1.3.0rc1

Release 1.3.0 is a significant release that adds many updates, fixes and an important breaking change (starting to remove support for AIP 1.0 from ACA-Py) from the 1.2.LTS branch of ACA-Py. The full list of changes are in in the categorized list of pull requests for the release. As always, ACA-Py remains fully up to date with its dependencies. Fixes and improvements focused around the latest wallet type (askar-anoncreds), AnonCreds processing in general, and AnonCreds revocation in particular. New to this release is a ACA-Py Helm Chart that can be used in deploying ACA-Py.

1.3.0 Deprecation Notices

• In the next ACA-Py release, we will be dropping from the core ACA-Py repository the AIP 1.0 RFC 0037 Issue Credentials v1.0 and RFC 0037 Present Proof v1.0 DIDComm protocols. Each of the protocols will be moved to the ACA-Py Plugins repo. All ACA-Py implementers that use those protocols SHOULD update as soon as possible to the AIP 2.0 versions of those protocols (RFC 0453 Issue Credential v2.0 and RFC 0454 Present Proof v2.0, respectively). Once the protocols are removed from ACA-Py, anyone still using those protocols MUST adjust their configuration to load those protocols from the respective plugins.

1.3.0 Breaking Changes

In this release, the DiDComm RFC 0160 Connections is removed, in favour of the newer, more complete RFC 0434 Out of Band and RFC 0023 DID Exchange. Those still requiring RFC 0160 Connections protocol support must update their startup parameters to include the Connections Protocol Plugin. See the documentation for details, but once the ACA-Py instance startup options are extended to include the Connections protocol plugin, Controllers using the Connections protocol should continue to work as they had been. That said, we highly recommend implementers move to the RFC 0434 Out of Band and RFC 0023 DID Exchange Protocols as soon as possible.

1.3.0 ACA-Py Controller API Changes:

• Added: did:indy support, including a new POST /did/indy/create endpoint
• Routes that support pagination (such as endpoints for fetching connections or credential/presentation exchange records), now include descending as an optional query parameter.
• validFrom and validUntil added to the Credential and VerifiableCredential objects

Specifics of the majority of the can be found by looking at the diffs for the swagger.json and openapi.json files that are part of the 1.3.0.rc Release Pull Request. Later pull requests might introduce some additional changes.

