3.0.0

3.0.0 (diff)

Release of the Stellar Disbursement Platform v3.0.0. In this release, receiver
registration does not need to be done exclusively through SMS as it now supports
new types. The options are PHONE_NUMBER, EMAIL, EMAIL_AND_WALLET_ADDRESS,
and PHONE_NUMBER_AND_WALLET_ADDRESS. If a receiver is registered with a wallet
address, they can receive the payment right away without having to go through
the SEP-24 registration flow.

Warning

This version is only compatible with the stellar/stellar-disbursement-platform-frontend version 3.0.0.

Breaking Changes

• Renamed properties and environment variables related to Email Registration Support #412
  • Renamed MAX_INVITATION_SMS_RESEND_ATTEMPT environment variable to MAX_INVITATION_RESEND_ATTEMPTS
  • Renamed organization.sms_resend_interval to organization.receiver_invitation_resend_interval_days
  • Renamed organization.sms_registration_message_template to organization.receiver_registration_message_template
  • Renamed disbursement.sms_registration_message_template to disbursement.receiver_registration_message_template

Added

• Ability to register receivers using email addresses
  • Update the receiver_registered_successfully.tmpl HTML template to display the contact info #418
  • Update /wallet-registration/verification to accommodate different verification methods #416
  • Update send and auto-retry invitation scheduler job to work with email #415
  • Update POST /wallet-registration/otp to send OTPs through email #413
  • Rename SMS-related fields in organization and disbursement to be more generic #412
  • Update process disbursement instructions to accept email addresses #404
  • Add an initial screen so receivers can choose between phone number and email registration during registration #406
  • Add message channel priority to the organizations table #400
  • Add MessageDispatcher to SDP to send messages to different channels #391
  • Update the development endpoint DELETE .../phone-number/... to DELETE .../contact-info/..., allowing it to delete based on the email as well #438
  • Remove the word "phone" from the default organization's otp_message_template #439
  • Rename SMS-related field and update Helm docs #468
• Ability to register receivers with a Stellar wallet address directly by providing contact info and a wallet address. The options currently are PHONE_NUMBER_AND_WALLET_ADDRESS and EMAIL_AND_WALLET_ADDRESS
  • Create GET /registration-contact-types endpoint #451
  • Update POST /disbursements and GET /disbursements APIs to persist and return the Registration Contact Type #452, #454
  • Allow disbursement.verification_field to be empty #456
  • Integrate wallet address in processing disbursement instructions #453
  • Add user-managed wallets #458
• Add Twilio SendGrid as a supported email client #444

Changed

• Replaced deprecated Circle Accounts API by adopting the Circle API endpoints GET /v1/businessAccount/balances and GET /configuration #433
• PATCH /receiver now allows patching the phone number and email address of a receiver #436
• Increased window for clients to perform token refresh #437
• Other technical changes (#383, #450)

Fixed

• Unable to get a token from the Forgot Password flow after messaging service failure #466
• ReCaptcha blocks retrying verification during wallet registration #473

Removed

• Removed countries from the flow and deleted any references to them from the database #455, #462

Security and Dependencies

• Fix HTML injection vulnerability #419
• Fix HTML escaping #420
• Removed support for the HTTP headers X-XSS-Protection, X-Forwarded-Host, X-Real-IP, and True-Client-IP #448
• Improved validation to ensure the instruction file being uploaded is a *.csv file #443
• Ensure validation of URLs with the HTTPS schema on Pubnet #445
• Add path validation to the readDisbursementCSV method used in integration tests #437
• Bump golangci/golangci-lint-action #380
• Bump golang in the all-docker group #387, #394, #414
• Bump minor and patch dependencies across directories #381, #395, #403, #411, #429, #430, #431, #441.

2.1.1

2.1.1 (diff)

Changed

• Removed calls related to the deprecated Circle Accounts API and replaced them with calls to GET /v1/businessAccount/balances and GET /configuration. #433.

3.0.0-rc.1

3.0.0-rc.1 (diff)

Release of the Stellar Disbursement Platform v3.0.0-rc.1. This release introduces
the option to register receivers using email addresses, in addition to phone numbers.

