0.12.7rc2

This patch release adds a GitHub Action to publish an LTS container image with the tag 0.12-lts when a release is published from the ACA-Py 0.12.lts branch. This is a convenience for those who want to use the latest LTS version of ACA-Py in their deployments, and is not intended to be used as a replacement for the latest release of ACA-Py or when a specific release is required.

The release includes the following PRs from the main branch cherry-picked into this release:

• 🐛 Fix v2 cred ex and pres ex webhook events to emit after db write #3699
• fix: multiuse invite derived conns should have msg id #3692
• Fix unchanged endpoint being rewritten to ledger #3608

As well, a dependency update was applied, updating the poetry.lock file to use the latest minor versions of the dependencies, including an update to the version of Rust being used in the indy-build container artifact.

A reminder that the 0.12 LTS branch will reach end-of-life in October, 2025. Anyone still using this branch should plan to upgrade to the 1.2 LTS or (better) latest release of ACA-Py as soon as possible.

0.12.7 Breaking Changes

There are no breaking changes in this release.

What's Changed

• Add recreate lts workflow to 0.12.lts branch by @jamshale in #3771
• Don't run workflow for release candidates by @jamshale in #3796
• 0.12.7rc0 by @swcurran in #3794
• 0.12.lts.patch by @jamshale in #3817
• 0.12.7rc1 by @swcurran in #3820
• Upgrade rust version for indy-build to 1.56 by @jamshale in #3826
• 0.12.7rc2 by @swcurran in #3827

Full Changelog: 0.12.6...0.12.7rc2

1.2.5rc0

This patch release adds a GitHub Action to publish an LTS container image with the tag 1.2-lts when a release is published from the ACA-Py 1.2.lts branch. This is a convenience for those who want to use the latest LTS version of ACA-Py in their deployments, and is not intended to be used as a replacement for the latest release of ACA-Py or when a specific release is required.

The release includes the following PRs from the main branch cherry-picked into this release:

• Put cred_rev_id read, increment and write in a transaction #3793
• Remove header from http/ws responses #3753
• 🐛 Fix v2 cred ex and pres ex webhook events to emit after db write #3699
• fix: multiuse invite derived conns should have msg id #3692

As well, a dependency update was applied, updating the poetry.lock file to use the latest minor versions of the dependencies.

1.2.5 Breaking Changes

There are no breaking changes in this release.

What's Changed

• Add recreate lts workflow to 1.2.lts branch by @jamshale in #3772
• Don't run workflow for release candidates by @jamshale in #3797
• 1.2.lts.patch by @jamshale in #3816
• 1.2.5rc0 by @swcurran in #3821

Full Changelog: 1.2.4...1.2.5rc0

0.12.7rc1

This patch release adds a GitHub Action to publish an LTS container image with the tag 0.12-lts when a release is published from the ACA-Py 0.12.lts branch. This is a convenience for those who want to use the latest LTS version of ACA-Py in their deployments, and is not intended to be used as a replacement for the latest release of ACA-Py or when a specific release is required.

The release includes the following PRs from the main branch cherry-picked into this release:

• 🐛 Fix v2 cred ex and pres ex webhook events to emit after db write #3699
• fix: multiuse invite derived conns should have msg id #3692
• Fix unchanged endpoint being rewritten to ledger #3608

As well, a dependency update was applied, updating the poetry.lock file to use the latest minor versions of the dependencies.

A reminder that the 0.12 LTS branch will reach end-of-life in October, 2025. Anyone still using this branch should plan to upgrade to the 1.2 LTS or (better) latest release of ACA-Py as soon as possible.

0.12.7 Breaking Changes

There are no breaking changes in this release.

What's Changed

• Add recreate lts workflow to 0.12.lts branch by @jamshale in #3771
• Don't run workflow for release candidates by @jamshale in #3796
• 0.12.7rc0 by @swcurran in #3794
• 0.12.lts.patch by @jamshale in #3817
• 0.12.7rc1 by @swcurran in #3820

Full Changelog: 0.12.6...0.12.7rc1

1.3.1

ACA-Py 1.3.1 is a maintenance release that focuses on improving reliability, developer experience, and project documentation. It includes important fixes, updated links and metadata, and minor enhancements, particularly in support of long-term stability and governance clarity.

This release includes:

• Extensive updates to outdated or redirected links in documentation and code comments, moving references from Hyperledger to the OpenWallet Foundation and other current locations.
• A fix to a concurrency issue (described in #3738) in the newer anoncreds endpoint that assigns a revocation index to a credential. The operation is new wrapped in a transaction, ensuring data consistency under load.
• Expanded options for running the ACA-Py demo, with support added for Microsoft Dev Tunnels and improved out-of-band connection flows.
• Updates to project governance documentation, including the Code of Conduct, Security Policy, and Maintainers Guide, aligned with the OpenWallet Foundation processes.
• Logging improvements for better observability, especially around public DID handling, routing keys, and outbound websocket messages.
• Demo enhancements, including migration to prompt_toolkit 3.x and fixes to markdown and code formatting issues.
• A fix ensuring webhook events for V2 credential and presentation exchange are correctly emitted after database persistence, preventing race conditions.
• Minor bug fixes and test coverage improvements, including regression test additions and index error handling.

