6.4.0

6.4.0 (diff)

Added

• Auto-restore archived Soroban ledger entries in TSS when contract payments fail with entry_archived, instead of marking them as terminal errors. #1099

Changed

• Update automated release to use Claude Code. #1098

Fixed

• Fix make setup default tenant login failing due to reCAPTCHA being enabled by passing the --disable-recaptcha flag during tenant provisioning. #1103
• Change SEP-10 CreateChallenge validation errors to return 400 instead of 500. Change SEP-24 /info to return 400 instead of 500 when tenant context is missing. #1104

Security and Dependencies

• Bump docker/login-action from 4.0.0 to 4.1.0 in the all-actions group. #1100

6.3.0

6.3.0 (diff)

Changed

• Update local dev config to default to v3 with reCAPTCHA disabled. #1081

Fixed

• Fixed memo not being parsed from the SEP-10 token subject when generating SEP-24 tokens, causing it to be silently dropped. #1077

Security

• Add global MaxBodySize middleware (10 MB) to all routes on both the SDP and admin servers to prevent unbounded request body sizes (CWE-770). #1066
• Add XDR size validation (50 KB) to SEP-10 and SEP-45 auth endpoints to prevent XDR memory amplification attacks (CWE-770). #1078
• Bump the npm_and_yarn group across 1 directory with 2 updates. #1093
• Bump the all-actions group across 1 directory with 6 updates. #1086
• Bump soroban-sdk from 22.0.9 to 22.0.11 in /contracts in the cargo group. #1085
• Bump rollup from 4.44.2 to 4.59.0 in the npm_and_yarn group. #1074

6.2.0

6.2.0 (diff)

Added

• Add integration tests for embedded wallets. 1041
• Add endpoint for fetch captcha config. 1052
• Implement reCAPTCHA v3 for receiver registration page. 1053

Changed

• Mirror CI checks in Makefile for local development parity. #1070

Fixed

• Fix short linking is not enabled by default. #1051
• Fix Docker Compose build racing for e2e integration tests. #1054
• Make Circle Transfer Request Insert operation atomic. #1050
• Fix unbounded CSV upload size and pagination page_limit allowing resource exhaustion. #1064
• Check muxed account auth is not infra account in sponsored transaction worker. #1068
• Remove the default "false" value for ENABLE_EMBEDDED_WALLETS. #1049

Security and Dependencies

• Add request body size limit to RPC proxy handler to prevent unbounded memory allocation (CWE-770). #1065
• Bump golang from 1.26rc2-alpine to 1.26rc3-alpine in the all-docker group #1047
• Bump docker/build-push-action from 6.18.0 to 6.19.2 in the all-actions group #1056
• Bump the cargo group across 1 directory with 2 updates #1067
• Bump the minor-and-patch group across 1 directory with 10 updates #1069
• Bump time from 0.3.41 to 0.3.47 in /contracts in the cargo group #1045

6.1.0

6.1.0 (diff)

Fixed

• Fix PatchDisbursementStatus to support API key authentication. #996

Added

• Add Haitian Creole translations for the SEP-24 interactive deposit flow. #994
• Return sender_address in GET /payments and GET /payments/:id endpoints to identify the distribution account used for each payment. #1009
• Add embedded wallet provider #1019

Changed

• Update GET /wallets endpoint to exclude soft-deleted wallets by default. Add optional include_deleted query parameter to include deleted wallets when set to true. #1005
• Update DELETE /wallets/:id endpoint to check if a wallet has pending registrations before deletion. Returns a user-friendly error if the wallet has receiver_wallets in 'DRAFT' or 'READY' status. #1007
• Improve error handling for disbursement field id and paymentId. #1018
• Soft delete "Vibrant Assist" wallet provider. #1021

Security and Dependencies

• Upgrade React to 19.2.3 and @stellar/design-system to 3.2.7 in SEP-24 frontend to address CVE-2025-55184 denial of service and source code exposure vulnerability in React Server Components #988
• Bump soroban-sdk from 22.0.7 to 22.0.9 in /contracts #1036
• Bump lodash from 4.17.21 to 4.17.23 in /internal/serve/sep24frontend/app #1022
• Bump golang from 1.25.5-alpine to 1.26rc2-alpine in the all-docker group #1013
• Bump the all-actions group across 1 directory with 5 updates #1038
• Bump the minor-and-patch group with 5 updates #1012
• Bump the minor-and-patch group with 7 updates #1004
• Bump the minor-and-patch group with 8 updates #990
• Bump the minor-and-patch group with 3 updates #993

6.0.1

6.0.1 (diff)

Fixed

• Fix Twilio error 21656 when sending WhatsApp OTP messages by updating template to single variable format as required by Twilio/Meta's updated authentication template requirements #974

Security and Dependencies

• Bump the all-docker group with 2 updates #976
  • golang from 1.25.4-alpine to 1.25.5-alpine
  • alpine from 3.22 to 3.23
• Bump the minor-and-patch group with 7 updates #977

6.0.0

6.0.0 (diff)

🚨Potential Breaking Changes

• Remove case insensitivity from asset code comparisons #967
• Decommission Anchor Platform and add support for SEP-10 and SEP-24 endpoints in the SDP #834
  • Add SEP10 /auth endpoints
  • Add SEP24 /info endpoints
  • Add SEP24 interactive deposit endpoint
  • Remove Anchor Platform integration from the SDP and deprecate related env variables.