Breaking Changes

• Renamed properties and environment variables related to Email Registration Support #412
  • Renamed MAX_INVITATION_SMS_RESEND_ATTEMPT environment variable to MAX_INVITATION_RESEND_ATTEMPTS
  • Renamed organization.sms_resend_interval to organization.receiver_invitation_resend_interval_days
  • Renamed organization.sms_registration_message_template to organization.receiver_registration_message_template
  • Renamed disbursement.sms_registration_message_template to disbursement.receiver_registration_message_template

Added

• Ability to register receivers using email addresses
  • Update the receiver_registered_successfully.tmpl HTML template to display the contact info #418
  • Update /wallet-registration/verification to accommodate different verification methods #416
  • Update send and auto-retry invitation scheduler job to work with email #415
  • Update POST /wallet-registration/otp to send OTPs through email #413
  • Rename SMS related fields in organization and disbursement to be more generic #412
  • Update process disbursement instructions to accept email addresses #404
  • Add initial screen so receivers can choose between phone number and email registration during registration #406
  • Add message channel priority or organizations table #400
  • Add MessageDispatcher to SDP to send messages to different channels #391

Security and Dependencies

• Fix HTML Injection Vulnerability #419, Fix HTML escaping #420
• Bump golangci/golangci-lint-action #380
• Bump golang in the all-docker group #387, #394, #414
• Bump minor and patch dependencies across directories #381, #395, #403, #411

2.1.0

2.1.0 (diff)

Release of the Stellar Disbursement Platform v2.1.0. This release introduces
the option to set different distribution account signers per tenant, as well
as Circle support, so the tenant can choose to run their payments through the
Circle API rather than directly on the Stellar network.

This version is only compatible with the stellar/stellar-disbursement-platform-frontend version 2.1.0.

Changed

• Update the name of the account types used for Distribution Accounts to be more descriptive. #285, #311
• When provisioning a tenant, indicate the Distribution account signer type #319
• The DistributionAccountResolver now surfaces the tenant's CircleWalletID for Circle-using tenants #328
• Disable asset management calls when the tenant is using Circle #322
• Bump version of github.com/stellar/go to become compatible with Protocol 21.

Added

• Add a new verification type called YEAR_MONTH #369
• Add the ability to use different signature types per tenant, allowing for more flexibility in the signature service. #289
• Add support to provision tenants with accountType=DISTRIBUTION_ACCOUNT.CIRCLE.DB_VAULT #330
• Circle SDK integration for the backend. #321
• Implement CircleService on top of the CircleClient, in order to automatically route the calls through the correct tenant based on the tenant value saved in the context #331
• Add support for Circle-using tenants when validating the tenant available balance upon disbursement start #309, #336
• Implement joho/godotenv loader #324
• Add support for Circle-using tenants to the db setup-for-network CLI command #327
• Implement the GET /balances endpoint that returns the Circle balance when the tenant is using Circle #325, #329
• Implement the PATCH /organization/circle-config endpoint that allows Circle configuration to be updated for Circle-using tenants #326, #332, #334
• Send Stellar payments through Circle when the tenant uses a CIRCLE distribution account #333
• Implement Circle reconciliation through polling #339, #347
• Add Circle transfer ID to GET /payments endpoints #346
• Add function to migrate data from a single-tenant to a multi-tenant instance #351
• Invalidate Circle Distribution Account Status upon receiving auth error #350, 359
• Add retry for circle 429 requests #362
• Separate Stellar and Circle payment jobs #366, #374
• Misc
  • Reformat the imports using goimports and enforce it through a GH Action #337
  • Added dependabot extra features #349
  • Add CI for e2e integration test for Circle #342, #357
  • Add CI to validate single-tenant to multi-tenant migration #356

Fixed

• Fix SDP helm charts #323, #375
• Fix CF 429 response and anchor patch transaction job for circle accounts #361
• Select the correct error object used in a crash-reporter alert #365
• Fixes post python migration #367
• Make PATCH /receivers/:id validation consistent #371

Security

• Security patch for gorilla/schema and rs/cors #345
• Bump versions of getsentry/sentry-go and gofiber/fiber #352

Deprecated

• Deprecated the use of DISTRIBUTION_SIGNER_TYPE, since this information is now provided when provisioning a tenant #319.
• Remove Freedom Wallet from the list of pubnet wallets #372

2.1.0-rc.1

2.1.0-rc.1

Release of the Stellar Disbursement Platform v2.1.0-rc1. This release introduces the option to set different distribution account signers per tenant, as well as Circle support, so the tenant can choose to run their payments through the Circle API rather than directly on the Stellar network.

