Merge branch 'main' into pow-dep

docs/private-networks/concepts/node-sync-private.md

@@ -24,9 +24,9 @@ Select the sync mode based on your network's requirements and node purposes.
 
 | Sync mode                                                                            | Description                                                                                                                                                                         | Requirements | Limitations |
 |--------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|-------------|
-| [Snap](../../public-networks/concepts/node-sync.md#snap-synchronization)             | Recommended for fastest sync and lowest storage requirements on Mainnet. Downloads as many leaves of the trie as possible and reconstructs the trie locally. Faster than fast sync. | Available as an _early access feature_ in Besu version 24.7.1 or later | Cannot switch from fast sync to snap sync mid-process. |
+| [Snap](../../public-networks/concepts/node-sync.md#snap-synchronization)             | Recommended for fastest sync and lowest storage requirements on Mainnet. Downloads as many leaves of the trie as possible and reconstructs the trie locally. Faster than fast sync. | Besu version 24.3.0 or later | Cannot switch from fast sync to snap sync mid-process. |
 | [Checkpoint](../../public-networks/concepts/node-sync.md#checkpoint-synchronization) | Syncs from a specific checkpoint block configured in the genesis file. Fastest sync mode with lowest storage requirements.                                                          | Besu version 22.4.3 or later | Not supported for QBFT or IBFT 2.0 networks without a checkpoint configuration. |
-| [Fast](../../public-networks/concepts/node-sync.md#fast-synchronization)             | Downloads block headers and transaction receipts, verifies chain from genesis block.                                                                                                | None | Not supported with private transactions. |
+| [Fast](../../public-networks/concepts/node-sync.md#fast-synchronization-deprecated)             | Downloads block headers and transaction receipts, verifies chain from genesis block.                                                                                                | None | Deprecated. Not supported with private transactions. |
 | [Full](../../public-networks/concepts/node-sync.md#full-synchronization)             | Default for all private networks. Downloads and verifies the entire blockchain and state from genesis block, building an archive node with full state history.                      | None | Slowest sync mode, requires the most disk space. |
 
 :::warning Early access feature 

docs/private-networks/concepts/permissioning/onchain.md

@@ -48,7 +48,7 @@ Permissioning implements three allowlists:
 
 Account permissioning is incompatible with [random key signing](../../how-to/use-privacy/sign-pmts.md) for [privacy marker transactions](../privacy/private-transactions/processing.md).
 
-If using account permissioning and privacy, a signing key must be specified using the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file) command line option and the corresponding public key included in the accounts allowlist.
+If using account permissioning and privacy, a signing key must be specified using the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated) command line option and the corresponding public key included in the accounts allowlist.
 
 :::
 

docs/private-networks/concepts/privacy/private-transactions/index.md

@@ -72,7 +72,7 @@ The following private transaction flow illustrates when nonce validation occurs:
 
 1. Submit a private transaction with a [nonce value](#private-transaction-nonce).
 1. The private transaction is distributed to all participants in the privacy group.
-1. The PMT is created and submitted to the transaction pool with a nonce of `0` if using one-time accounts. If using a specific account with [`--privacy-marker-transaction-signing-key-file`](../../../reference/cli/options.md#privacy-marker-transaction-signing-key-file), the public nonce for that account is obtained and used for the PMT.
+1. The PMT is created and submitted to the transaction pool with a nonce of `0` if using one-time accounts. If using a specific account with [`--privacy-marker-transaction-signing-key-file`](../../../reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated), the public nonce for that account is obtained and used for the PMT.
 1. The PMT is mined and included in the block.
 1. After the block containing the PMT is imported, and the PMT is processed, the private transaction is retrieved from the private transaction manager and executed.
 

docs/private-networks/get-started/start-node.md

@@ -107,7 +107,7 @@ You might need to set [`--tx-pool-limit-by-account-percentage`](../../public-net
 
 :::note Sync nodes for BFT
 
-If you're running a node on a [QBFT](../how-to/configure/consensus/qbft.md) or [IBFT 2.0](../how-to/configure/consensus/ibft.md) network, your node must use [fast sync](../../public-networks/concepts/node-sync.md#fast-synchronization) or [full sync](../../public-networks/concepts/node-sync.md#full-synchronization). 
+If you're running a node on a [QBFT](../how-to/configure/consensus/qbft.md) or [IBFT 2.0](../how-to/configure/consensus/ibft.md) network, your node must use [fast sync](../../public-networks/concepts/node-sync.md#fast-synchronization-deprecated) or [full sync](../../public-networks/concepts/node-sync.md#full-synchronization). 
 
