4.2.1

What's Changed

• [ANCHOR-1173] Fix blind SSRF in SEP-10 client_domain resolution by @JiahuiWho in #1915
• [ANCHOR-1179] Fix SEP-12 IDOR via transaction_id in customer endpoints by @JiahuiWho in #1916
• [ANCHOR-1185] Add XDR size validation in SEP-10 and SEP-45 auth endpoint by @JiahuiWho in #1917
• [ANCHOR-1186] Fix MEMO_ID validation to support full Stellar uint64 range by @JiahuiWho in #1918

Full Changelog: 4.2.0...4.2.1

4.2.0

What's Changed

• [ANCHOR-1162] Add optimistic locking to prevent TOCTOU race in transaction processing by @JiahuiWho in #1896
• [ANCHOR-1164] Reject amounts with extreme exponents to prevent OOM by @JiahuiWho in #1903
• [ANCHOR-1165] Fix RPC header auth not being sent in requests by @JiahuiWho in #1904
• [ANCHOR-1167] Fix SEP-45 nonce TOCTOU race condition with atomic verifyAndUse by @JiahuiWho in #1906
• [ANCHOR-1169] Fix unbounded transaction queries in SEP-6 and SEP-24 by @JiahuiWho in #1909
• Remove custody integration support by @JiahuiWho in #1899

Full Changelog: 4.1.8...4.2.0

4.1.8

What's Changed

• [ANCHOR-1157] Fix fall-through in SEP-6 custody payment handler by @philipliu in #1892
• [ANCHOR-1154] Validate SEP-38 quote expiration by @philipliu in #1893
• [ANCHOR-1156] Fix SEP-10 memo validation in SEP24 GET /transaction by @philipliu in #1891
• [ANCHOR-1554] Fix SEP-31 authentication on GET and PATCH by @philipliu in #1895
• [ANCHOR-1153] Limit SEP-1 response body size and redirects by @philipliu in #1894
• [ANCHOR-1163] Upgrade java-stellar-sdk to fix SEP-45 oom by @JiahuiWho in #1900

Full Changelog: 4.1.7...4.1.8

4.1.7

What's Changed

• Fix: Allow ref server chart to configure rpcEnabled by @philipliu in #1875
• Fix: Cast rpcEnabled to string in ref server chart by @philipliu in #1876
• [ANCHOR-1151] Protect event endpoints behind auth by @philipliu in #1880
• Fix: Add callback auth to observer deployment by @philipliu in #1881
• Fix: Pass transaction_id to SEP-12 call in SEP-6 event processor by @philipliu in #1883
• Fix: Set JWT in requests from reference server by @philipliu in #1884
• Fix: Request funds when customer info is updated by @philipliu in #1886
• Fix: Disable JWT auth on platform /health endpoint by @philipliu in #1885

Full Changelog: 4.1.6...4.1.7

4.1.6

What's Changed

• Chore: Update links to the dev docs site by @philipliu in #1869
• [ANCHOR-1147] Fix SEP-45 request validation by @philipliu in #1870

Full Changelog: 4.1.5...4.1.6

4.1.5

What's Changed

• [ANCHOR-1146] Fetch client domain signer over HTTPS by @philipliu in #1865

Full Changelog: 4.1.4...4.1.5

4.1.4

What's Changed

• [DocPoc-AP] Fix configuration comment typos in SEP-6 and SEP-24 by @lijamie98 in #1854
• [DocPoc] Add quick-run docker-compose setup for local development by @lijamie98 in #1855
• Fix: Wrap all RPC exceptions in try/catch in the observer by @philipliu in #1856

Full Changelog: 4.1.3...4.1.4

4.1.3

What's Changed

• [ANCHOR-1145] Fix reference server incorrect async txn handling by @lijamie98 in #1848

Full Changelog: 4.1.1...4.1.3

4.1.2

What's Changed

• [HotFix] Fix the InternalException thrown from notify_onchain_fund_sent in Sep24 deposit transaction by @lijamie98 in #1844
• [ANCHOR-1144] Fix observer not updating latest ledger read and processed by @lijamie98 in #1845

Full Changelog: 4.1.1...4.1.2

4.1.1

Workflow Bug Fixes

• Fix docker push workflow by @lijamie98 in #1831
• Fix Dockerfile failure on Jenkins by @lijamie98 in #1836
• Set TARGETARCH default value to amd64 by @lijamie98 in #1837

Full Changelog: 4.1.0...4.1.1