3.0.0

This release contains the exact same content as 3.0.0-beta1. Below is the changelog since 2.2.3.

Update

• fix: use OkHttp's public SSE factory for Horizon streams and force SSE requests to bypass caches. (#791)
• feat: sort ScMap entries by key in Scv.toMap following Soroban runtime ordering rules, as the network requires ScMap keys to be in ascending order. Scv.toMap now accepts Map<SCVal, SCVal>; the previous toMap(LinkedHashMap<SCVal, SCVal>) overload is deprecated. (#766)
• feat: add SEP-0051 support. (#774)
• feat: add closeTime, headerXdr, and metadataXdr to GetLatestLedgerResponse. (#768)
• chore: update various dependencies to the latest compatible versions. (#786, #790)
• docs: add more detailed API and XDR generator documentation. (#783, #784)
• chore: building the project from source now requires JDK 21 and Gradle 9.4.1. Published SDK artifacts still target Java 8 bytecode. (#788, #789)
• chore: bump generated XDR definitions to stellar-xdr v26.0, including the v25.0 changes introduced earlier in this release cycle. (#769, #781)

Breaking changes

• refactor!: remove deprecated StrKey helpers encodeEd25519PublicKey(AccountID), encodeMuxedAccount(MuxedAccount), decodeMuxedAccount(String), encodeToXDRAccountId(String), and encodeToXDRMuxedAccount(String); use StrKey.encodeEd25519PublicKey(byte[]), org.stellar.sdk.MuxedAccount, and KeyPair#getXdrAccountId() instead. (#779)

3.0.0-beta1

Update

• chore: re-release of 3.0.0-beta0; no SDK changes. The prior tag failed to reach Maven Central because the release workflow still invoked the old publishAggregationToCentralPortal task name after the nmcp plugin switch.

3.0.0-beta0

Update

• fix: use OkHttp's public SSE factory for Horizon streams and force SSE requests to bypass caches. (#791)
• feat: sort ScMap entries by key in Scv.toMap following Soroban runtime ordering rules, as the network requires ScMap keys to be in ascending order. Scv.toMap now accepts Map<SCVal, SCVal>; the previous toMap(LinkedHashMap<SCVal, SCVal>) overload is deprecated. (#766)
• feat: add SEP-0051 support. (#774)
• feat: add closeTime, headerXdr, and metadataXdr to GetLatestLedgerResponse. (#768)
• chore: update various dependencies to the latest compatible versions. (#786, #790)
• docs: add more detailed API and XDR generator documentation. (#783, #784)
• chore: building the project from source now requires JDK 21 and Gradle 9.4.1. Published SDK artifacts still target Java 8 bytecode. (#788, #789)
• chore: bump generated XDR definitions to stellar-xdr v26.0, including the v25.0 changes introduced earlier in this release cycle. (#769, #781)

Breaking changes

• refactor!: remove deprecated StrKey helpers encodeEd25519PublicKey(AccountID), encodeMuxedAccount(MuxedAccount), decodeMuxedAccount(String), encodeToXDRAccountId(String), and encodeToXDRMuxedAccount(String); use StrKey.encodeEd25519PublicKey(byte[]), org.stellar.sdk.MuxedAccount, and KeyPair#getXdrAccountId() instead. (#779)

2.2.2

Update

• fix: add stricter validation for Ed25519 Signed Payload. (#751)
• fix: replace assert statements with explicit null checks in Federation class to ensure validation is not bypassed when assertions are disabled. (#752)
• fix: add overflow check in TimeBounds.expiresAfter() to prevent integer overflow when timeout is too large. (#753)
• fix: add validation for ManageDataOperation value length to ensure it does not exceed 64 bytes. (#754)
• fix: use StandardCharsets.UTF_8 explicitly when converting byte arrays to strings to ensure consistent behavior across different platforms. (#756)
• refactor: use static initialization for GsonSingleton to ensure thread safety. (#757)
• fix: use commons-codec for hex encoding/decoding in Util class to properly validate input and throw clear exceptions for invalid hex strings. (#758)
• fix: improve XDR decoding security and correctness. (#759)
  • Add decoding depth limit to prevent stack overflow (default: 200)
  • Add input length tracking to prevent DoS via oversized allocations
  • Validate variable-length array/opaque/string sizes before allocation
  • Validate variable-length types don't exceed declared max size
  • Validate fixed-length opaque/array sizes match declared size
  • Fix short read handling for opaque/string with proper padding
  • Remove incorrect auto-padding from read(byte[], int, int)
  • Reject unknown union discriminant values when no default arm
  • Validate boolean/optional flags are strictly 0 or 1 per RFC 4506
  • Fix EOF handling in single-byte read
  • Deprecate unsafe readIntArray/readFloatArray/readDoubleArray methods
• fix: prevent DoS attacks in Federation by limiting stellar.toml and federation response sizes to 100KB, adding proper timeouts, and handling UTF-8 BOM. (#760)

2.2.1

Update:

• fix: KeyPair.fromPublicKey now accepts any 32-byte public key, even if it is not a valid Ed25519 public key point (e.g., all zeros like GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHF). Such keypairs can still be used for address representation but will throw IllegalStateException when attempting to verify signatures.