This release also prepares for future long-term support (LTS) work, with internal updates to Docker tags, versioning, and CI metadata. No breaking changes are introduced. As always, routine Dependabot updates were also included to keep dependencies current and secure.

1.3.1 Deprecation Notices

In the next ACA-Py release, we will be dropping from the core ACA-Py repository the AIP 1.0 RFC 0037 Issue Credentials v1.0 and RFC 0037 Present Proof v1.0 DIDComm protocols. Each of the protocols will be moved to the ACA-Py Plugins repo. All ACA-Py implementers that use those protocols SHOULD update as soon as possible to the AIP 2.0 versions of those protocols (RFC 0453 Issue Credential v2.0 and RFC 0454 Present Proof v2.0, respectively). Once the protocols are removed from ACA-Py, anyone still using those protocols MUST adjust their configuration to load those protocols from the respective plugins.

1.3.1 Breaking Changes

There are no breaking changes in this release.

What's Changed

• 🐛 Fix v2 cred ex and pres ex webhook events to emit after db write by @ff137 in #3699
• chore(deps): Update qrcode[pil] requirement from ~=8.1 to ~=8.2 in /demo by @dependabot in #3707
• chore(deps): Bump qrcode from 8.1 to 8.2 by @dependabot in #3705
• chore(deps): Bump postgres from fe3f571 to 304ab81 in /demo/docker-test/db by @dependabot in #3704
• chore(deps): Bump python from e2c7fb0 to 0a886c1 in /scenarios by @dependabot in #3703
• Update images and tags to version 1.3.0 by @jamshale in #3708
• chore(deps): Bump github/codeql-action from 3.28.16 to 3.28.17 in the all-actions group by @dependabot in #3709
• 🎨 Add missing anoncreds field to V20CredExRecordDetail model by @ff137 in #3710
• Feat(demo): migrate to prompt_toolkit 3.x (Fixes #3681) by @andrepestana-aot in #3713
• chore(deps): Bump python from 0a886c1 to d188cfc in /scenarios by @dependabot in #3715
• chore(deps): Bump postgres from 304ab81 to 8648313 in /demo/docker-test/db by @dependabot in #3716
• chore(deps): Bump SonarSource/sonarqube-scan-action from 5.1.0 to 5.2.0 in the all-actions group by @dependabot in #3718
• ⬆️ Update lock file by @ff137 in #3720
• Regress test to check #2818 issue by @andrepestana-aot in #3721
• 🔊 Improve logging in Handlers by @ff137 in #3722
• TestDeleteTails testcase fixes and indexError fix by @ann-aot in #3727
• chore(deps): Bump github/codeql-action from 3.28.17 to 3.28.18 in the all-actions group by @dependabot in #3729
• 🎨 Fix codeblock typing in DIDResolution.md by @ff137 in #3730
• 🔊 Improve logging related to public DIDs and routing keys by @ff137 in #3719
• Cleanup markdown errors in docs/demo/readme by @swcurran in #3734
• Add websocket outbound debug log by @jamshale in #3736
• chore(deps-dev): Bump pydevd-pycharm from 251.25410.122 to 252.16512.37 by @dependabot in #3743
• chore(deps): Bump uuid-utils from 0.10.0 to 0.11.0 by @dependabot in #3742
• Remove unnecessary hash pinning by @jamshale in #3744
• Fix broken links in the aca-py.org site / documentation by @swcurran in #3745
• Tag and Recreate ACA-Py LTS Release by @pradeepp88 in #3735
• Cleaned up more broken links and updates some code permalinks by @swcurran in #3748
• Updates to links in the docs and code comments to URLs that have been redirected -- mostly from Hyperledger to OWF and DIF by @swcurran in #3750
• Update the ACA-Py Security, Code of Conduct, and Maintainers Documents by @swcurran in #3749
• Demo: Change mediation connection to out-of-band by @jamshale in #3751
• 1.3.1rc0 by @swcurran in #3752
• Remove header from http/ws responses by @jamshale in #3753
• chore(deps-dev): Bump pydevd-pycharm from 252.16512.37 to 252.18003.35 by @dependabot in #3758
• chore(deps-dev): Bump pytest-xdist from 3.6.1 to 3.7.0 by @dependabot in #3756
• Repair lts workflow by @jamshale in #3759
• chore(deps): Bump aiohttp from 3.11.18 to 3.12.6 by @dependabot in #3757
• Update webvh package version by @PatStLouis in #3763
• alice/faber demo supports Microsoft dev tunnels by @davidchaiken in #3755
• chore(deps): Bump the all-actions group with 3 updates by @dependabot in #3760
• ⚡ Skip upgrade check for status checks by @ff137 in #3761
• chore: Remove did:indy Stub by @TheTechmage in #3764
• 1.3.1rc1 by @swcurran in #3765
• chore(deps): Bump pytest from 8.3.4 to 8.4.0 in /scenarios by @dependabot in #3768
• chore(deps): Bump pytest from 8.3.4 to 8.4.0 in /demo/playground/examples by @dependabot in #3767
• chore(deps-dev): Bump pytest from 8.3.5 to 8.4.0 by @dependabot in #3766
• chore(deps): Bump github/codeql-action from 3.28.18 to 3.28.19 in the all-actions group by @dependabot in #3769
• Add multi key id binding (supersedes #3472) by @PatStLouis in #3762
• chore(deps): Bump the pip group across 3 directories with 1 update by @Depe...

