# Enclave upgrades

This page describes an important update for the Ripple Custody decryption server and Enclave environments for both GCP and AWS. This update is designed to improve performance, security, and the overall stability of our services.

Although this update is not tied to any particular version of Ripple Custody, we are releasing this following the release of Ripple Custody version 1.21.

Important note about infrastructure upgrade:
Please read the [Important Upgrade Information](#important-upgrade-information) below, as certain customers — specifically customers on AWS Enclave 0.7.x or older — require a mandatory update by **July 11, 2025**.

## GCP Enclaves: Version 0.4.1

The new version for GCP Enclaves (0.4.1) introduces the following:

* **Ripple TLS root CA support:** We've added support for Ripple's TLS root CA as a trusted CA, enhancing secure communication.
* **Time synchronization daemon:** We've added a new time synchronization daemon for improved time accuracy within the enclaves.
Toolchain and dependency updates: We've updated our toolchain and dependencies to the latest versions.
* **Linux Kernel update:** We've updated the Linux kernel from 6.5.0 to 6.8.0, bringing performance and security benefits.


## AWS Enclaves: Version 0.10.0

The new version for AWS Enclaves (0.10.0) includes:

* **Ripple TLS root CA support:** Similar to GCP, we've added support for Ripple's TLS root CA as a trusted CA.
* **Time synchronization daemon:** We've added a new time synchronization daemon for improved time accuracy.
* **Toolchain and dependency updates:** We've updated our toolchain and dependencies.
* **Alpine version upgrade:** We've upgraded to the latest Alpine version 3.21.3.
* **Podman version update:** We've updated the Podman version to 5.3.2.
* **Datastore improvement:** We've implemented a fix in the datastore to trim trailing/leading spaces from encrypted contract tokens, which will help avoid common user errors.


## Important upgrade information

### AWS Enclave upgrade requirements

* **Mandatory upgrade for AWS Enclave 0.7.x users:** If you're currently using AWS Enclave 0.7.x or older, you must upgrade to AWS Enclave 0.10.0 before **July 11, 2025**.
* **Recommended upgrade for AWS Enclave 0.9.x users:** We strongly encourage customers using AWS Enclave 0.9.x to upgrade to AWS Enclave 0.10.0. This upgrade will enable your enclaves to operate with zero downtime when we migrate our decryption server to a certificate signed by Ripple's TLS root CA.


### GCP Enclave upgrade recommendation

* **Recommended upgrade for GCP Enclave users:** We also encourage all customers to update their GCP enclaves to version 0.4.0. This will provide the same benefit of zero downtime operation when our decryption server migrates to a certificate signed by Ripple's TLS root CA.


## Activation and support

As always, Ripple takes great care in testing its applications and ensuring that there are no regressions or breaking changes. We're confident that these updates will significantly enhance the reliability and security of your operations.

For detailed upgrade instructions or if you have any questions or require assistance with the upgrade process:

- Refer to our documentation or
- Contact our Support team by creating a ticket on our Support Portal or
- Contact your Customer Partner Engineer (CPE) if you have any questions or require assistance with the upgrade process.


For detailed information about previous versions, refer to the respective version's change history.