 Full sync is set by default.
 

docs/private-networks/how-to/configure/tls/client-and-server.md

@@ -120,10 +120,10 @@ besu --privacy-tls-enabled --privacy-tls-keystore-file=/Users/me/my_node/keystor
 
 The command line:
 
-- Enables TLS with the server using the [`--privacy-tls-enabled`](../../../reference/cli/options.md#privacy-tls-enabled) option.
-- Specifies the keystore using the [`--privacy-tls-keystore-file`](../../../reference/cli/options.md#privacy-tls-keystore-file) option.
-- Specifies the file that contains the password to decrypt the keystore using the [`--privacy-tls-keystore-password-file`](../../../reference/cli/options.md#privacy-tls-keystore-password-file) option.
-- Specifies the trusted servers using the [`--privacy-tls-known-enclave-file`](../../../reference/cli/options.md#privacy-tls-known-enclave-file) option.
+- Enables TLS with the server using the [`--privacy-tls-enabled`](../../../reference/cli/options.md#privacy-tls-enabled-deprecated) option.
+- Specifies the keystore using the [`--privacy-tls-keystore-file`](../../../reference/cli/options.md#privacy-tls-keystore-file-deprecated) option.
+- Specifies the file that contains the password to decrypt the keystore using the [`--privacy-tls-keystore-password-file`](../../../reference/cli/options.md#privacy-tls-keystore-password-file-deprecated) option.
+- Specifies the trusted servers using the [`--privacy-tls-known-enclave-file`](../../../reference/cli/options.md#privacy-tls-known-enclave-file-deprecated) option.
 
 <!-- Links -->
 

docs/private-networks/how-to/use-permissioning/local.md

@@ -100,7 +100,7 @@ Account allowlisting is at the node level. That is, each node in the network has
 
 Account permissioning is incompatible with [random key signing](../use-privacy/sign-pmts.md) for [privacy marker transactions](../../concepts/privacy/private-transactions/processing.md).
 
-If using account permissioning and privacy, a signing key must be specified using the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file) command line option and the corresponding public key included in the accounts allowlist.
+If using account permissioning and privacy, a signing key must be specified using the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated) command line option and the corresponding public key included in the accounts allowlist.
 
 :::
 

docs/private-networks/how-to/use-permissioning/onchain.md

@@ -50,7 +50,7 @@ If you change your network configuration, you may need to update the node allowl
 
 ## Specify the permissioning contract interface version
 
-Use the [`--permissions-nodes-contract-version`](../../reference/cli/options.md#permissions-nodes-contract-version) command line option to specify the version of the [permissioning contract interface](../../concepts/permissioning/onchain.md#permissioning-contracts). The default is 1.
+Use the [`--permissions-nodes-contract-version`](../../reference/cli/options.md#permissions-nodes-contract-version-deprecated) command line option to specify the version of the [permissioning contract interface](../../concepts/permissioning/onchain.md#permissioning-contracts). The default is 1.
 
 Specify the contract interface version that maps to the version of the [Enterprise Ethereum Alliance Client Specification](https://entethalliance.org/technical-specifications/) the contract interface implements.
 

docs/private-networks/how-to/use-privacy/flexible.md

@@ -34,7 +34,7 @@ We don't recommend creating flexible privacy groups in a chain with existing [of
 
 ## Enable flexible privacy groups
 
-Use the [`--privacy-flexible-groups-enabled`](../../reference/cli/options.md#privacy-flexible-groups-enabled) command line option to enable [flexible privacy groups](../../concepts/privacy/flexible-privacy.md). When flexible privacy groups are enabled, the [`priv_createPrivacyGroup`](../../reference/api/index.md#priv_createprivacygroup), [`priv_deletePrivacyGroup`](../../reference/api/index.md#priv_deleteprivacygroup), and [`priv_findPrivacyGroup`](../../reference/api/index.md#priv_findprivacygroup) methods for [offchain privacy groups](../../concepts/privacy/privacy-groups.md) are disabled.
+Use the [`--privacy-flexible-groups-enabled`](../../reference/cli/options.md#privacy-flexible-groups-enabled-deprecated) command line option to enable [flexible privacy groups](../../concepts/privacy/flexible-privacy.md). When flexible privacy groups are enabled, the [`priv_createPrivacyGroup`](../../reference/api/index.md#priv_createprivacygroup), [`priv_deletePrivacyGroup`](../../reference/api/index.md#priv_deleteprivacygroup), and [`priv_findPrivacyGroup`](../../reference/api/index.md#priv_findprivacygroup) methods for [offchain privacy groups](../../concepts/privacy/privacy-groups.md) are disabled.
 
 ## Simple flexible privacy group example
 

docs/private-networks/how-to/use-privacy/performance-best-practices.md

@@ -50,7 +50,7 @@ For performance and reliability it is advantageous to manage nonces in a statefu
 
 ### Use random senders for privacy marker transactions
 
-To avoid public nonce management, privacy marker transactions can be sent using a [random account per transaction](../../../private-networks/reference/cli/options.md#privacy-marker-transaction-signing-key-file). This option is only available for zero gas networks.
+To avoid public nonce management, privacy marker transactions can be sent using a [random account per transaction](../../../private-networks/reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated). This option is only available for zero gas networks.
 