This version is only compatible with the stellar/stellar-disbursement-platform-frontend version 2.1.0-rc.1.

Changed

• Update the name of the account types used for Distribution Accounts to be more descriptive. #285, #311
• When provisioning a tenant, indicate the Distribution account signer type #319
• The DistributionAccountResolver now surfaces the tenant's CircleWalletID for Circle-using tenants #328
• Disable asset management calls when the tenant is using Circle #322
• Bump version of github.com/stellar/go to become compatible with Protocol 21.

Added

• Add the ability to use different signature types per tenant, allowing for more flexibility in the signature service. #289
• Add support to provision tenants with accountType=DISTRIBUTION_ACCOUNT.CIRCLE.DB_VAULT #330
• Circle SDK integration for the backend. #321
• Implement CircleService on top of the CircleClient, in order to automatically route the calls through the correct tenant based on the tenant value saved in the context #331
• Add support for Circle-using tenants when validating the tenant available balance upon disbursement start #309, #336
• Implement joho/godotenv loader #324
• Add support for Circle-using tenants to the db setup-for-network CLI command #327
• Implement the GET /balances endpoint that returns the Circle balance when the tenant is using Circle #325, #329
• Implement the PATCH /organization/circle-config endpoint that allows Circle configuration to be updated for Circle-using tenants #326, #332, #334
• Send Stellar payments through Circle when the tenant uses a CIRCLE distribution account #333
• Implement Circle reconciliation through polling #339

Fixed

• Fix SDP helm chart defaults and minimal-values #323

Deprecated

• Deprecated the use of DISTRIBUTION_SIGNER_TYPE, since this information is now provided when provisioning a tenant #319.

2.0.0

2.0.0

Release of the Stellar Disbursement Platform v2.0.0. This release introduces multi-tenancy support, allowing multiple tenants
(organizations) to use the platform simultaneously.

Each organization has its own set of users, receivers, disbursements, etc.

This version is only compatible with the [stellar/stellar-disbursement-platform-frontend] version 2.x.x.

Changed

• Support multi-tenant CLI
  • Make add-user CLI support multi-tenancy #228
  • Change migrations CLI to run for all tenants #89
• Use DB connection pool as dependency injection #207
• Make receiver registration handler tenant-aware #117
• Tag log entries with tenant metadata #192
• Use DistributionAccountResolver instead of passing around distribution public key #212
• Make provision new tenant an atomic operation #233
• Make ready_payments_cancellation job multi-tenant [#223] (#223)

Added

• Tenant Provisioning & Onboarding #84
• Tenant Authentication Middleware #92
• Multi-tenancy connection pool & data source manager #86
• Generate multitenant SEP-1 TOML file #111
• Prepare Signature Service & TSS to support Multi-tenancy
  • Add signature service with configurable distribution accounts #174
  • Aggregate all tx submission dependencies under SubmitterEngine #165
  • Add configurable signature service type #160
  • Allow signature service to be dependency-injected #158
  • Use dependency-injected signature service in channel-account CLI commands #156
• '/tenant' endpoint
  • Setup tenant server #90
  • POST Provision tenant endpoint #97
  • GET Tenant(s) API #93
  • PATCH Tenant API #100
  • DELETE Tenant API #272
• Patch incoming TSS events to Anchor platform #134
• Update DB structure so that TSS resources can be shared by multiple SDP tenants
  • Move all TSS related tables to TSS schema #141
  • Create TSS schema and migrations CLI command [#136](https://github.com/
    /pull/136)
  • Refactor migrations commands to support TSS migrations #123
• Add host distribution account awareness #172
• Wire distribution account to tenant admin table during user provisioning #198
• Prepare transaction submission table to reference tenant #142
• Kafka message broker support
  • Migrate SMS invitation to use message broker from scheduled jobs #133
  • Publish receiver wallet invitation events at disbursement start #182
  • Produce payment events to sync back to SDP [#149] (#149)
  • Produce payment events from SDP to TSS #159
• Implement DistributionAccountDBSignatureClient #197
• Create tenant distribution account during provisioning #224
• Enable payments scheduler job as an alternative to using Kafka #230
• Add default tenant capability to start the SDP in a single tenant mode #249
• Add script to migrate SDP v1.1.6 to V2.x.x #267

Security

• Admin API authentication/authorization #201
• Enable security protocols for Kafka
  • SASL auth #162
  • SSL auth #226

1.1.7

1.1.7

Security

• Bump google.golang.org/protobuf from 1.31.0 to 1.33.0. #270
• Bump golang.org/x/crypto from v0.17.0 to v0.21.0. #269

1.1.6

1.1.6

Attention, this version is compatible with the frontend version 1.1.2.