Added

• Add Launch Wizard through make setup command to simplify initial setup and mainnet configuration for docker compose #875
  • Add --env-file command line argument to support multiple environment file contexts #963
• Add HTTPS mode to setup wizard #957
• Add configurable database connection pool settings to prevent idle connection buildup in multi-tenant deployments #932

Changed

• Default Max Open Connections per pool changed from 30 to 20 to prevent idle connection buildup in multi-tenant deployments #932
• Make docker compose environment variables configurable via .env file and add documentation #953
• Update Stellar Go SDK dependency from github.com/stellar/go to github.com/stellar/go-stellar-sdk #956

Fixed

• Fix HTML validation to allow apostrophes in invitation messages while maintaining security against XSS attacks #931
• Refactor to replace float64 with shopspring decimal #936
• channel-accounts ensure command should have a minimum of 1 #939

Security and Dependencies

• Upgrade React to 19.2.1 in SEP-24 frontend to address CVE-2025-66478 and CVE-2025-55182 #968
• Bump the minor-and-patch group with 5 updates #961
• Bump the minor-and-patch group across 1 directory with 12 updates #955
• Bump actions/checkout from 5 to 6 in the all-actions group #954
• Bump js-yaml from 4.1.0 to 4.1.1 in the npm_and_yarn group #947
• Bump golang from 1.25.3-alpine to 1.25.4-alpine in the all-docker group #940
• Bump the minor-and-patch group with 7 updates #933

5.0.0

5.0.0 (diff)

Added

• Improve observability for the SDP service by adding the following :
  • tag metrics by tenant name to differentiate between tenants
  • configure Summary metrics with percentiles for HTTP request durations (0.5, 0.9, 0.95, 0.99)
  • rework Grafana dashboard to include tenant tag and new metrics
  • #818
• Add organization level MFA and ReCAPTCHA settings #861
• Add trustlines for distribution account when provisioning tenant #891
• Add support for contract account disbursements #922
• Add contract account support for direct payments #924
• Add support for contract addresses for PATCH receiver #925
• Mark tx failures due to archived entries as error #926

Changed

• Decommissioned Event Broker Kafka support in favor of Scheduler for background jobs. #914
• Allow configuring resources limits and requests for services in the Helm charts #904
• Enable short linking by default #916
• Make POST /wallets and PATCH /wallets permissions consistent #909

4.1.0

4.1.0 (diff)

Added

• Add Support For Twilio WhatsApp messaging #855
• Add Twilio WhatsApp template documentation. #877
• Added initiator and approver user roles with mutual exclusivity validation for separation of duties in disbursement workflows. #865
• Ability to Onboard existing customers to Bridge integration via PATCH /bridge-integration endpoint. #867
• Add endpoint for patch receiver wallet. #848
• Add ReCAPTCHA v3 support. #869
• Enable direct payments to SEP-24 wallets. #860

Fixed

• Return proper error when calling POST /disbursements with a duplicate wallet address. #862
• Properly detect memo type in receiver creation. #870
• Add Support to Direct Payments for Payments Export. #873
• Re-enable golangci-lint in the CI and address all the related issues. #874
• Fix email color overrides. #762
• Fix Receiver Invitation for direct payments. #876

4.0.1

4.0.1 (diff)

Fixed

• Disbursement remaining balance calculation fails when there are pending Direct Payments #842
• Return proper error when calling POST /receivers with a duplicate wallet address. #836

Changed

• Replace Bitnami Kafka image with Apache Kafka official image due to Bitnami discontinuing support. #844
• Validate length of message template and organization name for organization patch request. #839

4.0.0

4.0.0 (diff)

Warning

This version is compatible with the [stellar/stellar-disbursement-platform-frontend] version 4.0.0.

Important

Potential Breaking Changes

We added wallet address uniqueness constraint that prevents the same wallet address from being assigned to multiple receivers. #750
Even though this shouldn't affect many users, it is still recommended to run this check using the pre-upgrade validation script at the end of the release notes.

