Skip to content

Releases: openwallet-foundation/acapy

0.12.1rc0

24 Apr 19:54
@swcurran swcurran
0.12.1rc0
d60cb4b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
0.12.1rc0 Pre-release
Pre-release

Release 0.12.1rc0 is a small patch to cleanup some edge case issues in the handling of Out of Band invitations and connection querying uncovered after the 0.12.0 release. Fixes and improvements were also made to the generation of ACA-Py's OpenAPI specifications.

0.12.1rc0 Breaking Changes

There are no breaking changes in this release.

What's Changed

  • chore(deps): Bump idna from 3.6 to 3.7 by @dependabot in #2887
  • Some updates to the mkdocs publishing process by @swcurran in #2888
  • Fix ack during for auto endorsement by @jamshale in #2883
  • Prevent 500 error when re-promoting DID with endorsement by @jamshale in #2885
  • fix: integration tests should use didex 1.1 by @dbluhm in #2889
  • fix: look up conn record by invite msg id instead of key by @dbluhm in #2891
  • 🐛 Fix IndyAttrValue model that was dropped from openapi spec by @ff137 in #2894
  • fix: oob record their_service should be updatable by @dbluhm in #2897
  • ⬆️ Upgrade codegen tools used in generate-open-api-specols by @ff137 in #2899
  • chore(deps): Bump psf/black from 24.3.0 to 24.4.0 in the all-actions group by @dependabot in #2893
  • chore(deps): Bump idna from 3.4 to 3.7 in /demo/playground/examples by @dependabot in #2886
  • fix: consider all resolvable dids in invites "public" by @dbluhm in #2900
  • 🎨 fix typos by @ff137 in #2898
  • fix Faber demo to use oob with aip10 to support connection reuse by @ianco in #2903
  • chore(deps): Bump aiohttp from 3.9.3 to 3.9.4 by @dependabot in #2902
  • 🐛 Fix ServiceDecorator parsing in oob record handling by @ff137 in #2910
  • Fix api schema mixup in revocation routes by @jamshale in #2909
  • refactor: logging configs setup by @amanji in #2870
  • 0.12.1rc0 by @swcurran in #2912

Full Changelog: 0.12.0...0.12.1rc0

Contributors

swcurran, ianco, and 5 other contributors
Assets 2
Loading

0.12.0

11 Apr 19:16
@swcurran swcurran
0.12.0
5bcb08b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
0.12.0

Release 0.12.0 is a large release with many new capabilities, feature improvements, upgrades, and bug fixes. Importantly, this release completes the ACA-Py implementation of Aries Interop Profile v2.0, and enables the elimination of unqualified DIDs. While only deprecated for now, all deployments of ACA-Py SHOULD move to using only fully qualified DIDs as soon as possible.

Much progress has been made on did:peer support in this release, with the handling of inbound DID Peer 1 added, and inbound and outbound support for DID Peer 2 and 4. Much attention was also paid to making sure that the Peer DID and DID Exchange capabilities match those of Credo-TS (formerly Aries Framework JavaScript). The completion of that work eliminates the remaining places where "unqualified" DIDs were being used, and to enable the "connection reuse" feature in the Out of Band protocol when using DID Peer 2 and 4 DIDs in invitations. See the document Qualified DIDs for details about how to control the use of DID Peer 2 or 4 in an ACA-Py deployment, and how to eliminate the use of unqualified DIDs. Support for DID Exchange v1.1 has been added to ACA-Py, with support for DID Exchange v1.0 retained, and we've added support for DID Rotation.

Work continues towards supporting ledger agnostic AnonCreds, and the new Hyperledger AnonCreds Rust library. Some of that work is in this release, the rest will be in the next release.

Attention was given in the release to simplifying the handling of JSON-LD Data Integrity Verifiable Credentials.

An important change in this release is the re-organization of the ACA-Py documentation, moving the vast majority of the documents to the folders within the docs folder -- a long overdue change that will allow us to soon publish the documents on https://aca-py.org directly from the ACA-Py repository, rather than from the separate aries-acapy-docs currently being used.

A big developer improvement is a revamping of the test handling to eliminate ~2500 warnings that were previously generated in the test suite. Nice job @ff137!