Changed

• Update the PATCH /receivers/{id} request, so a receiver's verification info is not just inserted but upserted. The update part of the upsert only takes place if the verification info has not been confirmed yet. #205
• Update the order of the verification field that is shown to the receiver during the [SEP-24] flow. The order was (updated_at DESC) and was updated to the composed sorting (updated_at DESC, rv.verification_field ASC) to ensure consistency when multiple verification fields share the same updated_at value.
• Improve information in the error message returned when the disbursement instruction contains a verification info that is different from an already existing verification info that was already confirmed by the receiver. #178
• When adding an asset, make sure to trim the spaces fom the issuer field. #185

Security

• Bump Go version from 1.19 to 1.22, and upgraded the version of some CI tools. #196
• Add rate-limiter in both in the application and the kubernetes deployment. #195

2.0.0-rc1

2.0.0.rc1

First Release Candidate of the Stellar Disbursement Platform v2.0.0. This
release introduces multi-tenancy support, allowing multiple tenants
(organizations) to use the platform simultaneously.

Each organization has its own set of users, receivers, disbursements, etc.

This version is only compatible with the [stellar/stellar-disbursement-platform-frontend] version 2.x.x.

Changed

• Support multi-tenant CLI
  • Make add-user CLI support multi-tenancy #228
  • Change migrations CLI to run for all tenants #89
• Use DB connection pool as dependency injection #207
• Make receiver registration handler tenant-aware #117
• Tag log entries with tenant metadata #192
• Use DistributionAccountResolver instead of passing around distribution public key #212
• Make provision new tenant an atomic operation #233
• Make ready_payments_cancellation job multi-tenant [#223] (#223)

Added

• Tenant Provisioning & Onboarding #84
• Tenant Authentication Middleware #92
• Multi-tenancy connection pool & data source manager #86
• Generate multitenant SEP-1 TOML file #111
• Prepare Signature Service & TSS to support Multi-tenancy
  • Add signature service with configurable distribution accounts #174
  • Aggregate all tx submission dependencies under SubmitterEngine #165
  • Add configurable signature service type #160
  • Allow signature service to be dependency-injected #158
  • Use dependency-injected signature service in channel-account CLI commands #156
• '/tenant' endpoint
  • Setup tenant server #90
  • POST Provision tenant endpoint #97
  • GET Tenant(s) API #93
  • PATCH Tenant API #100
• add-tenant CLI #76
• Patch incoming TSS events to Anchor platform #134
• Update DB structure so that TSS resources can be shared by multiple SDP tenants
  • Move all TSS related tables to TSS schema #141
  • Create TSS schema and migrations CLI command [#136](https://github.com/
    /pull/136)
  • Refactor migrations commands to support TSS migrations #123
• Add host distribution account awareness #172
• Wire distribution account to tenant admin table during user provisioning #198
• Prepare transaction submission table to reference tenant #142
• Kafka message broker support
  • Migrate SMS invitation to use message broker from scheduled jobs #133
  • Publish receiver wallet invitation events at disbursement start #182
  • Produce payment events to sync back to SDP [#149] (#149)
  • Produce payment events from SDP to TSS #159
• Implement DistributionAccountDBSignatureClient #197
• Create tenant distribution account during provisioning #224
• Enable payments scheduler job as an alternative to using Kafka #230

Security

• Admin API authentication/authorization #201
• Enable security protocols for Kafka
  • SASL auth #162
  • SSL auth #226

1.1.5

1.1.5

Fixed

• Trim whitespaces for all disbursement instruction fields during CSV upload to avoid duplication of data #211

Security

• Upgrade golang version to 1.22.1 for security reasons #216