprecations (existing)
 -----------------------