Skip to content

Releases: openwallet-foundation/acapy

1.0.1rc0

26 Sep 14:06
dc66c82
Compare
Choose a tag to compare
1.0.1rc0 Pre-release
Pre-release

Release 1.0.1 might be the last release of ACA-Py from the Hyperledger organization before the repository moves to the OpenWallet Foundation (OWF). As noted in the repository README.md, the ACA-Py project will soon be
moving soon to the OWF's GitHub organization as the new "acapy" project.

For details on what this means for ACA-Py users, including steps for updating deployments, please follow the updates in GitHub Issue #3250. We'll keep you informed about the approach, timeline, and progress of the move. Stay tuned!

The release contains mostly internal clean ups, technical debt elimination, and a revision to the integration testing approach, incorporating the Aries Agent Test Harness tests in the ACA-Py continuous integration testing process.

There are several important deprecation notices in this release in preparation for the next ACA-Py release. Please review these notifications carefully!

In an attempt to shorten the categorized list of PRs in the release, rather than listing all of the dependabot PRs in the release, we've included a link to a list of those PRs.

Deprecation Notices

  • ACA-Py will soon be moved from the Hyperledger GitHub organization to that of the OpenWallet Foundation. As such, there will be changes in the names and locations of the artifacts produced -- the PyPi project and the container images in the GitHub Container Registry. We will retain the ability to publish LTS releases of ACA-Py for the current LTS versions (0.11, 0.12) in the current locations. For details, guidance, timing, and progress on the move, please monitor the description of GitHub Issue #3250 that will be maintained throughout the process.
  • In the next ACA-Py release, we will be dropping from the core ACA-Py repository the AIP 1.0 RFC 0160 Connections, [RFC 0037 Issue Credentials v1.0] and [RFC 0037 Present Proof v1.0] DIDComm protocols. Each of the protocols will be moved to the [ACA-Py Plugins] repo. All deployers that use those protocols SHOULD update to the AIP 2.0 versions of those protocols (RFC 0434 Out of Band+RFC 0023 DID Exchange, RFC 0453 Issue Credential v2.0 and RFC 0454 Present Proof v2.0, respectively). Once the protocols are removed from ACA-Py, anyone still using those protocols must adjust their configuration to load those protocols from the respective plugins.

1.0.1rc0 Breaking Changes

There are no breaking changes in ACA-Py Release 1.0.1.

What's Changed

New Contributors

Full Changelog: 1.0.0...1.0.1rc0

1.0.0

16 Aug 21:16
8e539b5
Compare
Choose a tag to compare

Release 1.0.0 is finally here! While Aries Cloud Agent Python has been used in production for several years, the maintainers have decided it is finally time to put a "1.0" tag on the project. The 1.0.0 release itself includes well over 100 PRs merged since Release 0.12.1. The vast majority of that work was in hardening the product in preparation for this 1.0.0 release. While there are a number of new features and a new Long Term Support (LTS) policy, the majority of the focus has been on eliminating technical debt and improving the underlying implementation. Here are the highlights of the release:

  • A formal ACA-Py Long Term Support (LTS) policy has been documented and is being followed.
  • The default underlying Python version has been upgraded to 3.12. Happily, there were minimal code changes to enable the upgrade to 3.12 from the previous Python 3.9.
  • A new ACA-Py Plugins Store at https://plugins.aca-py.org. Check out the plugins that have been published by ACA-Py contributors, and learn how to add your own plugins!
  • We've improved the developer experience by enabling support in ACA-Py artifacts for the ARM Architecture (and notably, Mac M1 and later systems). To do so, we have removed default support for BBS Signatures. BBS Signatures are still supported in the codebase, and guidance is provided for how to enable the support in artifacts (Docker images, etc.) for those needing it. We look forward to updating the BBS support in ACA-Py based on libraries that include multi-architecture support.
  • Pagination support has been added to a number of Admin API queries for object lists, enabling the development of better user interfaces for large deployments.
  • Cleanup in the ACA-Py AnonCreds Revocation Registry handling to prevent errors that were found occurring under certain specific conditions.
  • Upgraded pull request and release pipeline, including:
    • Enabling a much more aggressive approach to dependabot notifications, beyond just those for security vulnerabilities. Along with those upgrades, we've moved to newer/better build pipeline tooling, such as switching from Black to Ruff, and re-enable per pull request code coverage notifications.
      • Many of the PRs in this release are related to dependency updates from dependabot or applied directly.
    • A switch to more used tooling, such as a switch from black to ruff.
    • Improvements in coverage monitoring of pull requests.
  • The start of a DIDComm v2 implementation in ACA-Py. The work is not complete, as we are taking an incremental approach to adding DIDComm v2 support.
  • A decorator has been added for enabling direct support for Admin API authentication. Previously, the only option to enable (the necessary) Admin API was to put the API behind a proxy that could manage authentication. With this update, ACA-Py deployments can handle authentication directly, without a proxy.
  • We have dropped support for the old, archived [Indy SDK]. If you have not migrated your deployment off of the Indy SDK, you must do so now. See this Indy SDK to Askar migration documentation for guidance.
  • Support added for using AnonCreds in W3C VCDM format.

