Skip to content

Releases: openwallet-foundation/acapy

0.12.0rc0

24 Jan 03:13
007ea6a
Compare
Choose a tag to compare
0.12.0rc0 Pre-release
Pre-release

Release 0.12.0 is a relatively large release (53 PRs and counting...) but currently with no breaking changes. We expect there will be breaking changes (at least in the handling of Indy transaction endorsement) before the 0.12.0 release is finalized, hence the minor version update.

Much progress was made on did:peer support in this release, with the handling of inbound DID Peer 1 added, and inbound and outbound support for DID Peer 2 and 4. The goal of that work is to eliminate the remaining places where "unqualified" DIDs remain. Work continues in supporting ledger agnostic AnonCreds, and the new Hyperledger AnonCreds Rust library. Attention was also given in the release to the handling of JSON-LD Data Integrity Verifiable Credentials, with more expected before the release is finalized. In addition to those updates, there were fixes and improvements across the codebase.

0.12.0rc0 Breaking Changes

There are no breaking changes in 0.12.0rc0.

What's Changed

New Contributors

Full Changelog: 0.11.0...0.12.0rc0

0.11.0

25 Nov 05:08
8d04f0e
Compare
Choose a tag to compare

Release 0.11.0 is a relatively large release of new features, fixes, and internal updates. 0.11.0 is planned to be the last significant update before we begin the transition to using the ledger agnostic AnonCreds Rust in a release that is expected to bring Admin/Controller API changes. We plan to do patches to the 0.11.x branch while the transition is made to using [Anoncreds Rust].

An important addition to ACA-Py is support for signing and verifying SD-JWT verifiable credentials. We expect this to be the first of the changes to extend ACA-Py to support OpenID4VC protocols.

This release and Release 0.10.5 contain a high priority fix to correct an issue with the handling of the JSON-LD presentation verifications, where the status of the verification of the presentation.proof in the Verifiable Presentation was not included when determining the verification value (true or false) of the overall presentation. A forthcoming security advisory will cover the details. Anyone using JSON-LD presentations is recommended to upgrade to one of these versions of ACA-Py as soon as possible.

In the CI/CD realm, substantial changes were applied to the source base in switching from:

  • pip to Poetry for packaging and dependency management,
  • Flake8 to Ruff for linting,
  • asynctest to IsolatedAsyncioTestCase and AsyncMock objects now included in Python's builtin unittest package for unit testing.

These are necessary and important modernization changes, with the latter two triggering many (largely mechanical) changes to the codebase.

0.11.0 Breaking Changes

In addition to the impacts of the change for developers in switching from pip to Poetry, the only significant breaking change is the (overdue) transition of ACA-Py to always use the new DIDComm message type prefix, changing the DID Message prefix from the old hardcoded did:sov:BzCbsNYhMrjHiqZDTUASHg;spec to the new hardcoded https://didcomm.org value, and using the new DIDComm MIME type in place of the old. The vast majority (all?) Aries deployments have long since been updated to accept both values, so this change just forces the use of the newer value in sending messages. In updating this, we retained the old configuration parameters most deployments were using (--emit-new-didcomm-prefix and --emit-new-didcomm-mime-type) but updated the
code to set the configuration parameters to true even if the parameters were not set. See PR #2517.

The JSON-LD verifiable credential handling of JSON-LD contexts has been updated to pre-load the base contexts into the repository code so they are not fetched at run time. This is a security best practice for JSON-LD, and prevents errors in production when, from time to time, the JSON-LD contexts are unavailable because of outages of the web servers where they are hosted. See PR #2587.

A Problem Report message is now sent when a request for a credential is received and there is no associated Credential Exchange Record. This may happen, for example, if an issuer decides to delete a Credential Exchange Record that has not be answered for a long time, and the holder responds after the delete. See PR #2577.

What's Changed

Read more

0.10.5

22 Nov 03:24
66c9c02
Compare
Choose a tag to compare

Release 0.10.5 is a high priority patch release to correct an issue with the handling of the JSON-LD presentation verifications, where the status of the verification of the presentation.proof in the Verifiable Presentation was not included when determining the verification value (true or false) of the overall presentation. A forthcoming security advisory will cover the details.

Anyone using JSON-LD presentations is recommended to upgrade to this version of ACA-Py as soon as possible.

What's Changed

Full Changelog: 0.10.4...0.10.5

0.11.0rc2

17 Nov 21:23
63943f4
Compare
Choose a tag to compare
0.11.0rc2 Pre-release
Pre-release

Release 0.11.0 is a relatively large release of new features, fixes, and internal updates. 0.11.0 is planned to be the last major update before we transition to using the ledger agnostic AnonCreds Rust in a release that is expected to bring some Admin/Controller API changes. We plan to do patches to the 0.11.xbranch while the transition is made to the upcoming release to transition to using [Anoncreds Rust].

A significant addition to ACA-Py is support for signing and verifying SD-JWT verifiable credentials. We expect this to be the first of the changes to extend ACA-Py to support OpenID4VC protocols.

