v1.6.1

Update: this version will not run properly for SEP-24 deployments. Use version 1.6.2 or higher.

v1.6.0

Update: this version will not run properly for SEP-24 deployments. Use version 1.6.2 or higher.

Features

• SEP-6,24,31: Allow source and destination accounts to differ from the SEP-10 authenticated account
  • This means Transaction.stellar_account may not match Transaction.to_address or Transaction.from_address
• SEP-6,24: Add the features object to GET /info response bodies
• SEP-24: Update the more_info.html templates labels to be more user-friendly
• SEP-24: Add asterisks to require field labels
• SEP-24: Allow custom titles for the more_info.html and error.html templates

Database Migrations

• Added the Transaction.amount_expected column
  • This column can be used to detect that the client sent an amount that differs from the amount they specified in a form or API call

Miscellaneous

• Moved all JavaScript code from Polaris' HTML templates to script files

Breaking Changes

• Downgrades psycopg2-binary to <2.9
  • Django 2.2 is incompatible with pyscopg2 2.9 #1293

v1.5.2

Bug Fixes

• SEP-24: when the TransactionForm's amount field was provided an initial value, the fee table would not be updated on page load, but is now

v1.5.1

Bug Fixes

• Fixes the fee calculation logic for the SEP-24 UI
  • This bug affected anchors that do not have a custom fee integration function.

v1.5.0

Features

• SEP-6: Added PATCH /transactions endpoint and integration function.
• SEP-24: Added the ability to add a type field to TransactionForms.
• SEP-24: Allow anchors to place transactions in pending_anchor after collecting KYC information.
• SEP-24: Added support for hidden fields in forms.
• SEP-24: Added ADDITIVE_FEES_ENABLED environment variable and setting
• SEP-12: Added POST /customer/verification endpoint and integration function. Also updated GET /customer response format to support the new "provided_fields" object.
• SEP-10: Update JWT's to be deterministic based on the challenge transaction provided in the request.

Database Migrations

• The blank=True keyword argument was added to Asset.distribution_seed, Transaction.completed_at, Transaction.paging_token, and Transaction.protocol.
  • This option allows these fields to be saved without a value in forms. It also allows None values to be stored as '' in database character and text fields instead of using NULL values.

Bug Fixes

• SEP-24: If 7 decimal places are needed to denominate an Asset, the more_info.html template would render the amounts using exponent notation. This is no longer the case.
• SEP-24: Removed "transaction" and "transactions" objects from GET /info response, which were not a part of the protocol.
• SEP-9: Fixed a typo in the hard-coded photo_proof_address field used for detecting request parameters
• SEP-6, 24, 31: GET /info responses no longer include min_amount and max_amount attributes if they have been updated to be different than the default values.
• Fixed transaction sequence number error for testnet reset subcommand, occurring when setting the home domain of a Stellar account.
• SEP-10: POST requests missing a "transaction" object no longer cause 500 responses

v1.4.1

Dependencies

• Upgrades stellar-sdk to 2.13.0, compatible with Protocol 17

v1.4.0

Features

• Adds SEP-10 Client Attribution support
  • Generates and verifies SEP-10 challenges including client domains
  • Adds the following environment variables:
    • SEP10_CLIENT_ATTRIBUTION_REQUIRED
    • SEP10_CLIENT_ATTRIBUTION_REQUEST_TIMEOUT
    • SEP10_CLIENT_ATTRIBUTION_ALLOWLIST
    • SEP10_CLIENT_ATTRIBUTION_DENYLIST
• Makes the expiration for SEP-24's interactive flow customizable using the INTERACTIVE_JWT_EXPIRATION environment variable
• Makes SEP-6 /deposit and /withdraw min_amount and max_amount response attributes optional and overridable
• Streams Stellar transactions from the beginning of each distribution account's history if no transactions are present for that account

Database Migrations

• Adds the client_domain column to the Transaction model, and is present if provided by the client in SEP-10

Bug Fixes

• The fee and total displayed in the SEP-24 interactive flow's "Amount" page updates correctly on high-speed input
  • Previously, adding or removing characters quickly could result in an incorrect fee and total displayed
• The amount input on the "Amount" page cannot be covered by the Asset symbol
  • Previously, a symbol longer than 4 characters would cover the amount inputed by a user

Breaking Changes

• Polaris now re-queries Transaction objects returned from DepositIntegration.poll_pending_deposits(). If you make changes to a Transaction instance without saving those changes to the database, those changes will now be lost. Update your poll_pending_deposits() implementation to save all changes to Transaction objects returned.

v1.3.2

Bug Fixes

• Transaction.pending_execution_attempt was not being set back to False in several cases. If a Stellar account did not have a trustline to the asset prior to poll_pending_deposits first polling the transaction's status, the transaction would not be submitted at all.

If either version 1.3.0 or 1.3.1 was deployed to production, you can ensure any affected transactions are processed normally by updating Transaction.pending_execution_attempt to False for transactions currently in the pending_trust status.

If you run multiple check_trustlines processes, you'll need to temporarily stop them and wait a moment before executing the query to ensure it does not cause transactions currently being submitted by one process to get submitted again by the other.

v1.3.1

Bug Fixes

• A migration file would fail to execute if SEP-24 URLs were not included in the project's URL configuration. This patch ensures the migration will success regardless of the project's URL configuration.

v1.3.0

Features

• SEP-10 v3.1 support
• Claimable Balance support for SEP-6
• Supports on_change_callback parameters for both SEP-6 & 24
• Adds SEP6_USE_MORE_INFO_URL environment variable, defaults to False
• Supports a local-stellar.toml static file for when LOCAL_MODE is True
• Supports setting ACTIVE_SEPS as an environment variable

SEP Updates

• Supports sep12 objects in SEP-31 /info responses
• Allows SEP-12 GET /customer requests without id or account parameters
• Supports type parameter in SEP-12 PUT /customer requests
• Supports amount and country_code parameters to SEP-6 deposit & withdraw requests
• Supports SEP-12 /customer/callback endpoint and adds CustomerIntegration.callback() integration function
• Adds id response attribute to SEP-6 /deposit & /withdraw responses

Database Migrations

• Encrypts the Transacation.channel_seed column (bug fix)
• Adds Transaction.more_info_url column
• Adds Transaction.on_change_callback column
• Adds Transaction.pending_execution_attempt column

Bug Fixes

• Content from DepositIntegration.instructions_for_pending_deposit() no longer appears on withdraw more_info.html pages
• WithdrawIntegration.content_for_template() is now called for withdraw more_info.html requests instead of DepositIntegration.content_for_template()
• All SEP-24 endpoints now accept non-application/x-www-form-encoded request data (/webapp and /complete did not)
• SEP-31 POST /transactions endpoint now returns 201, not 200
• callback requests are only made once, instead of every time more_info.html page loads with the parameter included
• Converts UTC datetimes to local time in more_info.html
• It is now safe to run multiple concurrent processes of the poll_pending_deposits, check_trustlines, or execute_outgoing_transactions commands