 ### Avoid queuing transactions in Tessera
 

docs/private-networks/how-to/use-privacy/sign-pmts.md

@@ -14,7 +14,7 @@ Tessera-based privacy is deprecated in Besu version 24.11.0 and later. Please re
 
 :::
 
-You can sign privacy marker transactions (PMTs) with either a random key or a specified key. To sign privacy marker transactions with a specified private key, use [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file) when starting Besu.
+You can sign privacy marker transactions (PMTs) with either a random key or a specified key. To sign privacy marker transactions with a specified private key, use [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated) when starting Besu.
 
 :::note
 
@@ -24,13 +24,13 @@ The private key file can be the same file used by [`--node-private-key-file`](#n
 
 In networks where you pay gas, you must specify a key and the associated account must contain adequate funds.
 
-In [free gas networks](../configure/free-gas.md), to provide further anonymity by signing each privacy marker transaction with a different random key, exclude the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file) command line option when starting Besu.
+In [free gas networks](../configure/free-gas.md), to provide further anonymity by signing each privacy marker transaction with a different random key, exclude the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated) command line option when starting Besu.
 
 :::caution "Using account permissioning and privacy"
 
 You can't use [account permissioning] with random key signing.
 
-If using account permissioning and privacy, a signing key must be specified using the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file) command line option and the corresponding public key included in the accounts allowlist.
+If using account permissioning and privacy, a signing key must be specified using the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated) command line option and the corresponding public key included in the accounts allowlist.
 
 :::
 

docs/private-networks/reference/api/index.md

@@ -1809,7 +1809,7 @@ curl -X POST --data '{"jsonrpc": "2.0","method": "priv_getLogs","params":["vGy/T
 
 ### `priv_getPrivacyPrecompileAddress`
 
-Returns the address of the [privacy precompiled contract](../../concepts/privacy/private-transactions/processing.md). The address is derived and based on the value of the [`privacy-flexible-groups-enabled`](../cli/options.md#privacy-flexible-groups-enabled) option.
+Returns the address of the [privacy precompiled contract](../../concepts/privacy/private-transactions/processing.md). The address is derived and based on the value of the [`privacy-flexible-groups-enabled`](../cli/options.md#privacy-flexible-groups-enabled-deprecated) option.
 
 #### Parameters
 

docs/private-networks/reference/cli/options.md

@@ -141,7 +141,7 @@ permissions-accounts-config-file-enabled=true
 
 Enables or disables file-based account level permissions. The default is `false`.
 
-### `permissions-accounts-contract-address`
+### `permissions-accounts-contract-address` (Deprecated)
 
 <Tabs>
 
@@ -181,7 +181,7 @@ permissions-accounts-contract-address="xyz"
 
 The contract address for [onchain account permissioning](../../concepts/permissioning/onchain.md).
 
-### `permissions-accounts-contract-enabled`
+### `permissions-accounts-contract-enabled` (Deprecated)
 
 <Tabs>
 
@@ -221,6 +221,12 @@ permissions-accounts-contract-enabled=true
 
 Enables or disables contract-based [onchain account permissioning](../../concepts/permissioning/onchain.md). The default is `false`.
 
+:::caution
+
+Onchain permissioning is deprecated in Besu version 24.11.0 and later. Please read this [blog post](https://www.lfdecentralizedtrust.org/blog/sunsetting-tessera-and-simplifying-hyperledger-besu) for more context on the rationale behind this decision as well as alternative options.
+
+:::
+
 ### `permissions-nodes-config-file`
 
 <Tabs>
@@ -307,7 +313,7 @@ permissions-nodes-config-file-enabled=true
 
 Enables or disables file-based node level permissions. The default is `false`.
 
-### `permissions-nodes-contract-address`
+### `permissions-nodes-contract-address` (Deprecated)
 
 <Tabs>
 
@@ -347,7 +353,7 @@ permissions-nodes-contract-address="xyz"
 
 The contract address for [onchain node permissioning](../../concepts/permissioning/onchain.md).
 
-### `permissions-nodes-contract-enabled`
+### `permissions-nodes-contract-enabled` (Deprecated)
 
 <Tabs>
 
@@ -387,7 +393,13 @@ permissions-nodes-contract-enabled=true
 
 Enables or disables contract-based [onchain node permissioning](../../concepts/permissioning/onchain.md). The default is `false`.
 
