1.3.0

ACA-Py 1.3.0 introduces significant improvements across wallet types, AnonCreds support, multi-tenancy, DIDComm interoperability, developer experience, and software supply chain management. This release strengthens stability, modernizes protocol support, and delivers important updates for AnonCreds credential handling. A small number of breaking changes are included and are detailed below.

Updates were made to to the askar-anoncreds wallet type (Askar plus the latest AnonCreds Rust library), addressing issues with multi-ledger configurations, multitenant deployments, and credential handling across different wallet types. Wallet profile management was strengthened by enforcing unique names to avoid conflicts in multitenant environments.

AnonCreds handling saw extensive refinements, including fixes to credential issuance, revocation management, and proof presentation workflows. The release also introduces support for did:indy Transaction Version 2 and brings better alignment between the ledger API responses and the expected schemas. Several API documentation updates and improvements to type hints further enhance the developer experience when working with AnonCreds features.

Support for multi-tenancy continues to mature, with fixes that better isolate tenant wallets from the base wallet and improved connection reuse across tenants.

Logging across ACA-Py has been significantly improved to deliver clearer, more actionable logs, while error handling was enhanced to provide better diagnostics for validation failures and resolver setup issues.

Work toward broader interoperability continued, with the introduction of support for the Verifiable Credentials Data Model (VCDM) 2.0, as well as enhancements to DIDDoc handling, including support for BLS12381G2 key types. A new DIDComm route for fetching existing invitations was added, and a number of minor protocol-level improvements were made to strengthen reliability.

The release also includes many improvements for developers, including a new ACA-Py Helm Chart to simplify Kubernetes deployments, updated tutorials, and more updates to demos (such as AliceGetsAPhone). Dependency upgrades across the project further solidify the platform for long-term use.

Significant work was also done in this release to improve the security and integrity of ACA-Py's software supply chain. Updates to the CI/CD pipelines hardened GitHub Actions workflows, introduced pinned dependencies and digests for builds, optimized Dockerfile construction, and improved dependency management practices. These changes directly contribute to a stronger security posture and have improved ACA-Py's OpenSSF Scorecard evaluation, ensuring higher levels of trust and verifiability for those deploying ACA-Py in production environments.

1.3.0 Deprecation Notices

• In the next ACA-Py release, we will be dropping from the core ACA-Py repository the AIP 1.0 RFC 0037 Issue Credentials v1.0 and RFC 0037 Present Proof v1.0 DIDComm protocols. Each of the protocols will be moved to the ACA-Py Plugins repo. All ACA-Py implementers that use those protocols SHOULD update as soon as possible to the AIP 2.0 versions of those protocols (RFC 0453 Issue Credential v2.0 and RFC 0454 Present Proof v2.0, respectively). Once the protocols are removed from ACA-Py, anyone still using those protocols MUST adjust their configuration to load those protocols from the respective plugins.

1.3.0 Breaking Changes

This release includes a small number of breaking changes:

• The DIDComm RFC 0160 Connections protocol is removed, in favour of the newer, more complete RFC 0434 Out of Band and RFC 0023 DID Exchange. Those still requiring RFC 0160 Connections protocol support must update their startup parameters to include the Connections Protocol Plugin. See the documentation for details, but once the ACA-Py instance startup options are extended to include the Connections protocol plugin, Controllers using the Connections protocol should continue to work as they had been. That said, we highly recommend implementers seeking interoperability move to the RFC 0434 Out of Band and RFC 0023 DID Exchange Protocols as soon as possible.
• Schema objects related to did:indy operations have been renamed to improve clarity and consistency. Clients interacting with did:indy endpoints should review and adjust any schema validations or mappings in their applications.

1.3.0 ACA-Py Controller API Changes

• did:indy support added, including a new POST /did/indy/create endpoint.
• Routes that support pagination (such as endpoints for fetching connections or credential/presentation exchange records), now include descending as an optional query parameter and have deprecated the count and start query parameters in favor of the more standard limit and offset parameters.
• validFrom and validUntil added to the Credential and VerifiableCredential objects.
• For consistency (and developer sanity), all Anoncreds references in the ACA-Py codebase have been changed to the more common AnonCreds (see PR #3573). Controller references may have to be updated to reflect the update.