1.3.1rc2

ACA-Py 1.3.1 is a maintenance release that focuses on improving reliability, developer experience, and project documentation. It includes important fixes, updated links and metadata, and minor enhancements, particularly in support of long-term stability and governance clarity.

This release includes:

• Extensive updates to outdated or redirected links in documentation and code comments, moving references from Hyperledger to the OpenWallet Foundation and other current locations.
• A fix to a concurrency issue (described in #3738) in the newer anoncreds endpoint that assigns a revocation index to a credential. The operation is new wrapped in a transaction, ensuring data consistency under load.
• Expanded options for running the ACA-Py demo, with support added for Microsoft Dev Tunnels and improved out-of-band connection flows.
• Updates to project governance documentation, including the Code of Conduct, Security Policy, and Maintainers Guide, aligned with the OpenWallet Foundation processes.
• Logging improvements for better observability, especially around public DID handling, routing keys, and outbound websocket messages.
• Demo enhancements, including migration to prompt_toolkit 3.x and fixes to markdown and code formatting issues.
• A fix ensuring webhook events for V2 credential and presentation exchange are correctly emitted after database persistence, preventing race conditions.
• Minor bug fixes and test coverage improvements, including regression test additions and index error handling.

This release also prepares for future long-term support (LTS) work, with internal updates to Docker tags, versioning, and CI metadata. No breaking changes are introduced. As always, routine Dependabot updates were also included to keep dependencies current and secure.

1.3.1 Deprecation Notices

In the next ACA-Py release, we will be dropping from the core ACA-Py repository the AIP 1.0 RFC 0037 Issue Credentials v1.0 and RFC 0037 Present Proof v1.0 DIDComm protocols. Each of the protocols will be moved to the ACA-Py Plugins repo. All ACA-Py implementers that use those protocols SHOULD update as soon as possible to the AIP 2.0 versions of those protocols (RFC 0453 Issue Credential v2.0 and RFC 0454 Present Proof v2.0, respectively). Once the protocols are removed from ACA-Py, anyone still using those protocols MUST adjust their configuration to load those protocols from the respective plugins.

1.3.1 Breaking Changes

There are no breaking changes in this release.

What's Changed

• 🐛 Fix v2 cred ex and pres ex webhook events to emit after db write by @ff137 in #3699
• chore(deps): Update qrcode[pil] requirement from ~=8.1 to ~=8.2 in /demo by @dependabot in #3707
• chore(deps): Bump qrcode from 8.1 to 8.2 by @dependabot in #3705
• chore(deps): Bump postgres from fe3f571 to 304ab81 in /demo/docker-test/db by @dependabot in #3704
• chore(deps): Bump python from e2c7fb0 to 0a886c1 in /scenarios by @dependabot in #3703
• Update images and tags to version 1.3.0 by @jamshale in #3708
• chore(deps): Bump github/codeql-action from 3.28.16 to 3.28.17 in the all-actions group by @dependabot in #3709
• 🎨 Add missing anoncreds field to V20CredExRecordDetail model by @ff137 in #3710
• Feat(demo): migrate to prompt_toolkit 3.x (Fixes #3681) by @andrepestana-aot in #3713
• chore(deps): Bump python from 0a886c1 to d188cfc in /scenarios by @dependabot in #3715
• chore(deps): Bump postgres from 304ab81 to 8648313 in /demo/docker-test/db by @dependabot in #3716
• chore(deps): Bump SonarSource/sonarqube-scan-action from 5.1.0 to 5.2.0 in the all-actions group by @dependabot in #3718
• ⬆️ Update lock file by @ff137 in #3720
• Regress test to check #2818 issue by @andrepestana-aot in #3721
• 🔊 Improve logging in Handlers by @ff137 in #3722
• TestDeleteTails testcase fixes and indexError fix by @ann-aot in #3727
• chore(deps): Bump github/codeql-action from 3.28.17 to 3.28.18 in the all-actions group by @dependabot in #3729
• 🎨 Fix codeblock typing in DIDResolution.md by @ff137 in #3730
• 🔊 Improve logging related to public DIDs and routing keys by @ff137 in #3719
• Cleanup markdown errors in docs/demo/readme by @swcurran in #3734
• Add websocket outbound debug log by @jamshale in #3736
• chore(deps-dev): Bump pydevd-pycharm from 251.25410.122 to 252.16512.37 by @dependabot in #3743
• chore(deps): Bump uuid-utils from 0.10.0 to 0.11.0 by @dependabot in #3742
• Remove unnecessary hash pinning by @jamshale in #3744
• Fix broken links in the aca-py.org site / documentation by @swcurran in #3745
• Tag and Recreate ACA-Py LTS Release by @pradeepp88 in #3735
• Cleaned up more broken links and updates some code permalinks by @swcurran in #3748
• Updates to links in the docs and code comments to URLs that have been redirected -- mostly from Hyperledger to OWF and DIF by @swcurran in #3750
• Update the ACA-Py Security, Code of Conduct, and Maintainers Documents by @swcurran in #3749
• Demo: Change mediation connection to out-of-band by @jamshale in #3751
• 1.3.1rc0 by @swcurran in #3752
• Remove header from http/ws responses by @jamshale in #3753
• chore(deps-dev): Bump pydevd-pycharm from 252.16512.37 to 252.18003.35 by @dependabot in #3758
• chore(deps-dev): Bump pytest-xdist from 3.6.1 to 3.7.0 by @dependabot in #3756
• Repair lts workflow by @jamshale in #3759
• chore(deps): Bump aiohttp from 3.11.18 to 3.12.6 by @dependabot in #3757
• Update webvh package version by @PatStLouis in #3763
• alice/faber demo supports Microsoft dev tunnels by @davidchaiken in #3755
• chore(deps): Bump the all-actions group with 3 updates by @dependabot in #3760
• ⚡ Skip upgrade check for status checks by @ff137 in #3761
• chore: Remove did:indy Stub by @TheTechmage in #3764
• 1.3.1rc1 by @swcurran in #3765
• chore(deps): Bump pytest from 8.3.4 to 8.4.0 in /scenarios by @dependabot in #3768
• chore(deps): Bump pytest from 8.3.4 to 8.4.0 in /demo/playground/examples by @dependabot in #3767
• chore(deps-dev): Bump pytest from 8.3.5 to 8.4.0 by @dependabot in #3766
• chore(deps): Bump github/codeql-action from 3.28.18 to 3.28.19 in the all-actions group by @dependabot in #3769
• Add multi key id binding (supersedes #3472) by @PatStLouis in #3762
• chore(deps): Bump the pip group across 3 directories with 1 update by @dependab...

