# unicorn-binance-local-depth-cache Change Log All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). [Discussions about unicorn-binance-local-depth-cache releases!](https://github.com/oliver-zehentleitner/unicorn-binance-local-depth-cache/discussions/categories/releases) [How to upgrade to the latest version!](https://oliver-zehentleitner.github.io/unicorn-binance-local-depth-cache/readme.html#installation-and-upgrade) ## 2.8.1.dev (development stage/unreleased/unstable) ## 2.8.1 ### Added - build_wheels.yml: CIBW_ARCHS_LINUX: "x86_64 aarch64" CIBW_ARCHS_MACOS: "x86_64 arm64 universal2" CIBW_ARCHS_WINDOWS: "AMD64" CIBW_MUSLLINUX_X86_64_IMAGE: "musllinux_1_1" ### Changed - Moved from https://github.com/LUCIT-Systems-and-Development/ to https://github.com/oliver-zehentleitner ### Removed - LUCIT Licensing Manager ## 2.8.0 ### Changed - `get_list_of_depth_caches()` is deprecated, use `get_list_of_depthcaches()` instead! From now on, only active DepthCaches are returned! - `stop_depthcache()` removes asks and bids, but the rest of the DepthCache remains. ## 2.7.0 ### Changed - Holding the thread lock is now in the more abstract functions. ### Fixed - 'Uncontrolling growth of elements in lists of asks and bids in Depth Cache Manager' [issue#45](https://github.com/oliver-zehentleitner/unicorn-binance-local-depth-cache/issues/45) Thanks to [@chubatrik](https://github.com/chubatrik) for finding and reporting it! - 'error' and 'result' messages are now processed separately with corresponding log levels. - In `_get_book_side()` only the thread lock of 'bid' was used by mistake, also for 'asks'. This has now been corrected. - 'stop_depth_cache returns "error_msg: stream_id is missing!"' [issue#46](https://github.com/oliver-zehentleitner/unicorn-binance-local-depth-cache/issues/46) ## 2.6.0 ### Added - Counting restarts and logging last restart time in `ubldc.dc_streams`. ## 2.5.0 ### Added - Support of `auto_data_cleanup_stopped_streams` - Passthrough to UBWA. ## 2.4.1 ### Fixed - ValueError in `stop_depthcache()` ## 2.4.0 ### Changed - Rewrite of the init process. Now it is possible to successfully create much more DepthCaches than before! ## 2.3.0 ### Added - Async client functions for interacting with the UNICORN DepthCache Cluster for Binance. ### Fixed - DepthCache management now correctly handles refreshes. ## 2.2.0 ### Added - ***Experimental*** Client functions for interacting with the UNICORN DepthCache Cluster for Binance - Support multiple streams to bypass subscription limit per stream ### Changed - Dropping support for Python 3.7 ### Renamed - 'ubldc.create_depth_cache()' -> 'ubldc.create_depthcache()' - 'ubldc.stop_depth_cache()' -> 'ubldc.stop_depthcache()' ## 2.1.1 ### Fixed - Wrong sort order in `get_asks()` - bug was released with 2.1.0. ## 2.1.0 Stability and performance optimization ### Added - DepthCache specific infos to `print_summary()`. ### Changed - More granular and efficient transfer of update values. - `init_time_window` default value 10 to 5 - `websocket_ping_interval` default value 5 to 10 - `websocket_ping_timeout` default value 15 to 20 ### Fixed - Filtering and removing 0 values now works with all formats. (0.0, 0.000, 0.0000000, ...) - Updates were erroneously applied twice in `_init_depth_cache()`. - Handling all stream signals of UBWA clearly. - RuntimeError in the for loop of `_sort_depth_cache()` ## 2.0.0 Scaling. The core functions have been rewritten in this update. Instead of one stream per depth_cache, we now use one stream up to the max subscription limit of the endpoint and use the new UBWA `asyncio_queue` interface. `get_stream_data_from_asyncio_queue()`. And we avoid bans by complying with Binance weight costs on init. ### Added - Support for "binance.us" - Since UBLDC is delivered as a compiled C extension, IDEs such as Pycharm and Visual Code cannot use information about available methods, parameters and their types for autocomplete and other intellisense functions. As a solution, from now on stub files (PYI) will be created in the build process and attached to the packages. The IDEs can automatically obtain the required information from these. - `ubldc.get_ubwa_manager()` returns the UBWA instance of UBLDC - `ubldc.get_ubra_manager()` returns the UBRA instance of UBLDC - New exceptions: `DepthCacheAlreadyStopped` and `DepthCacheNotFound` ### Changed - The parameter `ubwa_manager` was removed from `BinanceLocalDepthCacheManager()`, because UBLDC has to claim the callback function of the `stream_signals` for itself and has to initialize the instance itself. It is possible to request the active `BinanceWebSocketApiManager()` instance with the new method `ubldc.get_ubwa_manager()`. `ubwa.create_stream()` can be used normally, only the `stream_signals` are only accessible for UBLDC. - Updated description text in all files. ### Fixed - Ip ban when using `create_depth_cache` with many symbols [issue#30](https://github.com/oliver-zehentleitner/unicorn-binance-local-depth-cache/issues/30) - Import in `licensing_manager.py`. - Type