Specifics of the majority of the changes can be found by looking at the diffs for the swagger.json and openapi.json files that are part of the 1.3.0 Release Pull Request. Later pull requests might introduce some additional changes.

What's Changed

• BREAKING: remove connection protocol by @dbluhm in #3184
• ⬆️ Upgrade dependencies by @ff137 in #3455
• Restore connection route tests by @dbluhm in #3461
• chore(deps): Bump sphinx-notfound-page from 1.0.2 to 1.0.4 in /docs by @dependabot in #3464
• chore(deps-dev): Bump ruff from 0.9.2 to 0.9.3 by @dependabot in #3467
• Update dockerfile image after release by @jamshale in #3469
• fix: ensure profile names are unique by @dbluhm in #3470
• Upgrade askar and did_webvh by @jamshale in #3474
• chore(deps): Bump dawidd6/action-download-artifact from 7 to 8 in the all-actions group by @dependabot in #3473
• ✨ Add ordering options to askar scan and fetch_all methods by @ff137 in #3173
• 🎨 Deprecate count/start query params and implement limit/offset by @ff137 in #3208
• Update aries-askar / Generate poetry.lock with poetry 2.0 by @jamshale in #3478
• Anoncreds Issuance - Extra options. by @jamshale in #3483
• Fixing BaseAnonCredsResolver get_revocation_list abstract method by @thiagoromanos in #3484
• feat: add did management design doc by @dbluhm in #3375
• chore(deps): Bump mkdocs-material from 9.5.50 to 9.6.1 by @dependabot in #3486
• chore(deps): Bump sphinx-notfound-page from 1.0.4 to 1.1.0 by @dependabot in #3487
• chore(deps-dev): Bump pytest-asyncio from 0.25.2 to 0.25.3 by @dependabot in #3488
• chore(deps-dev): Bump pydevd from 3.2.3 to 3.3.0 by @dependabot in #3489
• chore(deps-dev): Bump pydevd-pycharm from 251.17181.23 to 251.18673.39 by @dependabot in #3490
• fix typo in error message of indy credential offer by @zoblazo in #3485
• Fix Class import for AnonCreds Registry routes by @PatStLouis in #3495
• Upgrade to bookworm by @jamshale in #3498
• chore(deps): Bump mkdocs-material from 9.6.1 to 9.6.3 by @dependabot in #3504
• Grouped upgrades - Week 7, 2025 by @jamshale in #3508
• Catch and log universal resolver setup error by @jamshale in #3511
• Allow schema id to be used during anoncreds issuance by @jamshale in #3497
• ➕ Re-add git to Dockerfile by @ff137 in #3515
• 🎨 Include the validation error in Unprocessable Entity reason by @ff137 in #3517
• 👷 Dependabot: don't ignore major releases by @ff137 in #3521
• ⚡ Remove --cov from pytest.ini_options by @ff137 in #3522
• ✅ Fix demo playground example tests by @ff137 in #3531
• ⬆️ Upgrade sphinx versions in docs by @ff137 in #3530
• Create ReuseConnection.md by @MonolithicMonk in #3534
• Add reuse document to MkDocs YML to add to doc site by @swcurran in #3535
• chore(deps): Bump pytest-asyncio from 0.23.8 to 0.25.3 in /demo/playground/examples by @dependabot in #3533
• Add did:indy transaction version 2 support by @jamshale in #3253
• chore(deps): Bump prompt-toolkit from 2.0.10 to 3.0.50 by @dependabot in #3526
• chore(deps): Update sphinx requirement from ~=8.1.3 to ~=8.2.1 by @dependabot in #3539
• chore(deps): Bump ossf/scorecard-action from 2.4.0 to 2.4.1 in the all-actions group by @dependabot in #3541
• Add vcdm 2.0 model and context by @PatStLouis in #3436
• Remove base wallet type must be new wallet type restriction by @jamshale in #3542
