> ## Documentation Index > Fetch the complete documentation index at: https://docs.dfns.co/llms.txt > Use this file to discover all available pages before exploring further. # MPC signer > Release notes for the DFNS MPC signer: protocol updates, security fixes, and operational improvements. Current release: **v2.17.0**. *January 20th, 2026* **Security:** * Updated to the released `cggmp24` crate including an upstream security fix. **Operational:** * IBM Z (s390x) architecture support added for signer builds. * Key import/export WASM module updated to the latest revision (remains compatible with the prior format). * Removed deprecated MAC options and stray `gmp` dependency; `cggmp` backend is now selectable via a build feature. *October 28th, 2025* **Protocol:** * Migrated to **cggmp24**. The signing protocol previously referenced as `cggmp21` has been renamed and upgraded to its latest revision. Reference implementations of components used in this upgrade are published through the [Hyperledger Lockness](https://github.com/LFDT-Lockness/cggmp21) project. * ECDSA pre-signatures can no longer be used with HD derivation or raw signing. * Stark signing is now rejected at signer initialization. **Key import/export:** * `KeyImportResponse` now includes the chain code for HD-derived keys. * Key import/export remains compatible with the prior WASM module format. **Operational:** * HD wallet support added to KU23 full signing. * Replay protection re-enabled on signing requests. * Incoming client certificates are verified to match the server's organization. Subject CN check is optional and configurable. * New CLI option to disable client cert verification. * Build base updated to Rust 1.89. *August 13th, 2025* **Protocol:** * Patched `cggmp21` dependency. *July 25th, 2025* **Healthcheck:** * Healthcheck server migrated to HTTP, with shared cert validity and HTTP response helpers. * CA cert validity is now also checked. **Operational:** * Migration scripts added with automatic migration number deduction. * Build base updated to Rust 1.88 / Rust 2024 edition. * S3 bucket uploads now always compute the checksum. *May 21st, 2025* **Storage:** * Postgres support added with a Postgres fallback. * Redis dependency removed. **Signing:** * HD derivation enabled for EdDSA keys. * Key import/export: FrostBitcoin support added. **Operational:** * New key rotation subcommand. * tDH (threshold Diffie–Hellman) implementation added, with a new key share type. *January 24th, 2025* **Backup & restore:** * L4 backup support introduced. L4 backup can be enabled independently of L3. * New backup restore CLI tool with batched, multi-phased operations. * Backup keys can now be read from OpenSSL PEM-DER files. * Backup restore output can be emitted in hex format. **Telemetry:** * W3 Tracing Context propagation across services. * Span instrumentation added to SQL queries, delivery handshake, and secrets manager operations. * Resource attributes can be overridden via OTel exporter config. *September 30th, 2024* **Signing:** * Bitcoin Schnorr: HD derivation and taproot support added. * KU23 pre-signatures batching introduced for higher throughput. * Stark pre-signatures added. * KU23 pre-signatures are now insensitive to participant identity ordering. **Cluster operations:** * Added the ability to copy key shares to a smaller cluster. * Cluster info is now required for commands that previously assumed cluster awareness. * Removed the standalone `generate` command — keys are now generated on startup (configurable via feature flags). * Added a `get-public-identity` subcommand. **Reliability:** * Graceful shutdown on SIGINT/SIGTERM. * TLS key handling and dev-cert flows reworked. **Telemetry:** * New `TRACECONTEXT_PROPAGATORS_HEADER` setting. *July 17th, 2024* First release of the MPC Clusters signer tracked in this changelog.