0.12.0 Breaking Changes

A deployment of this release that uses DID Peer 2 and 4 invitations may encounter problems interacting with agents deployed using older Aries protocols. Led by the Aries Working Group, the Aries community is encouraging the upgrade of all ecosystem deployments to accept all commonly used qualified DIDs, including DID Peer 2 and 4. See the document Qualified DIDs for more details about the transition to using only qualified DIDs. If deployments you interact with are still using unqualified DIDs, please encourage them to upgrade as soon as possible.

Specifically for those upgrading their ACA-Py instance that create Out of Band invitations with more than one handshake_protocol, the protocol for the connection has been removed. See Issue #2879 contains the details of this subtle breaking change.

New deprecation notices were added to ACA-Py on startup and in the OpenAPI/Swagger interface. Those added are listed below. As well, we anticipate 0.12.0 being the last ACA-Py release to include support for the previously deprecated Indy SDK.

  • RFC 0036 Issue Credential v1
    • Migrate to use RFC 0453 Issue Credential v2
  • RFC 0037 Present Proof v2
    • Migrate to use RFC 0454 Present Proof v2
  • RFC 0169 Connections
    • Migrate to use RFC 0023 DID Exchange and 0434 Out-of-Band
  • The use of did:sov:... as a Protocol Doc URI
    • Migrate to use https://didcomm.org/

What's Changed

Read more

Contributors

TheTechmage, swcurran, and 19 other contributors
Assets 2
Loading

0.12.0rc3

09 Apr 02:57
@swcurran swcurran
0.12.0.rc3
a629019
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
0.12.0rc3 Pre-release
Pre-release

Release 0.12.0 is a relatively large release with many new capabilities, feature improvements, upgrades and bug fixes. Importantly, this release completes the ACA-Py implementation of Aries Interop Profile v2.0, and enables the elimination of unqualified DIDs. While only deprecated for now, all deployments of ACA-Py to move to using only fully qualified DIDs.

Much progress has been made on did:peer support in this release, with the handling of inbound DID Peer 1 added, and inbound and outbound support for DID Peer 2 and 4. Much attention was also paid to making sure that the Peer DID and DID Exchange capabilities match those of Credo-TS (formerly Aries Framework JavaScript). The completion of that work eliminates the remaining places where "unqualified" DIDs are being used, and to enable the "connection reuse" in the Out of Band protocol when using DID Peer 2 and 4 DIDs. See the document Qualified DIDs for details about how to control the use of DID Peer 2 or 4 in an ACA-Py deployment, and how to eliminate the use of unqualified DIDs. Support for DID Exchange v1.1 has been added to ACA-Py, with support for DID Exchange v1.0 retained, and we've added support for DID Rotation.

Work continues towards supporting ledger agnostic AnonCreds, and the new Hyperledger AnonCreds Rust library. Some of that work is in this release, the rest will be in the next release.

Attention was given in the release to simplifying the handling of JSON-LD Data Integrity Verifiable Credentials.

An important change in this release is the re-organization of the ACA-Py documentation, moving the vast majority of the documents to the folders within the docs folder -- a long overdue change that will allow us to soon publish the documents on https://aca-py.org directly from the ACA-Py repository, rather than from the separate aries-acapy-docs currently being used.

A big developer improvement is a revamping of the test handling to eliminate ~2500 warnings that were previously generated in the test suite. Nice job @ff137!

0.12.0rc3 Breaking Changes

A deployment of this release that proactively uses DID Peer 2 and 4 will encounter problems interacting with agents deployed using older Aries protocols. Led by the Aries Working Group, the Aries community is encouraging the upgrade of all ecosystem deployments to accept all commonly used qualified DIDs, including DID Peer 2 and 4. See the document Qualified DIDs for more details about the transition to using only qualified DIDs.

New deprecation notices were added to ACA-Py on startup and in the OpenAPI/Swagger interface. Those added are listed below. As well, we anticipate 0.12.0 being the last ACA-Py release to include support for the previously deprecated Indy SDK.

  • RFC 0036 Issue Credential v1
    • Migrate to use RFC 0453 Issue Credential v2
  • RFC 0037 Present Proof v2
    • Migrate to use RFC 0454 Present Proof v2
  • RFC 0169 Connections
    • Migrate to use RFC 0023 DID Exchange and 0434 Out-of-Band
  • The use of did:sov:... as a Protocol Doc URI
    • Migrate to use https://didcomm.org/.