• fix: connection reuse with multi-tenancy by @dbluhm in #3543
• fix: tenant access to endpoints leading to access the base wallet by @thiagoromanos in #3545
• ⬆️ Upgrade poetry to 2.1 by @ff137 in #3538
• 🐛 Fix: allow multitenant askar-anoncreds wallets to present indy credentials by @ff137 in #3549
• 🐛 Fix: allow anoncreds wallet to delete indy credentials by @ff137 in #3551
• Fix prompt for alice/faber demo by @ianco in #3553
• Fix revocation accum sync when endorsement txn fails by @jamshale in #3547
• chore(deps): Bump dawidd6/action-download-artifact from 8 to 9 in the all-actions group by @dependabot in #3548
• chore(deps): Bump python-json-logger from 3.2.1 to 3.3.0 by @dependabot in #3566
• Update acapy images to 1.2.3 by @jamshale in #3571
• Fix missing log_timer import in acme.py by @parth5805 in #3562
• ⚡ Automatically use pytest-xdist to run tests in parallel by @ff137 in #3574
• Repair anoncreds holder revocation list request by @jamshale in #3570
• Anoncreds proof validation issue (once credential has been revoked) by @ianco in #3557
• ✨ Refactor TailsServer injection pattern by @ff137 in #3587
• 📝 Update README by @ff137 in #3588
• 🐛 Fix: Register both askar and anoncreds plugins for multitenancy by @ff137 in #3585
• ⬆️ Upgrade ruff to 0.11 by @ff137 in #3589
• ⬆️ Update lock file by @ff137 in #3590
• Update changed-files to non vulnerable version by @ryjones in #3591
• chore(deps): Bump aiohttp-cors from 0.7.0 to 0.8.0 by @dependabot in #3593
• Indicate when interop tests fail by @jamshale in #3592
• chore(deps): Bump tj-actions/changed-files from 45.0.9 to 46.0.1 in the all-actions group by @dependabot in #3598
• Upgrade docker images to release 1.2.4 by @jamshale in #3597
• 🐛 Fix auto creation of revocation registries by @ff137 in #3601
• fix: Support askar-anoncreds backend in multi-ledger configuration by @MonolithicMonk in #3603
• Repair BDD integration release tests by @jamshale in #3605
• 1.3.0rc0 by @swcurran in #3604
• 🐛 Fix unchanged endpoint being rewritten to ledger by @ff137 in #3608
• chore(deps-dev): Bump pre-commit from 4.1.0 to 4.2.0 by @dependabot in #3606
• chore(deps): Bump tj-actions/changed-files from 46.0.1 to 46.0.3 in the all-actions group by @dependabot in #3610
• fix(ledger): correct response format for /ledger/get-write-ledgers endpoint by @MonolithicMonk in #3613
• Fix demo implementation of vc_di cred issue by @ianco in #3609
• feat(demo): remove broken aip 10 and fix aip 20 by @davidchaiken in #3611
• Create Acapy Helm Chart by @i5okie in #3599
• 🎨 Use correct model for sending AnonCreds presentation by @ff137 in #3618
• chore(demo): remove aip 10 code by @davidchaiken in #3619
• fix: align ledger config schema with API response by @MonolithicMonk in #3615
• chore(deps-dev): Bump pytest-asyncio from 0.25.3 to 0.26.0 by @dependabot in #3621
• chore(deps): Bump pytest-asyncio from 0.25.3 to 0.26.0 in /demo/playground/examples by @dependabot in #3620
• (fix) VM resolution strategy correction by @gmulhearn in #3622
• Fetch existing invitation route by @PatStLouis in #3572
• 1.3.0-rc1 by @swcurran in #3628
• Devcointainer and docs update by @esune in #3629
• chore(deps-dev): Bump pytest-cov from 6.0.0 to 6.1.1 by @dependabot in #3631