of global `logger` variable. ### Security Set higher minimum version `2.4.0` for `unicorn-binance-rest-api` are affected by vulnerabilities in used dependencies! - Dependency `certifi`: - CVE-2023-37920, Score: 9.8 (High) - Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 1.0.1 through 2023.5.7 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. - https://devhub.checkmarx.com/cve-details/CVE-2023-37920/ - Dependency `cryptography`: - CVE-2023-38325, Score: 7.5 (High) - The cryptography package versions prior to 41.0.2 for Python mishandles SSH certificates that have critical options. - https://devhub.checkmarx.com/cve-details/CVE-2023-38325/ - CVE-2023-49083, Score: 7.5 (High) - Cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This issue affects versions 3.1 through 41.0.5. - https://devhub.checkmarx.com/cve-details/CVE-2023-49083/ - CVE-2023-50782, Score: 7.5 (High) - A flaw was found in the python cryptography package versions prior to 42.0.0. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. This issue is an incomplete fix of CVE-2020-25659. - https://devhub.checkmarx.com/cve-details/CVE-2023-50782/ - CVE-2024-26130, Score: 7.5 (High) - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised. - https://devhub.checkmarx.com/cve-details/CVE-2024-26130/ - Dependency `requests`: - CVE-2023-32681, Score: 6.1 (Medium) - Requests is a HTTP library. Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue affects versions 2.3.0 through 2.30.0. - https://devhub.checkmarx.com/cve-details/CVE-2023-32681/ ## 1.0.0 ### Added - Support for Python 3.11 and 3.12 - Integration of the `lucit-licensing-python` library for verifying the UNICORN Binance Suite license. A license can be purchased in the LUCIT Online Shop: https://shop.lucit.services/software/unicorn-binance-suite - License change from MIT to LSOSL - LUCIT Synergetic Open Source License: https://github.com/oliver-zehentleitner/unicorn-binance-local-depth-cache/blob/master/LICENSE - Conversion to a C++ compiled Cython package with precompiled as well as PyPy and source code wheels. - Setup of a "Trusted Publisher" deployment chain. The source code is transparently packaged into wheels directly from the GitHub repository by a GitHub action for all possible platforms and published directly as a new release on GitHub and PyPi. A second process from Conda-Forge then uploads it to Anaconda. Thus, the entire deployment process is transparent and the user can be sure that the compilation of a version fully corresponds to the source code. - `manager.stop_manager()` alias for `manager.stop_manager_with_all_caches()` - Support for `with`-context. ## 0.7.3 ### Fixed - TypeError exception in `_init_depth_cache` [issue#27](https://github.com/oliver-zehentleitner/unicorn-binance-local-depth-cache/issues/27 ## 0.7.2 Codebase equal to 0.7.0, testing azure pipe ## 0.7.1 Codebase equal to 0.7.0, just preparing conda-forge packaging ## 0.7.0 ### Added - Active `high_performance` of UBWA. - Exception handling for REST calls - Improved logging ### Changed - Websocket reconnect intervals - Reduced calls of `market.lower()` ### Removed - Obsolete variable `self.timeout` ## 0.6.0 ### Added - `default_websocket_close_timeout`, `default_websocket_ping_interval`, `default_websocket_ping_timeout` and `websocket_close_timeout`, `websocket_close_timeout`, `websocket_ping_interval` ### Changed - `default_websocket_close_timeout`, `default_websocket_ping_interval`, `default_websocket_ping_timeout` default values is 1, so websockets disconnect very fast, and we recognize "out of sync" very fast. ## 0.5.3 ### Changed - Balanced log levels ### Fixed - KeyError in `stop_depth_cache()` ## 0.5.2 ### Changed - close_timeout=5 in `create_stream()` ### Fixed - `_init_depth_cache()` returns False if `order_book` is False ## 0.5.1 ### Fixed - Wrong proof of `is_stop_request()` ## 0.5.0 ### Added - `_reset_depth_cache()` - `_get_order_book_from_depth_cache()` - `is_stop_request()` ### Changed - Clear stream_buffer on disconnect - Better error handling in `_init_depth_cache()` ### Fixed - `stop_depth_cache()` did not stop its dependent stream and did not clear the stream_buffer - A few error handling's ## 0.4.1 ### Added - Resetting asks and bits on stream_signal DISCONNECT ### Fixing - `requests.exceptions.ConnectionError` exception while fetching the order_book ## 0.4.0 ### Added - `default_update_interval` ### Changes - a few small :) ## 0.3.0 ### Added - threading.Lock(): `self.threading_lock_ask` and `self.threading_lock_bid` ### Added - `set_refresh_request()` ## 0.2.0 ### Added - Binance Futures support (exchange="binance.com-futures") ### Changed - `create_depth_cache()` renamed parameter `market` to `markets`. `markets` can be a str or a list of one or more market symbols - `stop_depth_cache()` renamed parameter `market` to `markets`. `markets` can be a str or a list of one or more market symbols - Renamed `stop_manager()` to `stop_manager_with_all_caches()` ### Removed - `create_depth_caches()` - `stop_depth_caches()` ## 0.1.0 Initial Release!