-### `permissions-nodes-contract-version`
+:::caution
+
+Onchain permissioning is deprecated in Besu version 24.11.0 and later. Please read this [blog post](https://www.lfdecentralizedtrust.org/blog/sunsetting-tessera-and-simplifying-hyperledger-besu) for more context on the rationale behind this decision as well as alternative options.
+
+:::
+
+### `permissions-nodes-contract-version` (Deprecated)
 
 <Tabs>
 
@@ -475,7 +487,7 @@ For proof-of-stake and proof-of-work networks, see
 [`--block-txs-selection-max-time`](../../../public-networks/reference/cli/options.md#block-txs-selection-max-time).
 :::
 
-### `privacy-enabled`
+### `privacy-enabled` (Deprecated)
 
 <Tabs>
 
@@ -515,13 +527,19 @@ privacy-enabled=false
 
 Enables or disables [private transactions](../../concepts/privacy/index.md). The default is `false`.
 
+:::caution
+
+Tessera-based privacy is deprecated in Besu version 24.11.0 and later. Please read this [blog post](https://www.lfdecentralizedtrust.org/blog/sunsetting-tessera-and-simplifying-hyperledger-besu) for more context on the rationale behind this decision as well as alternative options.
+
+:::
+
 :::important
 
 Using private transactions with [pruning](../../../public-networks/concepts/data-storage-formats.md) or [fast sync](../../../public-networks/reference/cli/options.md#sync-mode) is not supported.
 
 :::
 
-### `privacy-marker-transaction-signing-key-file`
+### `privacy-marker-transaction-signing-key-file` (Deprecated)
 
 <Tabs>
 
@@ -574,7 +592,7 @@ You must specify this option if you're using:
 
 If you do not specify this option (for example, in a free gas network), Besu signs each transaction with a different randomly generated key.
 
-### `privacy-multi-tenancy-enabled`
+### `privacy-multi-tenancy-enabled` (Deprecated)
 
 <Tabs>
 
@@ -614,7 +632,7 @@ privacy-multi-tenancy-enabled=false
 
 Enables or disables [multi-tenancy](../../concepts/privacy/multi-tenancy.md) for private transactions. The default is `false`.
 
-### `privacy-flexible-groups-enabled`
+### `privacy-flexible-groups-enabled` (Deprecated)
 
 <Tabs>
 
@@ -656,7 +674,7 @@ Enables or disables [flexible privacy groups](../../concepts/privacy/flexible-pr
 
 Deprecated syntax for this option is `--privacy-onchain-groups-enabled`.
 
-### `privacy-public-key-file`
+### `privacy-public-key-file` (Deprecated)
 
 <Tabs>
 
@@ -698,11 +716,11 @@ The [public key of the Tessera node](https://docs.tessera.consensys.net/).
 
 :::important
 
-You cannot specify `privacy-public-key-file` when [`--privacy-multi-tenancy-enabled`](#privacy-multi-tenancy-enabled) is `true`
+You cannot specify `privacy-public-key-file` when [`--privacy-multi-tenancy-enabled`](#privacy-multi-tenancy-enabled-deprecated) is `true`
 
 :::
 
-### `privacy-tls-enabled`
+### `privacy-tls-enabled` (Deprecated)
 
 <Tabs>
 
@@ -742,7 +760,7 @@ privacy-tls-enabled=false
 
 Enables or disables [TLS on communication with the private transaction manager]. The default is false.
 
-### `privacy-tls-keystore-file`
+### `privacy-tls-keystore-file` (Deprecated)
 
 <Tabs>
 
@@ -782,9 +800,9 @@ privacy-tls-keystore-file="/home/me/me_node/key"
 
 The keystore file (in PKCS #12 format) containing the private key and the certificate presented during authentication.
 
-You must specify `privacy-tls-keystore-file` if [`--privacy-tls-enabled`](#privacy-tls-enabled) is `true`.
+You must specify `privacy-tls-keystore-file` if [`--privacy-tls-enabled`](#privacy-tls-enabled-deprecated) is `true`.
 
-### `privacy-tls-keystore-password-file`
+### `privacy-tls-keystore-password-file` (Deprecated)
 
 <Tabs>
 
@@ -824,7 +842,7 @@ privacy-tls-keystore-password-file="/home/me/me_node/password"
 
 The path to the file containing the password to decrypt the keystore.
 
-### `privacy-tls-known-enclave-file`
+### `privacy-tls-known-enclave-file` (Deprecated)
 
 <Tabs>
 
@@ -864,7 +882,7 @@ privacy-tls-known-enclave-file="/home/me/me_node/knownEnclave"
 
 The path to the file containing the hostnames, ports, and SHA256 certificate fingerprints of the [authorized privacy enclave](../../how-to/configure/tls/client-and-server.md#create-the-known-servers-file).
 
-### `privacy-url`
+### `privacy-url` (Deprecated)
 
 <Tabs>