1.0.0 Breaking Changes

With the focus of the pull requests for this release on stabilizing the implementation, there were just a few breaking changes:

  • The default underlying Python version has been upgraded to 3.12.
  • ACA-Py has supported BBS Signatures for some time. However, the dependency that is used (bbs) does not support the ARM architecture, and its inclusion in the default ACA-Py artifacts mean that developers using ARM-based hardware (such as Apple M1 Macs or later) cannot run ACA-Py "out-of-the-box". We feel that providing a better developer experience by supporting the ARM architecture is more important than BBS Signature support at this time. As such, we have removed the BBS dependency from the base ACA-Py artifacts and made it an add-on that those using ACA-Py with BBS must take extra steps to build into their own artifacts, as documented here.
  • Support for the Indy SDK has been dropped. It had been previously deprecated. See this Indy SDK to Askar migration documentation for guidance. Hyperledger Indy is still fully supported - it's just the Indy SDK client-side library that has been removed.
  • The webhook sent after receipt of presentation by a verifier has been updated to include all of the information needed by the verifier so that the controller does not have to call the "Verify Presentation" endpoint. The issue with calling that endpoint after the presentation has been received is that there is a race condition between the controller and the ACA-Py cleanup process deleting completed Present Proof protocol instances. See #3081 for additional details.
  • A fix to an obscure bug includes a change to the data sent to the controller after publishing multiple, endorsed credential definition revocation registries in a single call. The bug fix was to properly process the publishing. The breaking change is that when the process (now successfully) completes, the controller is sent the list of published credential definitions. Previously only a single value was being sent. See PR #3107 for additional details.
  • The configuration settings around whether a multitenant wallet uses a single database vs. a database per tenant has been made more explicit. The previous settings were not clear, resulting in some deployments that were intended to be a database per tenant actually result in all tenants being in the same database. For details about the change, see #3105.

What's Changed

Read more

1.0.0rc6

02 Aug 21:56
53e569d
Compare
Choose a tag to compare
1.0.0rc6 Pre-release
Pre-release

Release 1.0.0rc6 includes well over 100 PRs merged since Release 0.12.1. The vast majority of that work was in hardening the product in preparation for this 1.0.0 release. While there are a number of new features and a new Long Term Support (LTS) policy, the majority of the focus has been on eliminating technical debt and improving the underlying implementation. The full list of PRs in this release can be found below. here are the highlights of the release:

