1.3.0rc2

ACA-Py 1.3.0 introduces significant improvements across wallet types, AnonCreds support, multi-tenancy, DIDComm interoperability, developer experience, and software supply chain management. This release strengthens stability, modernizes protocol support, and delivers important updates for AnonCreds credential handling. A small number of breaking changes are included and are detailed below.

Updates were made to to the askar-anoncreds wallet type (Askar plus the latest AnonCreds Rust library), addressing issues with multi-ledger configurations, multitenant deployments, and credential handling across different wallet types. Wallet profile management was strengthened by enforcing unique names to avoid conflicts in multitenant environments.

AnonCreds handling saw extensive refinements, including fixes to credential issuance, revocation management, and proof presentation workflows. The release also introduces support for did:indy Transaction Version 2 and brings better alignment between the ledger API responses and the expected schemas. Several API documentation updates and improvements to type hints further enhance the developer experience when working with AnonCreds features.

Support for multi-tenancy continues to mature, with fixes that better isolate tenant wallets from the base wallet and improved connection reuse across tenants.

Logging across ACA-Py has been significantly improved to deliver clearer, more actionable logs, while error handling was enhanced to provide better diagnostics for validation failures and resolver setup issues.

Work toward broader interoperability continued, with the introduction of support for the Verifiable Credentials Data Model (VCDM) 2.0, as well as enhancements to DIDDoc handling, including support for BLS12381G2 key types. A new DIDComm route for fetching existing invitations was added, and a number of minor protocol-level improvements were made to strengthen reliability.

The release also includes many improvements for developers, including a new ACA-Py Helm Chart to simplify Kubernetes deployments, updated tutorials, and more updates to demos (such as AliceGetsAPhone). Dependency upgrades across the project further solidify the platform for long-term use.

Significant work was also done in this release to improve the security and integrity of ACA-Py's software supply chain. Updates to the CI/CD pipelines hardened GitHub Actions workflows, introduced pinned dependencies and digests for builds, optimized Dockerfile construction, and improved dependency management practices. These changes directly contribute to a stronger security posture and have improved ACA-Py's OpenSSF Scorecard evaluation, ensuring higher levels of trust and verifiability for those deploying ACA-Py in production environments.

1.3.0 Deprecation Notices

• In the next ACA-Py release, we will be dropping from the core ACA-Py repository the AIP 1.0 RFC 0037 Issue Credentials v1.0 and RFC 0037 Present Proof v1.0 DIDComm protocols. Each of the protocols will be moved to the ACA-Py Plugins repo. All ACA-Py implementers that use those protocols SHOULD update as soon as possible to the AIP 2.0 versions of those protocols (RFC 0453 Issue Credential v2.0 and RFC 0454 Present Proof v2.0, respectively). Once the protocols are removed from ACA-Py, anyone still using those protocols MUST adjust their configuration to load those protocols from the respective plugins.

1.3.0 Breaking Changes

This release includes a small number of breaking changes:

• The DIDComm RFC 0160 Connections protocol is removed, in favour of the newer, more complete RFC 0434 Out of Band and RFC 0023 DID Exchange. Those still requiring RFC 0160 Connections protocol support must update their startup parameters to include the Connections Protocol Plugin. See the documentation for details, but once the ACA-Py instance startup options are extended to include the Connections protocol plugin, Controllers using the Connections protocol should continue to work as they had been. That said, we highly recommend implementers seeking interoperability move to the RFC 0434 Out of Band and RFC 0023 DID Exchange Protocols as soon as possible.
• Schema objects related to did:indy operations have been renamed to improve clarity and consistency. Clients interacting with did:indy endpoints should review and adjust any schema validations or mappings in their applications.

