0.19

0.19.0

Features

Issuer2 and OpenID4VCI

  • Overhaul of the issuer2 system, which is now enabled by default, allowing users to use the new profile system to issue credentials.
  • Added support for tx-code during pre-auth flow.
  • Added support for wallet initiated issuance.
  • Improved general interface for better auth code flow support.
  • Improved issuer2 capabilities: notifications, webhooks, SD-JWT VCT hosting, metadata coverage, and data-function mapping for W3C and SD-JWT VC profiles (#345).
  • OAuth expires_in support aligned with issuer metadata expectations (#345).
  • Repository-backed issuance session and profile storage with improved lookups; stored issuance session tests (#403).

VICAL, X.509 store, and X.509 service

  • Replaced the legacy VICAL registry and certificate-store stack with a persisted feed model, version directories, manifest and trust-material storage, and dedicated publication vs registry controllers (#399).
  • Added publication-time validation, signer chain rules, registry retrieval for latest and version-specific artifacts, and OpenAPI documentation for publication and registry surfaces (#399).
  • Ported X.509 store and X.509 service toward the shared enterprise interface/implementation split, required key resolution, and improved hosted-certificate checks (#399).
  • Secured previously unauthenticated VICAL endpoints and completed integration testing hardening (WAL-825) (#399).

Credential status

  • Fixed CWT encoding (binary vs hex), added x5c-oriented token status list support, and corrected JWT/CWT kid generation for status-list credentials (#402).
  • Added delete endpoint for status lists; removed redundant kid from x5c TSL where applicable (#402).
  • Configurable content-type for status-list cloud storage; MongoDB workflow and image version parameterization for integration tests (#402).

Platform

  • Dependencies component for managing DID stores and KMS services during enterprise service creation (#399).
  • /v2/ routing support in Caddyfile and Kubernetes deployment configurations (#399).

Fixes and improvements

  • In-memory persistence adapter: nested JSON path sorting, EncodeDefault fixes, and calculation corrections (#403).
  • Swagger and documentation improvements for CWT status list surfaces (#402).
  • Various test harness cleanups and dependency-related test coverage for VICAL publication flows (#399).

Breaking changes

  • VICAL and X.509 certificate store: Legacy VICAL registry and certificate-store APIs and resources were removed in favor of the new service model, storage layout, and permission mappings. Deployments and clients using the old VICAL or certificate-store endpoints must migrate to the new publication/registry APIs and updated X.509 service configuration (#399).
  • Fixes to the Bitsting Status List: Due to the changes made to fix the Bitstring Status List, you may need to update your status list configuration or republish your status lists. Please review the accompanying breaking change guide and select the appropriate migration path based on your existing setup.
Last updated on April 14, 2026
0.180.7