0.12.7rc0

This patch release adds a GitHub Action to publish an LTS container image with the tag 0.12-lts when a final release is published from the ACA-Py 0.12.lts branch. This is a convenience for those who want to use the latest official LTS version of ACA-Py in their deployments, and is not intended to be used as a replacement for the latest "main branch" release of ACA-Py or when a specific release is required. The rc0 release candidate contains only the LTS release GitHub Actions change. We plan to cherry pick some additional PRs from the main branch for the final 0.12.7 release.

0.12.7 Breaking Changes

There are no breaking changes in this release.

What's Changed

• Add recreate lts workflow to 0.12.lts branch by @jamshale in #3771
• Don't run workflow for release candidates by @jamshale in #3796
• 0.12.7rc0 by @swcurran in #3794

Full Changelog: 0.12.6...0.12.7rc0

1.3.1rc1

ACA-Py 1.3.1 is a maintenance release that focuses on improving reliability, developer experience, and project documentation. It includes important fixes, updated links and metadata, and minor enhancements, particularly in support of long-term stability and governance clarity.

This release includes:

• Extensive updates to outdated or redirected links in documentation and code comments, moving references from Hyperledger to the OpenWallet Foundation and other current locations.
• Expanded options for running the ACA-Py demo, with support added for Microsoft Dev Tunnels and improved out-of-band connection flows.
• Updates to project governance documentation, including the Code of Conduct, Security Policy, and Maintainers Guide, aligned with the OpenWallet Foundation processes.
• Logging improvements for better observability, especially around public DID handling, routing keys, and outbound websocket messages.
• Demo enhancements, including migration to prompt_toolkit 3.x and fixes to markdown and code formatting issues.
• A fix ensuring webhook events for V2 credential and presentation exchange are correctly emitted after database persistence, preventing race conditions.
• Minor bug fixes and test coverage improvements, including regression test additions and index error handling.

This release also prepares for future long-term support (LTS) work, with internal updates to Docker tags, versioning, and CI metadata. No breaking changes are introduced. As always, routine Dependabot updates were also included to keep dependencies current and secure.

1.3.1 Deprecation Notices

In the next ACA-Py release, we will be dropping from the core ACA-Py repository the AIP 1.0 RFC 0037 Issue Credentials v1.0 and RFC 0037 Present Proof v1.0 DIDComm protocols. Each of the protocols will be moved to the ACA-Py Plugins repo. All ACA-Py implementers that use those protocols SHOULD update as soon as possible to the AIP 2.0 versions of those protocols (RFC 0453 Issue Credential v2.0 and RFC 0454 Present Proof v2.0, respectively). Once the protocols are removed from ACA-Py, anyone still using those protocols MUST adjust their configuration to load those protocols from the respective plugins.

1.3.1 Breaking Changes

There are no breaking changes in this release.