  • A formal ACA-Py Long Term Support (LTS) policy has been documented and is being followed.
  • The default underlying Python version has been upgraded to 3.12. Happily, there were minimal code changes to enable the upgrade to 3.12 from the previous Python 3.9.
  • We've improved the developer experience by enabling support in ACA-Py artifacts for the ARM Architecture (and notably, Mac M1 and later systems), we have removed default support for BBS Signatures. BBS Signatures are still supported, and guidance is provided for how to enable the support for those needing it. We look forward to updating the BBS support in ACA-Py based on libraries that include multi-architecture support.
  • Pagination support has been added to a number of Admin API queries for object lists, enabling the development of better user interfaces for large deployments.
  • Cleanup in the ACA-Py AnonCreds Revocation Registry handling to prevent errors that were found occurring under certain specific conditions.
  • Upgraded pull request and release pipeline, including:
    • Enabling a much more aggressive approach to dependabot notifications, beyond just those for security vulnerabilities. Along with those upgrades, we've moved to newer/better build pipeline tooling, such as switching from Black to Ruff, and re-enable per pull request code coverage notifications.
      • Many of the PRs in this release are related to dependency updates from dependabot or applied directly.
    • A switch to more used tooling, such as a switch from black to ruff.
    • Improvements in coverage monitoring of pull requests.
  • The start of a DIDComm v2 implementation in ACA-Py. The work is not complete, as we are taking an incremental approach to adding DIDComm v2 support.
  • A decorator has been added for enabling direct support for Admin API authentication. Previously, the only option to enable (the necessary) Admin API was to put the API behind a proxy that could manage authentication. With this update, ACA-Py deployments can handle authentication directly, without a proxy.
  • We have dropped support for the old, archived [Indy SDK]. If you have not migrated your deployment off of the Indy SDK, you must do so now. See this Indy SDK to Askar migration documentation for guidance.
  • Support added for using AnonCreds in W3C VCDM format. The support is not fully completed, but on the way.

1.0.0rc6 Breaking Changes

With the focus of the pull requests for this release on stabilizing the implementation, there were a few breaking changes:

  • The default underlying Python version has been upgraded to 3.12.
  • ACA-Py has supported BBS Signatures for some time. However, the dependency that is used (bbs) does not support the ARM architecture, and its inclusion in the default ACA-Py artifacts mean that developers using ARM-based hardware (such as Apple M1 Macs or later) cannot run ACA-Py "out-of-the-box". We feel that providing a better developer experience by supporting the ARM architecture is more important than BBS Signature support at this time. As such, we have removed the BBS dependency from the base ACA-Py artifacts and made it an add-on that those using ACA-Py with BBS must take extra steps to build their own artifacts, as documented here.
  • Support for the Indy SDK has been dropped. It had been previously deprecated. See this Indy SDK to Askar migration documentation for guidance.
  • The webhook sent after receipt of presentation by a verifier has been updated to include all of the information needed by the verifier so that the controller does not have to call the "Verify Presentation" endpoint. The issue with calling that endpoint after the presentation has been received is that there is a race condition between the controller and the ACA-Py cleanup process deleting completed Present Proof protocol instances. See #3081 for additional details.
  • A fix to an obscure bug includes a change to the data sent to the controller after publishing multiple, endorsed credential definition revocation registries in a single call. The bug fix was to properly process the publishing. The breaking change is that when the process (now successfully) completes, the controller is sent the list of published credential definitions. Previously only a single value was being sent. See PR #3107 for additional details.

What's Changed

Read more

0.12.2

01 Aug 22:24
1631eb9
Compare
Choose a tag to compare

A patch release to add the verification of a linkage between an inbound message and its associated connection (if any) before processing the message. Also adds some additional cleanup/fix PRs from the main branch (see list below) that might be useful for deployments currently using Release 0.12.1 or 0.12.0.

0.12.2 Breaking Changes

There are no breaking changes in this release.

PRs cherry-picked from the main branch:

  • fix: multiuse invites with did peer 4 #3112 dbluhm
  • Check connection is ready in all connection required handlers #3095 jamshale
  • Add by_format to terse webhook for presentations #3081 ianco
  • fix: respond to did:peer:1 with did:peer:4 #3050 dbluhm
  • feat: soft binding for plugin flexibility #3010 dbluhm
  • feat: inject profile and session #2997 dbluhm
  • feat: external signature suite provider interface #2835 dbluhm
  • fix(interop): overly strict validation #2943 dbluhm

What's Changed

Full Changelog: 0.12.1...0.12.2

0.11.3

01 Aug 22:20
c901828
Compare
Choose a tag to compare

A patch release to add a fix that ensures that sufficient webhook information is sent to an ACA-Py controller that is executing the AIP 2.0 Present Proof 2.0 Protocol.