What's Changed

Read more

Contributors

TheTechmage, swcurran, and 19 other contributors
Assets 2
Loading

0.12.0rc2

06 Mar 13:16
@swcurran swcurran
0.12.0rc2
fa2a8ea
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
0.12.0rc2 Pre-release
Pre-release

Release 0.12.0 is a relative large release but currently with no breaking changes. We expect there will be breaking changes (at least in the handling of endorsement) before the 0.12.0 release is finalized, hence the minor version update.

The rc0 release candidate introduced a regression via PR #2705 that has been reverted in rc1 and later via PR #2789. Further investigation is needed to determine how to accomplish the goal of PR #2705 ("feat: inject profile") without the regression. The rc2 and later releases address a regression related to the sending of a revocation notification from the issuer to the holder of a newly revoked credential, fixed in PR #2814.

Much progress has been made on did:peer support in this release, with the handling of inbound DID Peer 1 added, and inbound and outbound support for DID Peer 2 and 4. The goal of that work is to eliminate the remaining places where "unqualified" DIDs remain, and to enable the "connection reuse" in the Out of Band protocol when using DID Peer 2 and 4 DIDs. Work continues in supporting ledger agnostic AnonCreds, and the new Hyperledger AnonCreds Rust library. Attention was also given in the release to the handling of JSON-LD Data Integrity Verifiable Credentials, with more expected before the release is finalized. In addition to those updates, there were fixes and improvements across the codebase.

The most visible change in this release is the re-organization of the ACA-Py documentation, moving the vast majority of the documents to the folders within the docs folder -- a long overdue change that will allow us to soon publish the documents on https://aca-py.org directly from the ACA-Py repository, rather than from the separate aries-acapy-docs currently being used.

A big developer improvement is a revamping of the test handling to eliminate ~2500 warnings that were previously generated in the test suite. Nice job @ff137!

0.12.0rc2 Breaking Changes

There are no breaking changes in 0.12.0rc2.

What's Changed

Read more

Contributors

TheTechmage, swcurran, and 17 other contributors
Assets 2
Loading

0.12.0rc1

20 Feb 15:49
@swcurran swcurran
0.12.0rc1
4d1f7fe
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
0.12.0rc1 Pre-release
Pre-release

Release 0.12.0 is a relative large release but currently with no breaking changes. We expect there will be breaking changes (at least in the handling of endorsement) before the 0.12.0 release is finalized, hence the minor version update.

The first 0.12.0 release candidate, rc0, introduced a regression via PR #2705 that has been reverted in PR #2789. Further investigation is needed to determine how to accomplish the goal of PR #2705 ("feat: inject profile") without the regression.

Much progress was made on did:peer support in this release, with the handling of inbound DID Peer 1 added, and inbound and outbound support for DID Peer 2 and 4. The goal of that work is to eliminate the remaining places where "unqualified" DIDs remain. Work continues in supporting ledger agnostic AnonCreds, and the new Hyperledger AnonCreds Rust library. Attention was also given in the release to the handling of JSON-LD Data Integrity Verifiable Credentials, with more expected before the release is finalized. In addition to those updates, there were fixes and improvements across the codebase.

The most visible change in this release is the re-organization of the ACA-Py documentation, moving the vast majority of the documents to the folders within the docs folder -- a long overdue change that will allow us to soon publish the documents on https://aca-py.org directly from the ACA-Py repository, rather than from the separate aries-acapy-docs currently being used.

A big developer improvement is a revampling of the test handling to eliminate ~2500 warnings that were previously generated in the test suite. Nice job @ff137!

0.12.0rc1 Breaking Changes

There are no breaking changes in 0.12.0rc1.

What's Changed

Read more

Contributors

TheTechmage, swcurran, and 17 other contributors
Assets 2
Loading

0.12.0rc0

24 Jan 03:13
@swcurran swcurran
0.12.0rc0
007ea6a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
0.12.0rc0 Pre-release
Pre-release

Release 0.12.0 is a relatively large release (53 PRs and counting...) but currently with no breaking changes. We expect there will be breaking changes (at least in the handling of Indy transaction endorsement) before the 0.12.0 release is finalized, hence the minor version update.

Much progress was made on did:peer support in this release, with the handling of inbound DID Peer 1 added, and inbound and outbound support for DID Peer 2 and 4. The goal of that work is to eliminate the remaining places where "unqualified" DIDs remain. Work continues in supporting ledger agnostic AnonCreds, and the new Hyperledger AnonCreds Rust library. Attention was also given in the release to the handling of JSON-LD Data Integrity Verifiable Credentials, with more expected before the release is finalized. In addition to those updates, there were fixes and improvements across the codebase.