What's Changed

• BREAKING: remove connection protocol by @dbluhm in #3184
• ⬆️ Upgrade dependencies by @ff137 in #3455
• Restore connection route tests by @dbluhm in #3461
• chore(deps): Bump sphinx-notfound-page from 1.0.2 to 1.0.4 in /docs by @dependabot in #3464
• chore(deps-dev): Bump ruff from 0.9.2 to 0.9.3 by @dependabot in #3467
• Update dockerfile image after release by @jamshale in #3469
• fix: ensure profile names are unique by @dbluhm in #3470
• Upgrade askar and did_webvh by @jamshale in #3474
• chore(deps): Bump dawidd6/action-download-artifact from 7 to 8 in the all-actions group by @dependabot in #3473
• ✨ Add ordering options to askar scan and fetch_all methods by @ff137 in #3173
• 🎨 Deprecate count/start query params and implement limit/offset by @ff137 in #3208
• Update aries-askar / Generate poetry.lock with poetry 2.0 by @jamshale in #3478
• Anoncreds Issuance - Extra options. by @jamshale in #3483
• Fixing BaseAnonCredsResolver get_revocation_list abstract method by @thiagoromanos in #3484
• feat: add did management design doc by @dbluhm in #3375
• chore(deps): Bump mkdocs-material from 9.5.50 to 9.6.1 by @dependabot in #3486
• chore(deps): Bump sphinx-notfound-page from 1.0.4 to 1.1.0 by @dependabot in #3487
• chore(deps-dev): Bump pytest-asyncio from 0.25.2 to 0.25.3 by @dependabot in #3488
• chore(deps-dev): Bump pydevd from 3.2.3 to 3.3.0 by @dependabot in #3489
• chore(deps-dev): Bump pydevd-pycharm from 251.17181.23 to 251.18673.39 by @dependabot in #3490
• fix typo in error message of indy credential offer by @zoblazo in #3485
• Fix Class import for AnonCreds Registry routes by @PatStLouis in #3495
• Upgrade to bookworm by @jamshale in #3498
• chore(deps): Bump mkdocs-material from 9.6.1 to 9.6.3 by @dependabot in #3504
• Grouped upgrades - Week 7, 2025 by @jamshale in #3508
• Catch and log universal resolver setup error by @jamshale in #3511
• Allow schema id to be used during anoncreds issuance by @jamshale in #3497
• ➕ Re-add git to Dockerfile by @ff137 in #3515
• 🎨 Include the validation error in Unprocessable Entity reason by @ff137 in #3517
• 👷 Dependabot: don't ignore major releases by @ff137 in #3521
• ⚡ Remove --cov from pytest.ini_options by @ff137 in #3522
• ✅ Fix demo playground example tests by @ff137 in #3531
• ⬆️ Upgrade sphinx versions in docs by @ff137 in #3530
• Create ReuseConnection.md by @MonolithicMonk in #3534
• Add reuse document to MkDocs YML to add to doc site by @swcurran in #3535
• chore(deps): Bump pytest-asyncio from 0.23.8 to 0.25.3 in /demo/playground/examples by @dependabot in #3533
• Add did:indy transaction version 2 support by @jamshale in #3253
• chore(deps): Bump prompt-toolkit from 2.0.10 to 3.0.50 by @dependabot in #3526
• chore(deps): Update sphinx requirement from ~=8.1.3 to ~=8.2.1 by @dependabot in #3539
• chore(deps): Bump ossf/scorecard-action from 2.4.0 to 2.4.1 in the all-actions group by @dependabot in #3541
• Add vcdm 2.0 model and context by @PatStLouis in #3436
• Remove base wallet type must be new wallet type restriction by @jamshale in #3542
• fix: connection reuse with multi-tenancy by @dbluhm in #3543
• fix: tenant access to endpoints leading to access the base wallet by @thiagoromanos in #3545
• ⬆️ Upgrade poetry to 2.1 by @ff137 in #3538
• 🐛 Fix: allow multitenant askar-anoncreds wallets to present indy credentials by @ff137 in #3549
• 🐛 Fix: allow anoncreds wallet to delete indy credentials by @ff137 in #3551
• Fix prompt for alice/faber demo by @ianco in #3553
• Fix revocation accum sync when endorsement txn fails by @jamshale in https://github.com/openwallet-foundati...

1.3.0rc0

Release 1.3.0 is a significant release that adds many updates, fixes and an important breaking change (starting to remove support for AIP 1.0 from ACA-Py) from the 1.2.LTS branch of ACA-Py. The full list of changes are in in the categorized list of pull requests for the release. As always, ACA-Py remains fully up to date with its dependencies. Fixes and improvements focused around the latest wallet type (askar-anoncreds), AnonCreds processing in general, and AnonCreds revocation in particular.

1.3.0 Deprecation Notices

• In the next ACA-Py release, we will be dropping from the core ACA-Py repository the AIP 1.0 RFC 0037 Issue Credentials v1.0 and RFC 0037 Present Proof v1.0 DIDComm protocols. Each of the protocols will be moved to the ACA-Py Plugins repo. All ACA-Py implementers that use those protocols SHOULD update as soon as possible to the AIP 2.0 versions of those protocols (RFC 0453 Issue Credential v2.0 and RFC 0454 Present Proof v2.0, respectively). Once the protocols are removed from ACA-Py, anyone still using those protocols MUST adjust their configuration to load those protocols from the respective plugins.

1.3.0 Breaking Changes

In this release, the DiDComm RFC 0160 Connections is removed, in favour of the newer, more complete RFC 0434 Out of Band and RFC 0023 DID Exchange. Those still requiring RFC 0160 Connections protocol support must update their startup parameters to include the Connections Protocol Plugin. See the documentation for details, but once the ACA-Py instance startup options are extended to include the Connections protocol plugin, Controllers using the Connections protocol should continue to work as they had been. That said, we highly recommend implementers move to the RFC 0434 Out of Band and RFC 0023 DID Exchange Protocols as soon as possible.