What's Changed

• 🐛 Fix v2 cred ex and pres ex webhook events to emit after db write by @ff137 in #3699
• chore(deps): Update qrcode[pil] requirement from ~=8.1 to ~=8.2 in /demo by @dependabot in #3707
• chore(deps): Bump qrcode from 8.1 to 8.2 by @dependabot in #3705
• chore(deps): Bump postgres from fe3f571 to 304ab81 in /demo/docker-test/db by @dependabot in #3704
• chore(deps): Bump python from e2c7fb0 to 0a886c1 in /scenarios by @dependabot in #3703
• Update images and tags to version 1.3.0 by @jamshale in #3708
• chore(deps): Bump github/codeql-action from 3.28.16 to 3.28.17 in the all-actions group by @dependabot in #3709
• 🎨 Add missing anoncreds field to V20CredExRecordDetail model by @ff137 in #3710
• Feat(demo): migrate to prompt_toolkit 3.x (Fixes #3681) by @andrepestana-aot in #3713
• chore(deps): Bump python from 0a886c1 to d188cfc in /scenarios by @dependabot in #3715
• chore(deps): Bump postgres from 304ab81 to 8648313 in /demo/docker-test/db by @dependabot in #3716
• chore(deps): Bump SonarSource/sonarqube-scan-action from 5.1.0 to 5.2.0 in the all-actions group by @dependabot in #3718
• ⬆️ Update lock file by @ff137 in #3720
• Regress test to check #2818 issue by @andrepestana-aot in #3721
• 🔊 Improve logging in Handlers by @ff137 in #3722
• TestDeleteTails testcase fixes and indexError fix by @ann-aot in #3727
• chore(deps): Bump github/codeql-action from 3.28.17 to 3.28.18 in the all-actions group by @dependabot in #3729
• 🎨 Fix codeblock typing in DIDResolution.md by @ff137 in #3730
• 🔊 Improve logging related to public DIDs and routing keys by @ff137 in #3719
• Cleanup markdown errors in docs/demo/readme by @swcurran in #3734
• Add websocket outbound debug log by @jamshale in #3736
• chore(deps-dev): Bump pydevd-pycharm from 251.25410.122 to 252.16512.37 by @dependabot in #3743
• chore(deps): Bump uuid-utils from 0.10.0 to 0.11.0 by @dependabot in #3742
• Remove unnecessary hash pinning by @jamshale in #3744
• Fix broken links in the aca-py.org site / documentation by @swcurran in #3745
• Tag and Recreate ACA-Py LTS Release by @pradeepp88 in #3735
• Cleaned up more broken links and updates some code permalinks by @swcurran in #3748
• Updates to links in the docs and code comments to URLs that have been redirected -- mostly from Hyperledger to OWF and DIF by @swcurran in #3750
• Update the ACA-Py Security, Code of Conduct, and Maintainers Documents by @swcurran in #3749
• Demo: Change mediation connection to out-of-band by @jamshale in #3751
• 1.3.1rc0 by @swcurran in #3752
• Remove header from http/ws responses by @jamshale in #3753
• chore(deps-dev): Bump pydevd-pycharm from 252.16512.37 to 252.18003.35 by @dependabot in #3758
• chore(deps-dev): Bump pytest-xdist from 3.6.1 to 3.7.0 by @dependabot in #3756
• Repair lts workflow by @jamshale in #3759
• chore(deps): Bump aiohttp from 3.11.18 to 3.12.6 by @dependabot in #3757
• Update webvh package version by @PatStLouis in #3763
• alice/faber demo supports Microsoft dev tunnels by @davidchaiken in #3755
• chore(deps): Bump the all-actions group with 3 updates by @dependabot in #3760
• ⚡ Skip upgrade check for status checks by @ff137 in #3761
• chore: Remove did:indy Stub by @TheTechmage in #3764
• 1.3.1rc1 by @swcurran in #3765

New Contributors

• @andrepestana-aot made their first contribution in #3713
• @ann-aot made their first contribution in #3727

Full Changelog: 1.3.0...1.3.1rc1

1.3.1rc0

ACA-Py 1.3.1 is a maintenance release that focuses on improving reliability, developer experience, and project documentation. It includes important fixes, updated links and metadata, and minor enhancements, particularly in support of long-term stability and governance clarity.

This release includes:

• Extensive updates to outdated or redirected links in documentation and code comments, moving references from Hyperledger to the OpenWallet Foundation and other current locations.
• Updates to project governance documentation, including the Code of Conduct, Security Policy, and Maintainers Guide, aligned with the OpenWallet Foundation processes.
• Logging improvements for better observability, especially around public DID handling, routing keys, and outbound websocket messages.
• Demo enhancements, including migration to prompt_toolkit 3.x and fixes to markdown and code formatting issues.
• A fix ensuring webhook events for V2 credential and presentation exchange are correctly emitted after database persistence, preventing race conditions.
• Minor bug fixes and test coverage improvements, including regression test additions and index error handling.

This release also prepares for future long-term support (LTS) work, with internal updates to Docker tags, versioning, and CI metadata. No breaking changes are introduced. As always, routine Dependabot updates were also included to keep dependencies current and secure.

1.3.1 Deprecation Notices

In the next ACA-Py release, we will be dropping from the core ACA-Py repository the AIP 1.0 RFC 0037 Issue Credentials v1.0 and RFC 0037 Present Proof v1.0 DIDComm protocols. Each of the protocols will be moved to the ACA-Py Plugins repo. All ACA-Py implementers that use those protocols SHOULD update as soon as possible to the AIP 2.0 versions of those protocols (RFC 0453 Issue Credential v2.0 and RFC 0454 Present Proof v2.0, respectively). Once the protocols are removed from ACA-Py, anyone still using those protocols MUST adjust their configuration to load those protocols from the respective plugins.

1.3.1 Breaking Changes

There are no breaking changes in this release.