In the CI/CD realm, substantial changes were applied to the source base in switching from:

  • pip to Poetry for packaging and dependency management,
  • Flake8 to Ruff for linting,
  • asynctest to IsolatedAsyncioTestCase and AsyncMock objects now included in Python's builtin unittest package for unit testing.

These are necessary and important modernization changes, with the latter two triggering many (largely mechanical) changes to the codebase.

NOTE: In addition to these PRs in the 0-11.0-rc0 release, we also expect to include at least those ACA-Py PRs labelled "0.11.0" in the release.

0.11.0 Breaking Changes

In addition to the impacts of the change for developers in switching from pip to Poetry, the only significant breaking change is the (overdue) transition of ACA-Py to always use the new DIDComm message type prefix, changing the DID Message prefix from the old hardcoded did:sov:BzCbsNYhMrjHiqZDTUASHg;spec to the new hardcoded https://didcomm.org value, and using the new DIDComm MIME type in place of the old. The vast majority (all?) Aries deployments have long since been updated to accept both values, so this change just forces the use of the newer value in sending messages. In updating this, we retained the old configuration parameters most deployments were using (--emit-new-didcomm-prefix and --emit-new-didcomm-mime-type) but updated the
code to set the configuration parameters to true even if the parameters were not set. See PR #2517.

The JSON-LD verifiable credential handling of JSON-LD contexts has been updated to pre-load the base contexts into the repository code so they are not fetched at run time. This is a security best practice for JSON-LD, and prevents errors in production when, from time to time, the JSON-LD contexts are unavailable because of outages of the web servers where they are hosted. See PR #2587.

A Problem Report message is now sent when a request for a credential is received and there is no associated Credential Exchange Record. This may happen, for example, if an issuer decides to delete a Credential Exchange Record that has not be answered for a long time, and the holder responds after the delete. See PR #2577.

The versioning scheme for Release Candidates has been changed to drop the - in the version string. This means the older style of 0.11.0-rc0 has been changed to the newer style of 0.11.0rc2.

What's Changed

Read more

0.11.0-rc1

30 Oct 23:15
37c4bc2
Compare
Choose a tag to compare
0.11.0-rc1 Pre-release
Pre-release

Release 0.11.0 is a relatively large release of new features, fixes, and internal updates. 0.11.0 is planned to be the last major update before we transition to using the AnonCreds Rust in a release that is expected to bring some Admin/Controller API changes. We plan to do patches to 0.11.0 while the transition is made to the next breaking release.

Release 0.11.0-rc0 failed to publish because of a reference to a dependency via its GitHub repository rather than to its published artifact.

A significant addition to ACA-Py is support for signing and verifying SD-JWT verifiable credentials. We expect this to be the first of the changes to extend ACA-Py to support OpenID4VC protocols.

In the CI/CD realm, substantial changes were applied to the source base in switching from:

  • pip to Poetry for packaging and dependency management,
  • Flake8 to Ruff for linting,
  • asynctest to IsolatedAsyncioTestCase and AsyncMock objects now included in Python's builtin unittest package for unit testing.

These are necessary and important modernization changes, with the latter two triggering many (largely mechanical) changes to the codebase.

NOTE: In addition to these PRs in the 0-11.0-rc0 release, we also expect to include at least those ACA-Py PRs labelled "0.11.0" in the release.

0.11.0 Breaking Changes

In addition to the impacts of the change for developers in switching from pip to Poetry, the only significant breaking change is the (overdue) transition of ACA-Py to always use the new DIDComm message type prefix, changing the DID Message prefix from the old hardcoded did:sov:BzCbsNYhMrjHiqZDTUASHg;spec to the new hardcoded https://didcomm.org value, and using the new DIDComm MIME type in place of the old. The vast majority (all?) Aries deployments have long since been updated to accept both values, so this change just forces the use of the newer value in sending messages. In updating this, we retained the old configuration parameters most deployments were using (--emit-new-didcomm-prefix and --emit-new-didcomm-mime-type) but updated the code to set the configuration parameters to true even if the parameters were not set. See PR #2517.

What's Changed

New Contributors

Full Changelog: 0.10.1...0.11.0-rc1

0.10.4

09 Oct 18:00
9ce2e5a
Compare
Choose a tag to compare

Release 0.10.4 is a patch release to correct an issue with the handling of did:key routing keys in some mediator scenarios, notably with the use of Aries Framework Kotlin. See the details in the PR and Issue #2531 Routing for agents behind a aca-py based mediator is broken.

Thanks to codespree for raising the issue and providing the fix.

What's Changed

Full Changelog: 0.10.3...0.10.4

0.10.3

29 Sep 16:14
736cdfb
Compare
Choose a tag to compare

Release 0.10.3 is a patch release to add an upgrade process for very old versions of Aries Cloud Agent Python (circa 0.5.2). If you have a long time deployment of an issuer that uses revocation, this release could correct internal data (tags in secure storage) related to revocation registries. Details of the about the triggering problem can be found in Issue #2485.