1.3.0 ACA-Py Controller API Changes:

• Added: did:indy support, including a new POST /did/indy/create endpoint
• Routes that support pagination (such as endpoints for fetching connections or credential/presentation exchange records), now include descending as an optional query parameter.
• validFrom and validUntil added to the Credential and VerifiableCredential objects

Specifics of the majority of the API changes can be found by looking at the diffs for the swagger.json and openapi.json files that are part of the 1.3.0.rc Release Pull Request. Later pull requests might introduce some additional changes.

What's Changed

• BREAKING: remove connection protocol by @dbluhm in #3184
• ⬆️ Upgrade dependencies by @ff137 in #3455
• Restore connection route tests by @dbluhm in #3461
• chore(deps): Bump sphinx-notfound-page from 1.0.2 to 1.0.4 in /docs by @dependabot in #3464
• chore(deps-dev): Bump ruff from 0.9.2 to 0.9.3 by @dependabot in #3467
• Update dockerfile image after release by @jamshale in #3469
• fix: ensure profile names are unique by @dbluhm in #3470
• Upgrade askar and did_webvh by @jamshale in #3474
• chore(deps): Bump dawidd6/action-download-artifact from 7 to 8 in the all-actions group by @dependabot in #3473
• ✨ Add ordering options to askar scan and fetch_all methods by @ff137 in #3173
• 🎨 Deprecate count/start query params and implement limit/offset by @ff137 in #3208
• Update aries-askar / Generate poetry.lock with poetry 2.0 by @jamshale in #3478
• Anoncreds Issuance - Extra options. by @jamshale in #3483
• Fixing BaseAnonCredsResolver get_revocation_list abstract method by @thiagoromanos in #3484
• feat: add did management design doc by @dbluhm in #3375
• chore(deps): Bump mkdocs-material from 9.5.50 to 9.6.1 by @dependabot in #3486
• chore(deps): Bump sphinx-notfound-page from 1.0.4 to 1.1.0 by @dependabot in #3487
• chore(deps-dev): Bump pytest-asyncio from 0.25.2 to 0.25.3 by @dependabot in #3488
• chore(deps-dev): Bump pydevd from 3.2.3 to 3.3.0 by @dependabot in #3489
• chore(deps-dev): Bump pydevd-pycharm from 251.17181.23 to 251.18673.39 by @dependabot in #3490
• fix typo in error message of indy credential offer by @zoblazo in #3485
• Fix Class import for AnonCreds Registry routes by @PatStLouis in #3495
• Upgrade to bookworm by @jamshale in #3498
• chore(deps): Bump mkdocs-material from 9.6.1 to 9.6.3 by @dependabot in #3504
• Grouped upgrades - Week 7, 2025 by @jamshale in #3508
• Catch and log universal resolver setup error by @jamshale in #3511
• Allow schema id to be used during anoncreds issuance by @jamshale in #3497
• ➕ Re-add git to Dockerfile by @ff137 in #3515
• 🎨 Include the validation error in Unprocessable Entity reason by @ff137 in #3517
• 👷 Dependabot: don't ignore major releases by @ff137 in #3521
• ⚡ Remove --cov from pytest.ini_options by @ff137 in #3522
• ✅ Fix demo playground example tests by @ff137 in #3531
• ⬆️ Upgrade sphinx versions in docs by @ff137 in #3530
• Create ReuseConnection.md by @MonolithicMonk in #3534
• Add reuse document to MkDocs YML to add to doc site by @swcurran in #3535
• chore(deps): Bump pytest-asyncio from 0.23.8 to 0.25.3 in /demo/playground/examples by @dependabot in #3533
• Add did:indy transaction version 2 support by @jamshale in #3253
• chore(deps): Bump prompt-toolkit from 2.0.10 to 3.0.50 by @dependabot in #3526
• chore(deps): Update sphinx requirement from ~=8.1.3 to ~=8.2.1 by @dependabot in #3539
• chore(deps): Bump ossf/scorecard-action from 2.4.0 to 2.4.1 in the all-actions group by @dependabot in #3541
• Add vcdm 2.0 model and context by @PatStLouis in #3436
• Remove base wallet type must be new wallet type restriction by @jamshale in #3542
• fix: connection reuse with multi-tenancy by @dbluhm in #3543
• fix: tenant access to endpoints leading to access the base wallet by @thiagoromanos in #3545
• ⬆️ Upgrade poetry to 2.1 by @ff137 in #3538
• 🐛 Fix: allow multitenant askar-anoncreds wallets to present indy credentials by @ff137 in #3549
• 🐛 Fix: allow anoncreds wallet to delete indy credentials by @ff137 in #3551
• Fix prompt for alice/faber demo by @ianco in #3553
• Fix revocation accum sync when endorsement txn fails by @jamshale in #3547
• chore(deps): Bump dawidd6/action-download-artifac...