What's Changed

• 🐛 Fix v2 cred ex and pres ex webhook events to emit after db write by @ff137 in #3699
• chore(deps): Update qrcode[pil] requirement from ~=8.1 to ~=8.2 in /demo by @dependabot in #3707
• chore(deps): Bump qrcode from 8.1 to 8.2 by @dependabot in #3705
• chore(deps): Bump postgres from fe3f571 to 304ab81 in /demo/docker-test/db by @dependabot in #3704
• chore(deps): Bump python from e2c7fb0 to 0a886c1 in /scenarios by @dependabot in #3703
• Update images and tags to version 1.3.0 by @jamshale in #3708
• chore(deps): Bump github/codeql-action from 3.28.16 to 3.28.17 in the all-actions group by @dependabot in #3709
• 🎨 Add missing anoncreds field to V20CredExRecordDetail model by @ff137 in #3710
• Feat(demo): migrate to prompt_toolkit 3.x (Fixes #3681) by @andrepestana-aot in #3713
• chore(deps): Bump python from 0a886c1 to d188cfc in /scenarios by @dependabot in #3715
• chore(deps): Bump postgres from 304ab81 to 8648313 in /demo/docker-test/db by @dependabot in #3716
• chore(deps): Bump SonarSource/sonarqube-scan-action from 5.1.0 to 5.2.0 in the all-actions group by @dependabot in #3718
• ⬆️ Update lock file by @ff137 in #3720
• Regress test to check #2818 issue by @andrepestana-aot in #3721
• 🔊 Improve logging in Handlers by @ff137 in #3722
• TestDeleteTails testcase fixes and indexError fix by @ann-aot in #3727
• chore(deps): Bump github/codeql-action from 3.28.17 to 3.28.18 in the all-actions group by @dependabot in #3729
• 🎨 Fix codeblock typing in DIDResolution.md by @ff137 in #3730
• 🔊 Improve logging related to public DIDs and routing keys by @ff137 in #3719
• Cleanup markdown errors in docs/demo/readme by @swcurran in #3734
• Add websocket outbound debug log by @jamshale in #3736
• chore(deps-dev): Bump pydevd-pycharm from 251.25410.122 to 252.16512.37 by @dependabot in #3743
• chore(deps): Bump uuid-utils from 0.10.0 to 0.11.0 by @dependabot in #3742
• Remove unnecessary hash pinning by @jamshale in #3744
• Fix broken links in the aca-py.org site / documentation by @swcurran in #3745
• Tag and Recreate ACA-Py LTS Release by @pradeepp88 in #3735
• Cleaned up more broken links and updates some code permalinks by @swcurran in #3748
• Updates to links in the docs and code comments to URLs that have been redirected -- mostly from Hyperledger to OWF and DIF by @swcurran in #3750
• Update the ACA-Py Security, Code of Conduct, and Maintainers Documents by @swcurran in #3749
• Demo: Change mediation connection to out-of-band by @jamshale in #3751
• 1.3.1rc0 by @swcurran in #3752

New Contributors

• @andrepestana-aot made their first contribution in #3713
• @ann-aot made their first contribution in #3727

Full Changelog: 1.3.0...1.3.1rc0

1.3.0

ACA-Py 1.3.0 introduces significant improvements across wallet types, AnonCreds support, multi-tenancy, DIDComm interoperability, developer experience, and software supply chain management. This release strengthens stability, modernizes protocol support, and delivers important updates for AnonCreds credential handling. A small number of breaking changes are included and are detailed below.

Updates were made to to the askar-anoncreds wallet type (Askar plus the latest AnonCreds Rust library), addressing issues with multi-ledger configurations, multitenant deployments, and credential handling across different wallet types. Wallet profile management was strengthened by enforcing unique names to avoid conflicts in multitenant environments.

AnonCreds handling saw extensive refinements, including fixes to credential issuance, revocation management, and proof presentation workflows. The release also introduces support for did:indy Transaction Version 2 and brings better alignment between the ledger API responses and the expected schemas. Several API documentation updates and improvements to type hints further enhance the developer experience when working with AnonCreds features.

Support for multi-tenancy continues to mature, with fixes that better isolate tenant wallets from the base wallet and improved connection reuse across tenants.

Logging across ACA-Py has been significantly improved to deliver clearer, more actionable logs, while error handling was enhanced to provide better diagnostics for validation failures and resolver setup issues.

Work toward broader interoperability continued, with the introduction of support for the Verifiable Credentials Data Model (VCDM) 2.0, as well as enhancements to DIDDoc handling, including support for BLS12381G2 key types. A new DIDComm route for fetching existing invitations was added, and a number of minor protocol-level improvements were made to strengthen reliability.

The release also includes many improvements for developers, including a new ACA-Py Helm Chart to simplify Kubernetes deployments, updated tutorials, and more updates to demos (such as AliceGetsAPhone). Dependency upgrades across the project further solidify the platform for long-term use.

Significant work was also done in this release to improve the security and integrity of ACA-Py's software supply chain. Updates to the CI/CD pipelines hardened GitHub Actions workflows, introduced pinned dependencies and digests for builds, optimized Dockerfile construction, and improved dependency management practices. These changes directly contribute to a stronger security posture and have improved ACA-Py's OpenSSF Scorecard evaluation, ensuring higher levels of trust and verifiability for those deploying ACA-Py in production environments.