1.3.0 ACA-Py Controller API Changes

• did:indy support added, including a new POST /did/indy/create endpoint.
• Routes that support pagination (such as endpoints for fetching connections or credential/presentation exchange records), now include descending as an optional query parameter and have deprecated the count and start query parameters in favor of the more standard limit and offset parameters.
• validFrom and validUntil added to the Credential and VerifiableCredential objects.
• For consistency (and developer sanity), all Anoncreds references in the ACA-Py codebase have been changed to the more common AnonCreds (see PR #3573). Controller references may have to be updated to reflect the update.

Specifics of the majority of the changes can be found by looking at the diffs for the swagger.json and openapi.json files that are part of the 1.3.0 Release Pull Request. Later pull requests might introduce some additional changes.

What's Changed

• Devcointainer and docs update by @esune in #3629
• chore(deps-dev): Bump pytest-cov from 6.0.0 to 6.1.1 by @dependabot in #3631
• chore(deps): Bump tj-actions/changed-files from 46.0.3 to 46.0.4 in the all-actions group by @dependabot in #3635
• ⬆️ Weekly dependency updates by @ff137 in #3634
• chore(deps): Update qrcode[pil] requirement from ~=8.0 to ~=8.1 by @dependabot in #3632
• AliceGetsAPhone demo works in local docker environment by @davidchaiken in #3623
• Use current version of aca-py in devcontainer by @esune in #3638
• ✨ Don't shutdown on ledger error by @ff137 in #3636
• ✨ Improve logging in core components by @ff137 in #3332
• 🐛 Fix publishing all pending AnonCreds revocations by @ff137 in #3626
• Add BLS12381G2 keys to multikey manager by @gmulhearn in #3640
• 🎨 Rename Anoncreds to AnonCreds by @ff137 in #3573
• 🎨 Replace print statements in Banner with info log by @ff137 in #3643
• chore(deps): Bump tj-actions/changed-files from 46.0.4 to 46.0.5 in the all-actions group by @dependabot in #3648
• 👷 Fix Docker Caching by @rblaine95 in #3653
• 👷 Split Docker Builds by @rblaine95 in #3654
• 🐛 Fix public did no longer being correctly configured by @ff137 in #3646
• 👷 🧑‍💻 Optimize Docker build to reduce cache invalidation by @rblaine95 in #3655
• 🎨 Fix swagger tag names for AnonCreds endpoints by @ff137 in #3661
• 🧪 Fix test warnings by @ff137 in #3656
• 🎨 Add type hints to anoncreds module by @ff137 in #3652
• 🎨 Add type hints to messaging/jsonld by @ff137 in #3650
• chore(deps): Bump markdown from 3.7 to 3.8 by @dependabot in #3644
• 🎨 Make ledger config more readable by @ff137 in #3664
• (fix) VM resolution strategy correction for embedded VMs by @gmulhearn in #3665
• 🎨 Rename did:indy create/response schema objects by @ff137 in #3663
• chore(deps): Bump packaging from 24.2 to 25.0 by @dependabot in #3667
• 📌 Pin Actions to a full length commit SHA and image tags to digests by @step-security-bot in #3668
• 👷 Update dependabot file by @ff137 in #3669
• 🔒 ci: Harden GitHub Actions by @step-security-bot in #3670
• 🔒 Update Token Permissions in GitHub Actions by @ff137 in #3678
• chore(deps): Bump pydantic from 2.10.3 to 2.11.3 in /scenarios by @dependabot in #3677
• chore(deps): Bump pytest-asyncio from 0.23.8 to 0.26.0 in /scenarios by @dependabot in #3676
• chore(deps): Bump github/codeql-action from 3.28.15 to 3.28.16 in the all-actions group by @dependabot in #3675
• 🐛 Fix permissions in nightly publish job by @ff137 in #3682
• chore(deps-dev): Bump pydevd-pycharm from 251.23774.211 to 251.25410.24 by @dependabot in #3683
• 1.3.0rc2 by @swcurran in #3687

New Contributors

• @step-security-bot made their first contribution in #3668

Full Changelog: 1.3.0rc1...1.3.0rc2