1.2.4

This patch release addresses three bugs backported from the main branch:

• Fixes a problem in the handling of connection reuse in multitenancy environments. This is a backport of the PR fix: connection reuse with multi-tenancy #3543. This fixes the issue when using multi-tenancy, calls to POST /out-of-band/receive-invitation?use_existing_connection=true failing with a record not found error, despite connection reuse actually being completed in the background.
• Fixes a problem when using acapy with multitenant enabled and admin-insecure-mode. Without this fix, tenant endpoints (like [GET] /wallet/did for example) could be accessed without a bearer token. For details see: fix: tenant access to endpoints leading to access the base wallet #3545.
• Fixes the AnonCreds holder revocation list endpoint which was erroneously using the to timestamp for the from, preventing the creation of valid non-revocation proofs. For details, see: Repair anoncreds holder revocation list request

1.2.4 Deprecation Notices

The same deprecation notices from the 1.1.0 release about AIP 1.0 protocols still apply. The protocols remain in this 1.2.4 release, but the Connections Protocol has been removed from the ACA-Py main branch, and is available as a plugin. The Issue Credential v1 and Present Proof v1 protocols will soon be changed similarly. Please review these notifications carefully!

1.2.4 Breaking Changes

There are no breaking changes in this release.

What's Changed

• fix: cherry-pick fixes from main to 1.2.lts by @thiagoromanos in #3577
• 1.2.LTS Repair anoncreds holder revocation list request by @jamshale in #3580
• 1.2.4 by @swcurran in #3582

Full Changelog: 1.2.3...1.2.4

0.12.6

This patch release addresses a bug in the handling connection reuse in multitenancy environments. This is a backport of the PR fix: connection reuse with multi-tenancy #3543. This fixes the issue when using multi-tenancy, calls to POST /out-of-band/receive-invitation?use_existing_connection=true failing with a record not found error, despite connection reuse actually being completed in the background.

0.12.6 Breaking Changes

There are no breaking changes in this release.

What's Changed

• fix: cherry-pick fixes from main to 0.12.lts by @thiagoromanos in #3578
• 0.12.6 by @swcurran in #3583

Full Changelog: 0.12.5...0.12.6

1.2.3

This patch release addresses a bug in the publishing of AnonCreds revocation entries that caused the ledger and issuer wallet to become out of sync. As a result, revoked credentials were not being correctly flagged as revoked when presented. Previously, this issue was mitigated by an automatic “sync-revocation” process, which generally resolved the problem. However, we recently identified scenarios where the presence of an Indy Endorser in the revocation publication flow caused the “sync-revocation” process to fail silently.

This patch resolves that issue. Once applied, if a revocation batch results in an out-of-sync state, the “sync-revocation” process will automatically run to correct it.

For more details, see Issue 3546.

1.2.3 Deprecation Notices

The same deprecation notices from the 1.1.0 release about AIP 1.0 protocols still apply. The protocols remain in this 1.2.3 release, but the Connections Protocol has been removed from the ACA-Py main branch, and is available as a plugin. The Issue Credential v1 and Present Proof v1 protocols will soon be changed similarly. Please review these notifications carefully!

1.2.3 Breaking Changes

There are no breaking changes in this release.