The upgrade is applied by running the following command for the ACA-Py instance to be upgraded:

./scripts/run_docker upgrade --force-upgrade --named-tag fix_issue_rev_reg

What's Changed

Full Changelog: 0.10.2...0.10.3

0.10.2

22 Sep 21:50
89f9fdc
Compare
Choose a tag to compare

Release 0.10.2 is a patch release for 0.10.1 that addresses three specific regressions found in deploying Release 0.10.1. The regressions are to fix:

  • An ACA-Py instance upgraded to 0.10.1 that had an existing connection to another Aries agent where the connection has both an http and ws (websocket) service endpoint with the same ID cannot message that agent. A scenario is an ACA-Py issuer connecting to an Endorser with both http and ws service endpoints. The updates made in 0.10.1 to improve ACA-Py DID resolution did not account for this scenario and needed a tweak to work (Issue #2474, #2476).
  • The "fix revocation registry" endpoint used to fix scenarios an Issuer's local revocation registry state is out of sync with the ledger was broken by some code being added to support a single ACA-Py instance writing to different ledgers (Issue #2477, #2480).
  • The version of the PyDID library we were using did not handle some unexpected DID resolution use cases encountered with mediators. The PyDID library version dependency was updated in #2500.

What's Changed

Full Changelog: 0.10.1...0.10.2

0.10.2-rc0

08 Sep 02:40
b4072ff
Compare
Choose a tag to compare
0.10.2-rc0 Pre-release
Pre-release

Release 0.10.2 is a patch release for 0.10.1 that addresses two specific regressions found
in deploying Release 0.10.1. The regressions are to fix:

  • An ACA-Py instance upgraded to 0.10.1 that had an existing connection to another Aries agent
    where the connection has both an http and ws (websocket) service endpoint with the same ID cannot
    message that agent. A scenario is an ACA-Py issuer connecting to an Endorser with both http and
    ws service endpoints. The updates made in 0.10.1 to improve ACA-Py DID resolution did not account
    for this scenario and needed a tweak to work (Issue #2474, PR #2475).
  • The "fix revocation registry" endpoint used to fix scenarios an Issuer's local revocation registry
    state is out of sync with the ledger was broken by some code being added to support a single
    ACA-Py instance writing to different ledgers (Issue #2477, PR #2480).

What's Changed

Full Changelog: 0.10.1...0.10.2-rc0

0.10.1

29 Aug 15:46
084f206
Compare
Choose a tag to compare

Release 0.10.1 contains a breaking change, an important fix for a regression introduced in 0.8.2 that impacts certain deployments, and a number of fixes and updates. Included in the updates is a significant internal reorganization of the DID and connection management code that was done to enable more flexible uses of different DID Methods, such as being able to use did:web DIDs for DIDComm messaging connections. The work also paves the way for coming updates related to support for did:peer DIDs for DIDComm. For details on the change see #2409, which includes some of the best pull request documentation ever created.

Release 0.10.1 has the same contents as 0.10.0. An error on PyPi prevented the 0.10.0 release from being properly uploaded because of an existing file of the same name. We immediately released 0.10.1 as a replacement.

The regression fix is for ACA-Py deployments that use multi-use invitations but do NOT use the --auto-accept-connection-requests flag/processing. A change in 0.8.2 (PR #2223) suppressed an extra webhook event firing during the processing after receiving a connection request. An unexpected side effect of that change was that the subsequent webhook event also did not fire, and as a result, the controller did not get any event signalling a new connection request had been received via the multi-use invitation. The update in this release ensures the proper event fires and the controller receives the webhook.

See below for the breaking changes and the CHANGELOG for a categorized list of the pull requests included in this release.

Updates in the CI/CD area include adding the publishing of a nightly container image that includes any changes in the main branch since the last nightly was published. This allows getting the "latest and greatest" code via a container image vs. having to install ACA-Py from the repository. In addition, Snyk scanning was added to the CI pipeline, and Indy SDK tests were removed from the pipeline.

0.10.1 Breaking Changes
#2352 is a breaking change related to the storage of presentation exchange records in ACA-Py. In previous releases, presentation exchange protocol state data records were retained in ACA-Py secure storage after the completion of protocol instances. With this release the default behavior changes to deleting those records by default, unless the ----preserve-exchange-records flag is set in the configuration. This extends the use of that flag that previously applied only to issue credential records. The extension matches the initial intention of the flag--that it cover both issue credential and present proof exchanges. The "best practices" for ACA-Py is that the controller (business logic) store any long-lasting business information needed for the service that is using the Aries Agent, and ACA-Py storage should be used only for data necessary for the operation of the agent. In particular, protocol state data should be held in ACA-Py only as long as the protocol is running (as it is needed by ACA-Py), and once a protocol instance completes, the controller should extract and store the business information from the protocol state before it is deleted from ACA-Py storage.

What's Changed

New Contributors

Full Changelog: 0.9.0...0.10.1