0.11.3 Breaking Changes

There are no breaking changes in this release.

0.11.3 PRs Cherry-picked from the main branch

  • Add by_format to terse webhook for presentations #3081 ianco

What's Changed

Full Changelog: 0.11.2...0.11.3

0.12.2rc1

25 Jul 19:08
254df6d
Compare
Choose a tag to compare
0.12.2rc1 Pre-release
Pre-release

A patch release to add the verification of a linkage between an inbound message and its associated connection (if any) before processing the message. Also adds some additional cleanup/fix PRs from the main branch (see list below) that might be useful for deployments currently using Release 0.12.1.

0.12.2rc1 Breaking Changes

There are no breaking changes in this release.

0.12.2rc1 List of Pull Requests From The main Branch

  • Check connection is ready in all connection required handlers #3095 jamshale
  • fix: multiuse invites with did peer 4 #3112 dbluhm
  • fix: respond to did:peer:1 with did:peer:4 #3050 dbluhm
  • feat: soft binding for plugin flexibility #3010 dbluhm
  • feat: inject profile and session #2997 dbluhm
  • feat: external signature suite provider interface #2835 dbluhm
  • fix(interop): overly strict validation #2943 dbluhm

What's Changed

Full Changelog: 0.12.1...0.12.2rc1

0.11.2

25 Jul 19:05
bec202a
Compare
Choose a tag to compare

A patch release to add the verification of a linkage between an inbound message and its associated connection (if any) before processing the message.

0.11.2 Breaking Changes

There are no breaking changes in this release.

0.11.2 List of Pull Requests from main Branch

  • Check connection is ready in all connection required handlers #3095 jamshale

What's Changed

Full Changelog: 0.11.1...0.11.2

1.0.0rc5

23 Jul 19:21
167f701
Compare
Choose a tag to compare
1.0.0rc5 Pre-release
Pre-release

Release 1.0.0rc5 includes well over 100 PRs merged since Release 0.12.1. The vast majority of that work was in hardening the product in preparation for this 1.0.0 release. While there are a number of new features, the majority of the focus has been on eliminating technical debt and improving the underlying implementation. The full list of PRs in this release can be found below. here are the highlights of the release:

  • The default underlying Python version has been upgraded to 3.12. Happily, there were minimal code changes to enable the upgrade to 3.12 from the previous Python 3.9.
  • Pagination support has been added to a number of Admin API queries for object lists, enabling the development of better user interfaces for large deployments.
  • Cleanup in the ACA-Py AnonCreds Revocation Registry handling to prevent errors that were found occurring under certain specific conditions.
  • Upgraded pull request and release pipeline, including:
    • Enabling a much more aggressive approach to dependabot notifications, beyond just those for security vulnerabilities. Along with those upgrades, we've moved to newer/better build pipeline tooling, such as switching from Black to Ruff, and re-enable per pull request code coverage notifications.
      • Many of the PRs in this release are related to dependency updates from dependabot or applied directly.
    • A switch to more used tooling, such as a switch from black to ruff.
    • Improvements in coverage monitoring of pull requests.
  • The start of a DIDComm v2 implementation in ACA-Py. The work is not complete, as we are taking an incremental approach to adding DIDComm v2 support.
  • A decorator has been added for enabling direct support for Admin API authentication. Previously, the only option to enable (the necessary) Admin API was to put the API behind a proxy that could manage authentication. With this update, ACA-Py deployments can handle authentication directly, without a proxy.
  • We have dropped support for the old, archived [Indy SDK]. If you have not migrated your deployment off of the Indy SDK, you must do so now. See this Indy SDK to Askar migration documentation for guidance.
  • Support added for using AnonCreds in W3C VCDM format.