What's Changed

• 1.2.LTS Fix revocation accum sync when endorsement txn fails (#3547) by @jamshale in #3555
• 1.2.3 by @swcurran in #3559

Full Changelog: 1.2.2...1.2.3

0.12.5

This patch release addresses a bug in the publishing of AnonCreds revocation entries that caused the ledger and issuer wallet to become out of sync. As a result, revoked credentials were not being correctly flagged as revoked when presented. Previously, this issue was mitigated by an automatic “sync-revocation” process, which generally resolved the problem. However, we recently identified scenarios where the presence of an Indy Endorser in the revocation publication flow caused the “sync-revocation” process to fail silently.

This patch resolves that issue. Once applied, if a revocation batch results in an out-of-sync state, the “sync-revocation” process will automatically run to correct it.

For more details, see Issue 3546.

0.12.5 Breaking Changes

There are no breaking changes in this release.

What's Changed

• 0.12.lts Fix revocation accum sync when endorsement txn fails (#3547) by @jamshale in #3554
• 0.12.lts Patch the fix_ledger_entry improvements by @jamshale in #3558
• 0.12.5 by @swcurran in #3560

Full Changelog: 0.12.4...0.12.5

1.2.2

A patch release to upgrade Askar to 0.4.3 and fixes a problem with wallet names in a multitenant, single-wallet configuration.

Addresses the problem outlined in #3471 around profiles in multi-tenant/single wallet deployments. The update to Askar addresses an intermittent hang on startup, and a dependency change that can result in a substantial performance improvement in some cases. See issues: openwallet-foundation/askar#350, openwallet-foundation/askar#351, openwallet-foundation/askar#354. This comment on one of the PRs describes the scenario where a substantial performance improvement was seen as a result of the change in Askar.

1.2.2 Deprecation Notices

The same deprecation notices from the 1.1.0 release about AIP 1.0 protocols still apply. The protocols remain in the 1.2.2 release, but will be moved out of the core and into plugins soon. Please review these notifications carefully!

1.2.2 Breaking Changes

There are no breaking changes in this release.

What's Changed

• 1.2 LTS: Askar upgrade and fix profile unique names by @jamshale in #3477
• 1.2.2 by @swcurran in #3482

Full Changelog: 1.2.1...1.2.2

0.12.4

A patch release to upgrade Askar to 0.4.3 and fixes a problem with wallet names in a multitenant, single-wallet configuration.

Addresses the problem outlined in #3471 around profiles in multi-tenant/single wallet deployments. The update to Askar addresses an intermittent hang on startup, and a dependency change that can result in a substantial performance improvement in some cases. See issues: openwallet-foundation/askar#350, openwallet-foundation/askar#351, openwallet-foundation/askar#354. This comment on one of the PRs describes the scenario where a substantial performance improvement was seen as a result of the change in Askar.

0.12.4 Breaking Changes

There are no breaking changes in this release.

What's Changed

• 0.12 LTS: Askar upgrade and fix profile unique names by @jamshale in #3475
• 0.12.4 by @swcurran in #3481

Full Changelog: 0.12.3...0.12.4

1.2.1

Release 1.2.1 is a patch to fix a couple of issues introduced in Release 1.2.0 that prevent the startup of multi-tenant/single database instances of ACA-Py. The release includes the fixes, plus a new test for testing ACA-Py upgrades -- a new test type introduced in Release 1.2.0. Given that there are no breaking changes in this release, we'll move the 1.2.lts branch to be based on this release.

Enhancements in Release 1.2.1 are the addition of support for the Linked Data proof cryptosuite EcdsaSecp256r1Signature2019, and support for P256 keys generally and in did:key form.

1.2.1 Deprecation Notices

The same deprecation notices from the 1.1.0 release about AIP 1.0 protocols still apply. The protocols remain in the 1.2.1 release, but will be moved out of the core and into plugins soon. Please review these notifications carefully!

1.2.1 Breaking Changes

There are no breaking changes in this release, just fixes, new tests and minor updates.