0.12.0rc0 Breaking Changes

There are no breaking changes in 0.12.0rc0.

What's Changed

New Contributors

Full Changelog: 0.11.0...0.12.0rc0

Contributors

TheTechmage, swcurran, and 14 other contributors
Assets 2
Loading

0.11.0

25 Nov 05:08
@swcurran swcurran
0.11.0
8d04f0e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.11.0

Release 0.11.0 is a relatively large release of new features, fixes, and internal updates. 0.11.0 is planned to be the last significant update before we begin the transition to using the ledger agnostic AnonCreds Rust in a release that is expected to bring Admin/Controller API changes. We plan to do patches to the 0.11.x branch while the transition is made to using [Anoncreds Rust].

An important addition to ACA-Py is support for signing and verifying SD-JWT verifiable credentials. We expect this to be the first of the changes to extend ACA-Py to support OpenID4VC protocols.

This release and Release 0.10.5 contain a high priority fix to correct an issue with the handling of the JSON-LD presentation verifications, where the status of the verification of the presentation.proof in the Verifiable Presentation was not included when determining the verification value (true or false) of the overall presentation. A forthcoming security advisory will cover the details. Anyone using JSON-LD presentations is recommended to upgrade to one of these versions of ACA-Py as soon as possible.

In the CI/CD realm, substantial changes were applied to the source base in switching from:

  • pip to Poetry for packaging and dependency management,
  • Flake8 to Ruff for linting,
  • asynctest to IsolatedAsyncioTestCase and AsyncMock objects now included in Python's builtin unittest package for unit testing.

These are necessary and important modernization changes, with the latter two triggering many (largely mechanical) changes to the codebase.

0.11.0 Breaking Changes

In addition to the impacts of the change for developers in switching from pip to Poetry, the only significant breaking change is the (overdue) transition of ACA-Py to always use the new DIDComm message type prefix, changing the DID Message prefix from the old hardcoded did:sov:BzCbsNYhMrjHiqZDTUASHg;spec to the new hardcoded https://didcomm.org value, and using the new DIDComm MIME type in place of the old. The vast majority (all?) Aries deployments have long since been updated to accept both values, so this change just forces the use of the newer value in sending messages. In updating this, we retained the old configuration parameters most deployments were using (--emit-new-didcomm-prefix and --emit-new-didcomm-mime-type) but updated the
code to set the configuration parameters to true even if the parameters were not set. See PR #2517.

The JSON-LD verifiable credential handling of JSON-LD contexts has been updated to pre-load the base contexts into the repository code so they are not fetched at run time. This is a security best practice for JSON-LD, and prevents errors in production when, from time to time, the JSON-LD contexts are unavailable because of outages of the web servers where they are hosted. See PR #2587.

A Problem Report message is now sent when a request for a credential is received and there is no associated Credential Exchange Record. This may happen, for example, if an issuer decides to delete a Credential Exchange Record that has not be answered for a long time, and the holder responds after the delete. See PR #2577.

What's Changed

Read more

Contributors

popkinj, swcurran, and 15 other contributors
Assets 2
Loading

0.10.5

22 Nov 03:24
@swcurran swcurran
0.10.5
66c9c02
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.10.5

Release 0.10.5 is a high priority patch release to correct an issue with the handling of the JSON-LD presentation verifications, where the status of the verification of the presentation.proof in the Verifiable Presentation was not included when determining the verification value (true or false) of the overall presentation. A forthcoming security advisory will cover the details.

Anyone using JSON-LD presentations is recommended to upgrade to this version of ACA-Py as soon as possible.

What's Changed

Full Changelog: 0.10.4...0.10.5

Contributors

swcurran and dbluhm
Assets 2
Loading

0.11.0rc2

17 Nov 21:23
@swcurran swcurran
0.11.0rc2
63943f4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.11.0rc2 Pre-release
Pre-release

Release 0.11.0 is a relatively large release of new features, fixes, and internal updates. 0.11.0 is planned to be the last major update before we transition to using the ledger agnostic AnonCreds Rust in a release that is expected to bring some Admin/Controller API changes. We plan to do patches to the 0.11.xbranch while the transition is made to the upcoming release to transition to using [Anoncreds Rust].

A significant addition to ACA-Py is support for signing and verifying SD-JWT verifiable credentials. We expect this to be the first of the changes to extend ACA-Py to support OpenID4VC protocols.