1.3.0 Deprecation Notices

• In the next ACA-Py release, we will be dropping from the core ACA-Py repository the AIP 1.0 RFC 0037 Issue Credentials v1.0 and RFC 0037 Present Proof v1.0 DIDComm protocols. Each of the protocols will be moved to the ACA-Py Plugins repo. All ACA-Py implementers that use those protocols SHOULD update as soon as possible to the AIP 2.0 versions of those protocols (RFC 0453 Issue Credential v2.0 and RFC 0454 Present Proof v2.0, respectively). Once the protocols are removed from ACA-Py, anyone still using those protocols MUST adjust their configuration to load those protocols from the respective plugins.

1.3.0 Breaking Changes

This release includes a small number of breaking changes:

• The DIDComm RFC 0160 Connections protocol is removed, in favour of the newer, more complete RFC 0434 Out of Band and RFC 0023 DID Exchange. Those still requiring RFC 0160 Connections protocol support must update their startup parameters to include the Connections Protocol Plugin. See the documentation for details, but once the ACA-Py instance startup options are extended to include the Connections protocol plugin, Controllers using the Connections protocol should continue to work as they had been. That said, we highly recommend implementers seeking interoperability move to the RFC 0434 Out of Band and RFC 0023 DID Exchange Protocols as soon as possible.
• Schema objects related to did:indy operations have been renamed to improve clarity and consistency. Clients interacting with did:indy endpoints should review and adjust any schema validations or mappings in their applications.

1.3.0 ACA-Py Controller API Changes

• did:indy support added, including a new POST /did/indy/create endpoint.
• Routes that support pagination (such as endpoints for fetching connections or credential/presentation exchange records), now include descending as an optional query parameter and have deprecated the count and start query parameters in favor of the more standard limit and offset parameters.
• validFrom and validUntil added to the Credential and VerifiableCredential objects.
• For consistency (and developer sanity), all Anoncreds references in the ACA-Py codebase have been changed to the more common AnonCreds (see PR #3573). Controller references may have to be updated to reflect the update.

Specifics of the majority of the changes can be found by looking at the diffs for the swagger.json and openapi.json files that are part of the 1.3.0 Release Pull Request. Later pull requests might introduce some additional changes.

What's Changed

• BREAKING: remove connection protocol by @dbluhm in #3184
• ⬆️ Upgrade dependencies by @ff137 in #3455
• Restore connection route tests by @dbluhm in #3461
• chore(deps): Bump sphinx-notfound-page from 1.0.2 to 1.0.4 in /docs by @dependabot in #3464
• chore(deps-dev): Bump ruff from 0.9.2 to 0.9.3 by @dependabot in #3467
• Update dockerfile image after release by @jamshale in #3469
• fix: ensure profile names are unique by @dbluhm in #3470
• Upgrade askar and did_webvh by @jamshale in #3474
• chore(deps): Bump dawidd6/action-download-artifact from 7 to 8 in the all-actions group by @dependabot in #3473
• ✨ Add ordering options to askar scan and fetch_all methods by @ff137 in #3173
• 🎨 Deprecate count/start query params and implement limit/offset by @ff137 in #3208
• Update aries-askar / Generate poetry.lock with poetry 2.0 by @jamshale in #3478
• Anoncreds Issuance - Extra options. by @jamshale in #3483
• Fixing BaseAnonCredsResolver get_revocation_list abstract method by @thiagoromanos in #3484
• feat: add did management design doc by @dbluhm in #3375
• chore(deps): Bump mkdocs-material from 9.5.50 to 9.6.1 by @dependabot in #3486
• chore(deps): Bump sphinx-notfound-page from 1.0.4 to 1.1.0 by @dependabot in #3487
• chore(deps-dev): Bump pytest-asyncio from 0.25.2 to 0.25.3 by @dependabot in #3488
• chore(deps-dev): Bump pydevd from 3.2.3 to 3.3.0 by @dependabot in #3489
• chore(deps-dev): Bump pydevd-pycharm from 251.17181.23 to 251.18673.39 by @dependabot in #3490
• fix typo in error message of indy credential offer by @zoblazo in #3485
• Fix Class import for AnonCreds Registry routes by @PatStLouis in #3495
• Upgrade to bookworm by @jamshale in #3498
• chore(deps): Bump mkdocs-material from 9.6.1 to 9.6.3 by @dependabot in #3504
• Groupe...

1.3.0rc2

ACA-Py 1.3.0 introduces significant improvements across wallet types, AnonCreds support, multi-tenancy, DIDComm interoperability, developer experience, and software supply chain management. This release strengthens stability, modernizes protocol support, and delivers important updates for AnonCreds credential handling. A small number of breaking changes are included and are detailed below.

Updates were made to to the askar-anoncreds wallet type (Askar plus the latest AnonCreds Rust library), addressing issues with multi-ledger configurations, multitenant deployments, and credential handling across different wallet types. Wallet profile management was strengthened by enforcing unique names to avoid conflicts in multitenant environments.

AnonCreds handling saw extensive refinements, including fixes to credential issuance, revocation management, and proof presentation workflows. The release also introduces support for did:indy Transaction Version 2 and brings better alignment between the ledger API responses and the expected schemas. Several API documentation updates and improvements to type hints further enhance the developer experience when working with AnonCreds features.

Support for multi-tenancy continues to mature, with fixes that better isolate tenant wallets from the base wallet and improved connection reuse across tenants.

Logging across ACA-Py has been significantly improved to deliver clearer, more actionable logs, while error handling was enhanced to provide better diagnostics for validation failures and resolver setup issues.