• chore(deps): Bump tj-actions/changed-files from 46.0.3 to 46.0.4 in the all-actions group by @dependabot in #3635
• ⬆️ Weekly dependency updates by @ff137 in #3634
• chore(deps): Update qrcode[pil] requirement from ~=8.0 to ~=8.1 by @dependabot in #3632
• AliceGetsAPhone demo works in local docker environment by @davidchaiken in #3623
• Use current version of aca-py in devcontainer by @esune in #3638
• ✨ Don't shutdown on ledger error by @ff137 in #3636
• ✨ Improve logging in core components by @ff137 in #3332
• 🐛 Fix publishing all pending AnonCreds revocations by @ff137 in #3626
• Add BLS12381G2 keys to multikey manager by @gmulhearn in #3640
• 🎨 Rename Anoncreds to AnonCreds by @ff137 in #3573
• 🎨 Replace print statements in Banner with info log by @ff137 in #3643
• chore(deps): Bump tj-actions/changed-files from 46.0.4 to 46.0.5 in the all-actions group by @dependabot in #3648
• 👷 Fix Docker Caching by @rblaine95 in #3653
• 👷 Split Docker Builds by @rblaine95 in #3654
• 🐛 Fix public did no longer being correctly configured by @ff137 in #3646
• 👷 🧑‍💻 Optimize Docker build to reduce cache invalidation by @rblaine95 in #3655
• 🎨 Fix swagger tag names for AnonCreds endpoints by @ff137 in #3661
• 🧪 Fix test warnings by @ff137 in #3656
• 🎨 Add type hints to anoncreds module by @ff137 in #3652
• 🎨 Add type hints to messaging/jsonld by @ff137 in #3650
• chore(deps): Bump markdown from 3.7 to 3.8 by @dependabot in #3644
• 🎨 Make ledger config more readable by @ff137 in #3664
• (fix) VM resolution strategy correction for embedded VMs by @gmulhearn in #3665
• 🎨 Rename did:indy create/response schema objects by @ff137 in #3663
• chore(deps): Bump packaging from 24.2 to 25.0 by @dependabot in #3667
• 📌 Pin Actions to a full length commit SHA and image tags to digests by @step-security-bot in #3668
• 👷 Update dependabot file by @ff137 in #3669
• 🔒 ci: Harden GitHub Actions by @step-security-bot in #3670
• 🔒 Update Token Permissions in GitHub Actions by @ff137 in #3678
• chore(deps): Bump pydantic from 2.10.3 to 2.11.3 in /scenarios by @dependabot in #3677
• chore(deps): Bump pytest-asyncio from 0.23.8 to 0.26.0 in /scenarios by @dependabot in #3676
• chore(deps): Bump github/codeql-action from 3.28.15 to 3.28.16 in the all-actions group by @dependabot in #3675
• 🐛 Fix permissions in nightly publish job by @ff137 in #3682
• chore(deps-dev): Bump pydevd-pycharm from 251.23774.211 to 251.25410.24 by @dependabot in #3683
• 1.3.0rc2 by @swcurran in #3687
• chore(deps): Bump untergeek/curator from 8.0.16 to 8.0.21 in /demo/elk-stack/extensions/curator by @dependabot in #3685
• chore(deps): Bump actions/setup-python from 5.5.0 to 5.6.0 in the all-actions group by @dependabot in #3688
• 👷 Skip sonar-merge-main workflow if github actor is dependabot by @ff137 in #3691
• fix: multiuse invite derived conns should have msg id by @dbluhm in #3692
• 🐛 Fix reading expected key in TAA by @ff137 in #3693
• (fix) W3C LDP Fixes for alternative VMs by @gmulhearn in #3641
• 1.3.0 by @swcurran in #3696

New Contributors

• @zoblazo made their first contribution in #3485
• @parth5805 made their first contribution in #3562
• @davidchaiken made their first contribution in #3611
• @i5okie made their first contribution in #3599
• @step-security-bot made their first contribution in #3668

Full Changelog: 1.2.1...1.3.0