In the CI/CD realm, substantial changes were applied to the source base in switching from:

  • pip to Poetry for packaging and dependency management,
  • Flake8 to Ruff for linting,
  • asynctest to IsolatedAsyncioTestCase and AsyncMock objects now included in Python's builtin unittest package for unit testing.

These are necessary and important modernization changes, with the latter two triggering many (largely mechanical) changes to the codebase.

NOTE: In addition to these PRs in the 0-11.0-rc0 release, we also expect to include at least those ACA-Py PRs labelled "0.11.0" in the release.

0.11.0 Breaking Changes

In addition to the impacts of the change for developers in switching from pip to Poetry, the only significant breaking change is the (overdue) transition of ACA-Py to always use the new DIDComm message type prefix, changing the DID Message prefix from the old hardcoded did:sov:BzCbsNYhMrjHiqZDTUASHg;spec to the new hardcoded https://didcomm.org value, and using the new DIDComm MIME type in place of the old. The vast majority (all?) Aries deployments have long since been updated to accept both values, so this change just forces the use of the newer value in sending messages. In updating this, we retained the old configuration parameters most deployments were using (--emit-new-didcomm-prefix and --emit-new-didcomm-mime-type) but updated the
code to set the configuration parameters to true even if the parameters were not set. See PR #2517.

The JSON-LD verifiable credential handling of JSON-LD contexts has been updated to pre-load the base contexts into the repository code so they are not fetched at run time. This is a security best practice for JSON-LD, and prevents errors in production when, from time to time, the JSON-LD contexts are unavailable because of outages of the web servers where they are hosted. See PR #2587.

A Problem Report message is now sent when a request for a credential is received and there is no associated Credential Exchange Record. This may happen, for example, if an issuer decides to delete a Credential Exchange Record that has not be answered for a long time, and the holder responds after the delete. See PR #2577.

The versioning scheme for Release Candidates has been changed to drop the - in the version string. This means the older style of 0.11.0-rc0 has been changed to the newer style of 0.11.0rc2.

What's Changed

Read more

Contributors

popkinj, swcurran, and 14 other contributors
Assets 2
Loading

0.11.0-rc1

30 Oct 23:15
@swcurran swcurran
0.11.0-rc1
37c4bc2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.11.0-rc1 Pre-release
Pre-release

Release 0.11.0 is a relatively large release of new features, fixes, and internal updates. 0.11.0 is planned to be the last major update before we transition to using the AnonCreds Rust in a release that is expected to bring some Admin/Controller API changes. We plan to do patches to 0.11.0 while the transition is made to the next breaking release.

Release 0.11.0-rc0 failed to publish because of a reference to a dependency via its GitHub repository rather than to its published artifact.

A significant addition to ACA-Py is support for signing and verifying SD-JWT verifiable credentials. We expect this to be the first of the changes to extend ACA-Py to support OpenID4VC protocols.

In the CI/CD realm, substantial changes were applied to the source base in switching from:

  • pip to Poetry for packaging and dependency management,
  • Flake8 to Ruff for linting,
  • asynctest to IsolatedAsyncioTestCase and AsyncMock objects now included in Python's builtin unittest package for unit testing.

These are necessary and important modernization changes, with the latter two triggering many (largely mechanical) changes to the codebase.

NOTE: In addition to these PRs in the 0-11.0-rc0 release, we also expect to include at least those ACA-Py PRs labelled "0.11.0" in the release.

0.11.0 Breaking Changes

In addition to the impacts of the change for developers in switching from pip to Poetry, the only significant breaking change is the (overdue) transition of ACA-Py to always use the new DIDComm message type prefix, changing the DID Message prefix from the old hardcoded did:sov:BzCbsNYhMrjHiqZDTUASHg;spec to the new hardcoded https://didcomm.org value, and using the new DIDComm MIME type in place of the old. The vast majority (all?) Aries deployments have long since been updated to accept both values, so this change just forces the use of the newer value in sending messages. In updating this, we retained the old configuration parameters most deployments were using (--emit-new-didcomm-prefix and --emit-new-didcomm-mime-type) but updated the code to set the configuration parameters to true even if the parameters were not set. See PR #2517.

What's Changed

New Contributors

Full Changelog: 0.10.1...0.11.0-rc1

Contributors

swcurran, Jsyro, and 12 other contributors
Assets 2
Loading