What's Changed

• Add some more functionality and checks to the restart/upgrade test by @ianco in #3431
• Follow up from Release 1.2.0 -- including LTS change by @swcurran in #3432
• Change did:tdw resolver naming to did:webvh by @jamshale in #3429
• chore(deps-dev): Bump pytest-asyncio from 0.25.1 to 0.25.2 by @dependabot in #3437
• chore(deps): Bump marshmallow from 3.23.3 to 3.25.1 by @dependabot in #3438
• chore(deps-dev): Bump ruff from 0.8.6 to 0.9.1 by @dependabot in #3439
• chore(deps): Bump pygments from 2.18.0 to 2.19.1 by @dependabot in #3440
• Only copy agent code in dockerfiles by @jamshale in #3393
• Support P256 keys & did:keys by @gmulhearn in #3442
• ♻️ Sync ruff version in workflows by @ff137 in #3447
• Fixed handling of base wallet routes in auth decorator by @esune in #3448
• Support EcdsaSecp256r1Signature2019 linked data proof by @gmulhearn in #3443
• Prevent dummy profiles on start up by @jamshale in #3449
• ⬆️ Upgrade dev dependencies by @ff137 in #3454
• Pass the correct key for multitenant single wallets by @jamshale in #3450
• chore(deps): Bump mkdocs-material from 9.5.49 to 9.5.50 by @dependabot in #3453
• Add Multi-tenancy single wallet upgrade test by @jamshale in #3457
• Check admin wallet anoncreds upgrade on startup by @jamshale in #3458
• 1.2.1rc0 by @swcurran in #3459
• 1.2.1 by @swcurran in #3460

Full Changelog: 1.2.0...1.2.1

1.2.1rc0

Release 1.2.1 is a patch to fix a couple of issues introduced in Release 1.2.0 that prevent the startup of multi-tenant/single database instances of ACA-Py. The release includes the fixes, plus a new test for testing ACA-Py upgrades -- a new test type introduced in Release 1.2.0. Given that there are no breaking changes in this release, we'll move the 1.2.lts branch to be based on this release.

Enhancements in Release 1.2.1 are the addition of support for the Linked Data proof cryptosuite EcdsaSecp256r1Signature2019, and support for P256 keys generally and in did:key form.

1.2.1rc0 Deprecation Notices

The same deprecation notices from the 1.1.0 release about AIP 1.0 protocols still apply. The protocols remain in the 1.2.1 release, but will be moved out of the core and into plugins soon. Please review these notifications carefully!

1.2.1rc0 Breaking Changes

There are no breaking changes in this release, just fixes, new tests and minor updates.

What's Changed

• Add some more functionality and checks to the restart/upgrade test by @ianco in #3431
• Follow up from Release 1.2.0 -- including LTS change by @swcurran in #3432
• Change did:tdw resolver naming to did:webvh by @jamshale in #3429
• chore(deps-dev): Bump pytest-asyncio from 0.25.1 to 0.25.2 by @dependabot in #3437
• chore(deps): Bump marshmallow from 3.23.3 to 3.25.1 by @dependabot in #3438
• chore(deps-dev): Bump ruff from 0.8.6 to 0.9.1 by @dependabot in #3439
• chore(deps): Bump pygments from 2.18.0 to 2.19.1 by @dependabot in #3440
• Only copy agent code in dockerfiles by @jamshale in #3393
• Support P256 keys & did:keys by @gmulhearn in #3442
• ♻️ Sync ruff version in workflows by @ff137 in #3447
• Fixed handling of base wallet routes in auth decorator by @esune in #3448
• Support EcdsaSecp256r1Signature2019 linked data proof by @gmulhearn in #3443
• Prevent dummy profiles on start up by @jamshale in #3449
• ⬆️ Upgrade dev dependencies by @ff137 in #3454
• Pass the correct key for multitenant single wallets by @jamshale in #3450
• chore(deps): Bump mkdocs-material from 9.5.49 to 9.5.50 by @dependabot in #3453
• Add Multi-tenancy single wallet upgrade test by @jamshale in #3457
• Check admin wallet anoncreds upgrade on startup by @jamshale in #3458
• 1.2.1rc0 by @swcurran in #3459

Full Changelog: 1.2.0...1.2.1rc0