1.0.0rc5 Breaking Changes

With the focus of the pull requests for this release on stabilizing the implementation, there were a few breaking changes:

  • The default underlying Python version has been upgraded to 3.12.
  • Support for the Indy SDK has been dropped. It had been previously deprecated. See this Indy SDK to Askar migration documentation for guidance.
  • The webhook sent after receipt of presentation by a verifier has been updated to include all of the information needed by the verifier so that the controller does not have to call the "Verify Presentation" endpoint. The issue with calling that endpoint after the presentation has been received is that there is a race condition between the controller and the ACA-Py cleanup process deleting completed Present Proof protocol instances. See #3081 for additional details.
  • A fix to an obscure bug includes a change to the data sent to the controller after publishing multiple, endorsed credential definition revocation registries in a single call. The bug fix was to properly process the publishing. The breaking change is that when the process (now successfully) completes, the controller is sent the list of published credential definitions. Previously only a single value was being sent. See PR #3107 for additional details.

What's Changed

Read more

1.0.0rc4

09 Jul 13:08
811ff3b
Compare
Choose a tag to compare
1.0.0rc4 Pre-release
Pre-release

This time we mean it! Release 1.0.0rc4 is, despite the non-zero RC number, the first Release Candidate for what will soon be the official ACA-Py 1.0.0. We started to do a 1.0.0 sequence (releasing several RCs) a long time ago, and decided to gate the transition on some requirements that were not as important as we thought at the time. Now we are really ready to publish ACA-Py Release 1.0.0. This release is again pulling from the main branch. The previous 1.0.0 RC, rc3, was approximately equal to ACA_Py Release 0.8.2. As such, this RC is a MAJOR change from that last one.

Release 1.0.0rc4 includes just over 100 PRs merged since Release 0.12.1. The vast majority of that work was in hardening the product in preparation for this 1.0.0 release. While there are a number of new features, the majority of the focus has been on eliminating technical debt and improving the underlying implementation. The full list of PRs in this release can be found below. here are the highlights of the release:

  • The default underlying Python version has been upgraded to 3.12. Happily, there were minimal code changes to enable the upgrade to 3.12 from the previous Python 3.9.
  • Pagination support has been added to a number of Admin API queries for object lists, enabling the development of better user interfaces for large deployments.
  • Cleanup in the ACA-Py AnonCreds Revocation Registry handling to prevent errors that were found occurring under certain specific conditions.
  • Upgraded pull request and release pipeline, including:
    • Enabling a much more aggressive approach to dependabot notifications, beyond just those for security vulnerabilities. Along with those upgrades, we've moved to newer/better build pipeline tooling, such as switching from Black to Ruff, and re-enable per pull request code coverage notifications.
      • Many of the PRs in this release are related to dependency updates from dependabot or applied directly.
    • A switch to more used tooling, such as a switch from black to ruff.
    • Improvements in coverage monitoring of pull requests.
  • The start of a DIDComm v2 implementation in ACA-Py. The work is not complete, as we are taking an incremental approach to adding DIDComm v2 support.
  • A decorator has been added for enabling direct support for Admin API authentication. Previously, the only option to enable (the necessary) Admin API was to put the API behind a proxy that could manage authentication. With this update, ACA-Py deployments can handle authentication directly, without a proxy.
  • We have dropped support for the old, archived [Indy SDK]. If you have not migrated your deployment off of the Indy SDK, you must do so now. See this Indy SDK to Askar migration documentation for guidance.
  • Support added for using AnonCreds in W3C VCDM format. The support is not fully completed, but on the way.

1.0.0rc4 Breaking Changes

With the focus of the pull requests for this release on stabilizing the implementation, there were a few breaking changes:

  • The default underlying Python version has been upgraded to 3.12.
  • Support for the Indy SDK has been dropped. It had been previously deprecated. See this Indy SDK to Askar migration documentation for guidance.
  • The webhook sent after receipt of presentation by a verifier has been updated to include all of the information needed by the verifier so that the controller does not have to call the "Verify Presentation" endpoint. The issue with calling that endpoint after the presentation has been received is that there is a race condition between the controller and the ACA-Py cleanup process deleting completed Present Proof protocol instances. See ##3081 for additional details.

