1.1.5

1.1.5

Fixed

• Trim whitespaces for all disbursement instruction fields during CSV upload to avoid duplication of data #211

Security

• Upgrade golang version to 1.22.1 for security reasons #216

1.1.4

1.1.4

Fixed

• Fix the insufficient balance validation by only considering payments with same asset of the disbursement being started #202

Security

• Update golang.org/x/crypto version to v0.17.0 for security reasons #202

1.1.3

1.1.3

Fixed

• SEP24 registration flow not working properly when the phone number was not found in the DB #187
• Fix distribution account balance validation that fails when the intended asset is XLM #186

1.1.2

1.1.2

Fixed

• Re-add missing recaptcha script #179

1.1.1

1.1.1

Fixed

• TSS amount precision #176

1.1.0

1.1.0

Changed

• Change POST /disbursements to accept different verification types #103
• Change SEP-24 Flow to display different verifications based on disbursement verification type #116
• Add sorting to GET /users endpoint #104
• Change read permission for receiver details to include business roles #144
• Add support for unique payment ID to disbursement instructions file as an optional field in GET /payments/{id} #131
• Add support for SMS preview & editing before sending a new disbursement #146
• Add metadata for users that created and started a disbursement in disbursement details GET /disbursements, GET /disbursements/{id} #151
• Update CI check to run the exhaustive validator #163
• Preload reCAPTCHA script in attempt to mitigate component loading issues upon login #152
• Validate distribution account balance before starting disbursement #161

Added

• Support automatic cancellation of payments in READY status after a certain time period #121
• API endpoint for cancelling payments in READY status: PATCH /payments/{id}/status #130
• Use CI to make sure the helm README is up to date #164

Fixed

• Verification DOB validation missing when date is in the future #101
• Support disbursements from two or more wallet providers to the same address #87
• [TSS] Stale channel account not cleared after switching distribution keys #91
• Make setup-wallets-for-network tests more flexible #95
• Make POST /assets idempotent #122
• Add missing space when building query #121

Security

• Stellar Protocol 20 Horizon SDK upgrade #107
• Coinspect Issues:
  • Add "Secure Operation Manual" section and updated the code to enforce MFA and reCAPTCHA #150
  • Coinspect SDP-006 Weak password policy #143
  • Coinspect SDP-007: Log user activity when updating user info #139
  • Coinspect SDP-012 Enhance User Awareness for SMS One-Time Password (OTP) Usage #138

1.0.1

1.0.1

Changed

• Update log message for better debugging. #125

Fixed

• Fix client_domain from the Vibrant Assist wallet. #126

1.0.0

1.0.0

Added

• API endpoints for managing Wallet Providers:
  • Add Wallet Providers. #17
  • Soft delete a Wallet Provider. #19
  • Patch a Wallet Provider's status. #37
• Introduced metrics and Grafana dashboard for monitoring payment transactions in TSS. #21
• TSS documentation. #25
• Phone number validation before sending OTP. #38
• Add Vibrant Assist RC to the list of supported wallets in pubnet #43
• Store Anchor Platform transaction ID in the database when registering a new receiver. #44
• Documentation for CRASH_TRACKER_TYPE env variable. #49
• Add a job to periodically sync the transaction status back to the Anchor Platform #55
• Introduce a retry mechanism for SMS invitations. #60
• Add proper error messages when receiver exceeds the maximum number of attempts to validate their PII. #62

Changed

• Add validation and flags to countries dropdown during receiver registration. #33
• Update transaction worker to use Crash Tracker on failed transactions #39
• Increase the default maximum number of attempts for a receiver to validate their PII. #56
• Prevent users from deactivating their own accounts. #58
• Stop enforcing ECDSA only and allow any EC public/private keys at least as strong as EC256 #61
• Refactor SMS invitation service #66
  • Removed the environment variables MAX_RETRIES and MIN_DAYS_BETWEEN_RETRIES.
  • Added the environment variable MAX_INVITATION_SMS_RESEND_ATTEMPTS to control the maximum number of attempts to send an SMS invitation. The default value is 3.
• API Tweaks:
  • Change PATCH /organization endpoint to allow updating the SMS templates. #47
  • Add the ability to filter supported assets by wallets. #35
  • Add wallets filtering by enabled flag #72
  • Return SMS templates in GET /organization endpoint. #63

Fixed

• Stellar.Expert URL in env-config.js for dev environment setup. #34
• Patch the correct transaction data fields in AnchorPlatform. #40
• Sep10 domain configuration for Vibrant wallet on Testnet. #42
• The SMS invitation link for XLM asset. #46

Security

• Added application activity logs for account lifecycle, password management and user access patterns. #29

1.0.0-rc2

1.0.0-rc2

Added

• Support to XLM disbursements. #1
• Helm chart documentation. #9
• PATCH /profile/reset-password endpoint to reset the password. #18

Changed

• Helmchart changes:
  • (BREAKNG CHANGE) Refactor helmchart for consistency. #5
  • Add minimal-values.yaml file to the helm folder, so it becomes easier to configure it. #20
  • Update Helm charts to include the frontend dashboard as part of the release. #3
• Default MAX_BASE_FEE is now higher, to prevent low-fee error responses. #8
• Changed job frequency for more real-time updates. #12
• Change OTP message for better UX. #23
• API tweaks:
  • GET /receiver/{id} now returns the list of verification fields in the receiver object. #4
  • GET /profile now includes the user id in the json response. #2
  • Standardize 401 API responses #15.
  • Changed the window in which the refresh token can be generated. #7

Fixed

• TSS Channel Account management commands now can handle parallel calls. #6
• Horizon error parsing to use the default HorizonErrorWrapper class. #13
• API response that should be 401 instead of 500. #14

Security

• Removed CLI flag that could disable private key encryption in the database. $24
• Add job to periodically check if the AP is auth protected. #10
• Add stronger password validation throughout the project. #22

1.0.0-rc1

Release Candidate: Stellar Disbursement Platform (SDP) Backend 1.0.0-rc1

🚀 What's New:

• Bulk Payments: SDP enables organizations to make bulk payments over the Stellar network. Upload a CSV, and the system handles everything from inviting recipients to verifying their information and making payments.
• Enhanced Receiver Verification: Includes three types of verification information to choose from: Date of Birth, Personal PIN, and National ID.
• Improved Distribution: The platform consists of four services, including a user-friendly dashboard, a core service, an anchor platform, and a (high volume) transaction submission service.
• Wallet Integration: Supports Stellar-enabled wallet applications and guides the recipient through the process of setting up an SDP-compatible wallet.
• Dependency Updates: Packaged as Docker containers and support for Kubernetes (via Helm Chart) or AWS Fargate, utilizing Postgres, Twilio or AWS for messaging.
• New Dashboard: The SDP Backend works together with Stellar Disbursement Platform Front-End UI.

📝 Documentation:

• Visit the SDP Stellar Developer Documentation for API documentation and a comprehensive guide to help organizations set up and test the SDP locally, from creating and funding distribution accounts to making the first disbursement.
• Contribute to the Docs landing page for any documentation questions or feedback. We greatly appreciate it!

🎉 Join Us:

We're excited about this release candidate and welcome pull requests, feedback, testing, and contributions. Thank you!