Added

• Added Bridge Integration API endpoints to the backend:
  • GET /bridge-integration to get the current integration status.
  • PATCH /bridge-integration to opt into the Bridge integration or create a virtual account.
  • #720
• Added Bridge Helm chart configuration to the SDP charts #742
• Add API keys management endpoints #677
• Added a new endpoint to unregister a receiver wallet PATCH /receivers/wallets/:id/status. #675
• Added a new authentication middleware to support API keys. #681
• Added POST /receivers endpoint to create new receivers #687
• Allow the serviceaccount to be set for the ap deployment in the helm chart #679
• Add badges to the README.md file. #691
• Add endpoint for the direct payments #693
• Add type query parameter to GET /payments to filter direct/disbursement payments #694
• Update wallet POST to allow accept new asset references #696
• Update PATCH endpoint to extend update capabilities #697
• Add supported_assets filter to GET /wallets endpoint #734
• Add OTP attempt tracking and validation with maximum attempts limit and expiration checks for receiver wallet registration #773
• Add asset filtering by trustline with balance information for GET /assets #791
• Add AWS EKS CloudFormation deployment stacks #519

Changed

• Update supported wallets for Pubnet and Testnet:
  • Removed Vibrant Assist wallets from pubnet and test configuration
  • Added Vesseo and Beans App on Pubnet
  • Added XLM as a supported asset for Decaf
  • #793
• Optimize the Dockerfile to reduce the image size. #692
• Refactor packages to reduce circular dependency issues #816, #817
• Prevent unregistering user-managed wallets and wallets with in-progress payments #683

Fixed

• Fix scheduler to only run jobs for provisioned and activated tenants, preventing execution for pending or deactivated tenants. #795
• Display clear error message during reset password when token is expired. #783
• Fix add_tests_users.sh script in main.sh for Alpine Linux. #738
• Use sh instead of bash in e2e tests for better compatibility #736

Security and Dependencies

• Update dependencies and address security alerts #755, #756
• Pin @bitnami/readme-generator-for-helm version #731
• Bump the minor-and-patch group across 1 directory with 6 updates. #690
• Bump the minor-and-patch group across 1 directory with 10 updates #753, #769
• Bump docker/build-push-action in the all-actions group #685, #801
• Bump the all-docker group across 1 directory with 2 updates #709
• Bump golang from 1.24.4-alpine to 1.24.6-alpine #760, #798
• Bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2 #719
• Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 #752
• Bump vite dependencies #654
• Update stellar/go dependency to support Protocol 23 rollout #829

---

Pre-Upgrade Validation for Wallet Address Uniqueness

Version 4.0.0 introduces a constraint that prevents duplicate stellar addresses across receivers. You must run this validation script before upgrading to identify and resolve any existing duplicates.

Validation Script

-- Check for stellar address duplicates across all tenants
DO $$
DECLARE
    tenant_record RECORD;
    duplicate_count INTEGER;
    duplicate_record RECORD;
    schema_name TEXT;
    total_issues INTEGER := 0;
BEGIN
    RAISE NOTICE '=== Checking for stellar address duplicates across different receivers in all tenant schemas ===';
    RAISE NOTICE '';

    -- Loop through all active tenants
    FOR tenant_record IN 
        SELECT name, id, status 
        FROM admin.tenants 
        WHERE deleted_at IS NULL 
        AND status = 'TENANT_PROVISIONED'
        ORDER BY name
    LOOP
        schema_name := 'sdp_' || tenant_record.name;
        RAISE NOTICE 'Checking tenant: % (schema: %)', tenant_record.name, schema_name;
        
        -- Check if the schema exists and has receiver_wallets table
        IF EXISTS (
            SELECT 1 
            FROM information_schema.tables 
            WHERE table_schema = schema_name 
            AND table_name = 'receiver_wallets'
        ) THEN
            -- Count stellar addresses shared across multiple receivers in this tenant
            EXECUTE format('
                SELECT COUNT(*) 
                FROM (
                    SELECT stellar_address
                    FROM %I.receiver_wallets
                    WHERE stellar_address IS NOT NULL
                      AND trim(stellar_address) <> ''''
                    GROUP BY stellar_address
                    HAVING COUNT(DISTINCT receiver_id) > 1
                ) AS duplicates
            ', schema_name) INTO duplicate_count;
            
            IF duplicate_count > 0 THEN
                RAISE NOTICE '  ❌ FOUND % stellar address(es) shared across multiple receivers in %', duplicate_count, schema_name;
                total_issues := total_issues + duplicate_count;
                
                -- Show details of duplicates
                FOR duplicate_record IN 
                    EXECUTE format('
                        SELECT 
                            rw.stellar_address,
                            COUNT(DISTINCT rw.receiver_id) as receiver_count,
                            array_agg(DISTINCT rw.receiver_id) as receiver_ids,
                            array_agg(DISTINCT rw.id) as receiver_wallet_ids,
                            array_agg(DISTINCT r.email) as receiver_emails
                        FROM %I.receiver_wallets rw
                        JOIN %I.receivers r ON rw.receiver_id = r.id
                        WHERE rw.stellar_address IS NOT NULL
                          AND trim(rw.stellar_address) <> ''''
                        GROUP BY rw.stellar_address
                        HAVING COUNT(DISTINCT rw.receiver_id) > 1
                        ORDER BY rw.stellar_address
                    ', schema_name, schema_name)
                LOOP
                    RAISE NOTICE '    - Stellar Add...