What's Changed

  • Update README.md by @KPCOFGS in #2927
  • chore(deps): Bump ecdsa from 0.16.1 to 0.19.0 in the pip group across 1 directory by @dependabot in #2933
  • feat: Integrate AnonCreds with W3C VCDI Format Support in ACA-Py by @sarthakvijayvergiya in #2861
  • Upgrade to anoncreds via api endpoint by @jamshale in #2922
  • Feature: use decorators for admin api authentication by @esune in #2860
  • Anoncreds - Send full registry list when getting revocation states by @jamshale in #2946
  • Example integration test issuing 2 credentials under the same schema by @ianco in #2948
  • Fix Snyk Container scanning workflow by @WadeBarnes in #2951
  • ⬆️ Upgrade pydid (pydantic v2) by @ff137 in #2919
  • Switch Snyk Container scan back to on push. by @WadeBarnes in #2953
  • Add OpenSSF Scorecard GHA - weekly by @swcurran in #2955
  • ⬆️ Upgrade test and lint dependencies by @ff137 in #2939
  • feat: drop indy sdk by @dbluhm in #2892
  • fix(interop): overly strict validation by @dbluhm in #2943
  • Fix clear revocation logic by @jamshale in #2956
  • Fix Snyk sarif file by @pradeepp88 in #2961
  • Add anoncreds migration guide by @jamshale in #2881
  • chore: updating dependabot to support gha, python, docker and dev container packages by @rajpalc7 in #2945
  • Fix issue with requested to revoke before registry creation by @jamshale in #2995
  • Sonarcloud with code coverage by @jamshale in #2968
  • Manage integration tests with GitHub Actions (#2952) by @jamshale in #2996
  • ⬆️ Upgrade aiohttp-apispec and apispec by @ff137 in #2920
  • chore(deps): Bump untergeek/curator from 8.0.2 to 8.0.15 in /demo/elk-stack/extensions/curator by @dependabot in #2969
  • feat: inject profile and session by @dbluhm in #2997
  • ✨ Faster uuid generation by @ff137 in #2994
  • chore(deps): Bump sphinx-rtd-theme from 1.1.1 to 1.3.0 in /docs by @dependabot in #2970
  • chore(deps): Bump hyperledger/aries-cloudagent-python from py3.9-0.9.0 to py3.9-0.12.1 in /demo/docker-agent by @dependabot in #2973
  • chore(deps): Bump hyperledger/aries-cloudagent-python from py3.9-0.10.4 to py3.9-0.12.1 in /demo/playground by @dependabot in #2975
  • Postgres Demo - Upgrade postgres and change entrypoint file by @jamshale in #3004
  • chore(deps): Bump hyperledger/aries-cloudagent-python from py3.9-0.9.0 to py3.9-0.12.1 in /demo/multi-demo by @dependabot in #2976
  • Merge all poetry dependabot PRs by @PatStLouis in #3007
  • Merge all demo dependabot PRs by @PatStLouis in #3008
  • Switch from pytz to dateutil by @jamshale in #3012
  • Add sonarcloud badges by @jamshale in #3014
  • chore(deps): Bump actions/checkout from 3 to 4 in the all-actions group by @dependabot in #3011
  • feat: soft binding for plugin flexibility by @dbluhm in #3010
  • Use a published version of aiohttp-apispec by @jamshale in #3019
  • Add support for revocable credentials in vc_di handler by @EmadAnwer in #2967
  • chore(deps): Bump pydid from 0.5.0 to 0.5.1 by @dependabot in #3024
  • chore(deps-dev): Bump pytest from 8.2.1 to 8.2.2 by @dependabot in #3025
  • chore(deps): Update prompt-toolkit requirement from ~=2.0.9 to ~=2.0.10 in /demo by @dependabot in #3026
  • chore(deps): Bump sphinx from 1.8.4 to 1.8.6 by @dependabot in #3021
  • docs: added section on environment variables by @Executioner1939 in #3028
  • ✨ Adds support for paginated storage querie...
Read more

0.11.1

07 May 19:38
6395a12
Compare
Choose a tag to compare

A patch release to update the aiohttp library such that a reported serious vulnerability is addressed such that a crafted payload delivered to aiohttp can put it in an infinite loop, which can be used for a low cost denial of service attack. CVE-2024-30251 describes the issue.

0.11.1 Breaking Changes

There are no breaking changes in this release. The only changed is the updated aiohttp dependency.

What's Changed

Full Changelog: 0.11.0...0.11.1