Work toward broader interoperability continued, with the introduction of support for the Verifiable Credentials Data Model (VCDM) 2.0, as well as enhancements to DIDDoc handling, including support for BLS12381G2 key types. A new DIDComm route for fetching existing invitations was added, and a number of minor protocol-level improvements were made to strengthen reliability.

The release also includes many improvements for developers, including a new ACA-Py Helm Chart to simplify Kubernetes deployments, updated tutorials, and more updates to demos (such as AliceGetsAPhone). Dependency upgrades across the project further solidify the platform for long-term use.

Significant work was also done in this release to improve the security and integrity of ACA-Py's software supply chain. Updates to the CI/CD pipelines hardened GitHub Actions workflows, introduced pinned dependencies and digests for builds, optimized Dockerfile construction, and improved dependency management practices. These changes directly contribute to a stronger security posture and have improved ACA-Py's OpenSSF Scorecard evaluation, ensuring higher levels of trust and verifiability for those deploying ACA-Py in production environments.

1.3.0 Deprecation Notices

• In the next ACA-Py release, we will be dropping from the core ACA-Py repository the AIP 1.0 RFC 0037 Issue Credentials v1.0 and RFC 0037 Present Proof v1.0 DIDComm protocols. Each of the protocols will be moved to the ACA-Py Plugins repo. All ACA-Py implementers that use those protocols SHOULD update as soon as possible to the AIP 2.0 versions of those protocols (RFC 0453 Issue Credential v2.0 and RFC 0454 Present Proof v2.0, respectively). Once the protocols are removed from ACA-Py, anyone still using those protocols MUST adjust their configuration to load those protocols from the respective plugins.

1.3.0 Breaking Changes

This release includes a small number of breaking changes:

• The DIDComm RFC 0160 Connections protocol is removed, in favour of the newer, more complete RFC 0434 Out of Band and RFC 0023 DID Exchange. Those still requiring RFC 0160 Connections protocol support must update their startup parameters to include the Connections Protocol Plugin. See the documentation for details, but once the ACA-Py instance startup options are extended to include the Connections protocol plugin, Controllers using the Connections protocol should continue to work as they had been. That said, we highly recommend implementers seeking interoperability move to the RFC 0434 Out of Band and RFC 0023 DID Exchange Protocols as soon as possible.
• Schema objects related to did:indy operations have been renamed to improve clarity and consistency. Clients interacting with did:indy endpoints should review and adjust any schema validations or mappings in their applications.

1.3.0 ACA-Py Controller API Changes

• did:indy support added, including a new POST /did/indy/create endpoint.
• Routes that support pagination (such as endpoints for fetching connections or credential/presentation exchange records), now include descending as an optional query parameter and have deprecated the count and start query parameters in favor of the more standard limit and offset parameters.
• validFrom and validUntil added to the Credential and VerifiableCredential objects.
• For consistency (and developer sanity), all Anoncreds references in the ACA-Py codebase have been changed to the more common AnonCreds (see PR #3573). Controller references may have to be updated to reflect the update.

Specifics of the majority of the changes can be found by looking at the diffs for the swagger.json and openapi.json files that are part of the 1.3.0 Release Pull Request. Later pull requests might introduce some additional changes.

What's Changed

• Devcointainer and docs update by @esune in #3629
• chore(deps-dev): Bump pytest-cov from 6.0.0 to 6.1.1 by @dependabot in #3631
• chore(deps): Bump tj-actions/changed-files from 46.0.3 to 46.0.4 in the all-actions group by @dependabot in #3635
• ⬆️ Weekly dependency updates by @ff137 in #3634
• chore(deps): Update qrcode[pil] requirement from ~=8.0 to ~=8.1 by @dependabot in #3632
• AliceGetsAPhone demo works in local docker environment by @davidchaiken in #3623
• Use current version of aca-py in devcontainer by @esune in #3638
• ✨ Don't shutdown on ledger error by @ff137 in #3636
• ✨ Improve logging in core components by @ff137 in #3332
• 🐛 Fix publishing all pending AnonCreds revocations by @ff137 in #3626
• Add BLS12381G2 keys to multikey manager by @gmulhearn in #3640
• 🎨 Rename Anoncreds to AnonCreds by @ff137 in #3573
• 🎨 Replace print statements in Banner with info log by @ff137 in #3643
• chore(deps): Bump tj-actions/changed-files from 46.0.4 to 46.0.5 in the all-actions group by @dependabot in #3648
• 👷 Fix Docker Caching by @rblaine95 in #3653
• 👷 Split Docker Builds by @rblaine95 in #3654
• 🐛 Fix public did no longer being correctly configured by @ff137 in #3646
• 👷 🧑‍💻 Optimize Docker build to reduce cache invalidation by @rblaine95 in #3655
• 🎨 Fix swagger tag names for AnonCreds endpoints by @ff137 in #3661
• 🧪 Fix test warnings by @ff137 in #3656
• 🎨 Add type hints to anoncreds module by @ff137 in #3652
• 🎨 Add type hints to messaging/jsonld by @ff137 in #3650
• chore(deps): Bump markdown from 3.7 to 3.8 by @dependabot in #3644
• 🎨 Make ledger config more readable by @ff137 in #3664
• (fix) VM resolution strategy correction for e...