Skip to content

1.3.2

Choose a tag to compare

View all tags
@swcurran swcurran released this 26 Aug 19:35
· 286 commits to main since this release
1.3.2
902e218
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

ACA-Py 1.3.2 is a maintenance and enhancement release with a mix of bug fixes, dependency updates, documentation improvements, and operational enhancements. It focuses on improving reliability in credential revocation handling, refining webhook payload structures, modernizing async task management, and ensuring better resilience when opening the Askar store. Developers will also find several documentation updates and dependency cleanups. See the Categorized List of Changes below for more details about the changes in this release.

The release includes a fix for a change (#3081 added in Release 1.0.0) that introduced a PII leakage possibility. See the 1.3.2 Breaking Changes section below for details.

1.3.2 Deprecation Notices

In an upcoming ACA-Py release, we will be dropping from the core ACA-Py repository the AIP 1.0 RFC 0037 Issue Credentials v1.0 and RFC 0037 Present Proof v1.0 DIDComm protocols. Each of the protocols will be moved to the ACA-Py Plugins repo. All ACA-Py implementers that use those protocols SHOULD update as soon as possible to the AIP 2.0 versions of those protocols (RFC 0453 Issue Credential v2.0 and RFC 0454 Present Proof v2.0, respectively). Once the protocols are removed from ACA-Py, anyone still using those protocols MUST adjust their configuration to load those protocols from the respective plugins.

1.3.2 Breaking Changes

Release 1.3.2 includes a privacy-related change that also introduces a breaking change for some deployments -- including those using acapy-vc-authn-oidc.

  • Removal of by_format from webhook payloads (#3837)
    In a recent update, ACA-Py webhook events for credential and presentation v2.0 exchanges included a by_format field by default, instead of only when used with the ACAPY_DEBUG_WEBHOOKS configuration parameter. by_format contains sensitive protocol payload data and, in some cases, could result in personally identifiable information (PII) being logged. This behavior has been reverted.

    Impact when upgrading:

    • If your deployment relies on the by_format field in webhook events you need to ensure the startup parameter ACAPY_DEBUG_WEBHOOKS is activated.
    • Most applications that simply respond to the state of v2.0 credential exchanges (e.g., credential_issued, presentation_verified) are not affected.
    • Applications that parsed or logged the by_format contents must ensure the ACAPY_DEBUG_WEBHOOKS configuration is set, or better, update their logic to not require that information.

Because this change addresses a privacy issue (PII leakage), it is being included in the 1.3.x patch series rather than requiring a minor release increment.

What's Changed

  • chore(deps): Bump github/codeql-action from 3.29.0 to 3.29.2 in the all-actions group by @dependabot[bot] in #3805
  • chore(deps): Bump openwallet-foundation/acapy-agent from py3.12-1.3.0 to py3.12-1.3.1 in /demo/playground by @dependabot[bot] in #3814
  • chore(deps): Bump openwallet-foundation/acapy-agent from py3.12-1.3.0 to py3.12-1.3.1 in /demo/docker-agent by @dependabot[bot] in #3813
  • chore(deps): Bump openwallet-foundation/acapy-agent from py3.12-1.3.0 to py3.12-1.3.1 in /demo/multi-demo by @dependabot[bot] in #3812
  • Upgrade pytest-asyncio to major version 1.0.0 by @jamshale in #3810
  • chore(deps): Bump the pip group across 2 directories with 1 update by @dependabot[bot] in #3823
  • Fixed debug port setting by @Gavinok in #3828
  • Update README with latest on LTS Release Status by @swcurran in #3833
  • chore(deps): Bump github/codeql-action from 3.29.2 to 3.29.3 in the all-actions group by @dependabot[bot] in #3836
  • Remove by_format from standard webhook payloads by @jamshale in #3837
  • chore(deps): Bump the all-actions group with 2 updates by @dependabot[bot] in #3842
  • ➖ Remove unused dependency: ecdsa by @ff137 in #3847
  • Only strip did:sov dids to unqualified did in oob receive invitation requests (holder) by @jamshale in #3846
  • Add retries when opening the askar store / Refactor store.py by @jamshale in #3811
  • chore(deps): Bump the all-actions group with 3 updates by @dependabot[bot] in #3849
  • Update scenarios to openwallet acapy-minimal-example repo by @jamshale in #3851
  • Fix: Some asyncio task management and modernization by @jamshale in #3818
  • chore(deps-dev): Bump pre-commit from 4.2.0 to 4.3.0 by @dependabot[bot] in #3855
  • Add DeepWiki AI Docs Badge and revise the README intro by @swcurran in #3853
  • chore(deps-dev): Bump pydevd-pycharm from 252.23309.36 to 252.23892.439 by @dependabot[bot] in #3854
  • chore(deps): Bump the all-actions group with 3 updates by @dependabot[bot] in #3856
  • fix: update tails server upload methods to return public file URIs by @TheTechmage in #3852
  • 1.3.2rc0 by @swcurran in #3858
  • Approve ACA-Py Project Charter by @SeanBohan in #3857
  • ♻️ Sync ruff version by @ff137 in #3859
  • Update did-webvh package version by @PatStLouis in #3860
  • 1.3.2 by @swcurran in #3863

New Contributors

Full Changelog: 1.3.1...1.3.2

Contributors

TheTechmage, SeanBohan, and 6 other contributors
Assets 2
Loading