2.2.0

Update:

• feat: add AUTH_CLAWBACK_ENABLED_FLAG to AccountFlag. (#743)
• fix: remove diagnosticEventsXdr from org.stellar.sdk.responses.sorobanrpc.Events. Use GetTransactionResponse.diagnosticEventsXdr and GetTransactionsResponse.Transaction.diagnosticEventsXdr instead. (#744)
• feat: add SEP-45 (Stellar Web Authentication for Contract Accounts) support. Check Sep45Challenge class for more details. (#746)
• chore: update outdated documentation.

2.1.0

Update:

• feat: add endLedger field to GetEventsRequest. (#739)

2.0.0

This release adds support for Protocol 23.

This release contains the exact same content as 2.0.0-beta3. Below is the changelog since 1.5.1.

Update:

• feat: add pollTransaction method to SorobanServer to poll transaction status with retry strategy. (#696)
• feat: implement message signing and verification according to SEP-53, check KeyPair.signMessage and KeyPair.verifyMessage for more details. (#698)
• feat: add isValidEd25519SecretSeed, isValidPreAuthTx and isValidSha256Hash to StrKey class, these functions can be used to validate the corresponding strkey. (#702)
• feat: add med25519 public key support to StrKey. (#702)
• feat: add liquidity pool and claimable balance support to StrKey. (#701)
• feat: add muxed account, liquidity pool and claimable balance support to Address class. (#703)
• feat(SorobanServer): add destinationMuxedId to InvokeHostFunctionOperationResponse.AssetContractBalanceChange. (#710 and (#705))
• feat(SorobanServer): add events field to GetTransactionsResponse.Transaction and GetTransactionResponse. (#707)
• feat(SorobanServer): add oldestLedger, latestLedgerCloseTime and oldestLedgerCloseTime fields to GetEventsResponse, and add transactionIndex and operationIndex fields to GetEventsResponse.EventInfo, check Stellar RPC release log for more information.
• feat(SorobanServer): add support for non-root authorization in SorobanServer#simulateTransaction. (#708)
• feat: add isValidSignedPayload to StrKey class, this function can be used to validate the ed25519 signed payload. (#712)
• feat: add signExtraSignersPayload to sign extra signers payloads in Transaction class. (#713)
• refactor: add balance id validation. (#722)
• fix: fix handling of transaction metadata versioning in AssembledTransaction class. (#723)
• refactor: add validation for asset issuer. (#725)
• refactor: add validation for liquidity pool ID length in TrustLineAsset. (#726)

Breaking changes:

• chore: upgrade generated XDR definitions to Protocol 23. (#699)
• refactor!: the following functions in StrKey are marked as deprecated, they will be removed in the next major release; please refer to the documentation for each function to see the corresponding replacement functions: (#702)
  • StrKey#encodeEd25519PublicKey(AccountID)
  • StrKey#encodeMuxedAccount(MuxedAccount)
  • StrKey#decodeMuxedAccount(String)
  • StrKey#encodeToXDRAccountId(String)
  • StrKey#encodeToXDRMuxedAccount(String)
• refactor!: rename readBytes to diskReadBytes and update related methods in SorobanDataBuilder. (#700)
• refactor(HorizonServer)!: remove numArchivedContracts and archivedContractsAmount from AssetResponse. (#704)
• refactor(SorobanServer)!: GetTransactionsResponse.Transaction#getDiagnosticEventsXdr() and GetTransactionsResponse.Transaction#parseDiagnosticEventsXdr() has been marked as deprecated, they will be removed in Stellar RPC soon, use GetTransactionsResponse.Transaction#getEvents() instead. (#706)
• refactor(SorobanServer)!: remove deprecated pagingToken field from GetEventsResponse.EventInfo. (#707)
• refactor(SorobanServer)!: inSuccessfulContractCall in GetEventsResponse.EventInfo has been marked as deprecated, it will be removed in the next release. (#707)
• feat: add org.stellar.sdk.SignerKey for enhanced signer key handling. (#712)
  • org.stellar.sdk.Signer and org.stellar.sdk.SignedPayloadSigner has been removed, use org.stellar.sdk.SignerKey instead.
  • The StrKey#encodeSignedPayload(SignedPayloadSigner) and StrKey#decodeSignedPayload(String) methods now operate on raw byte[] instead of the SignedPayloadSigner object to provide more flexibility.
  • KeyPair#fromXdrSignerKey() and KeyPair#getXdrSignerKey() have been removed, use org.stellar.sdk.SignerKey instead.
  • The type of TransactionPreconditions#extraSigners has been changed from List<org.stellar.sdk.xdr.SignerKey> to List<org.stellar.sdk.SignerKey>.
  • The type of SetOptionsOperation#signer has been changed from org.stellar.sdk.xdr.SignerKey to org.stellar.sdk.SignerKey.
  • The type of RevokeSignerSponsorshipOperation#signer has been changed from org.stellar.sdk.xdr.SignerKey to org.stellar.sdk.SignerKey.

Full Changelog: 1.5.0...2.0.0

2.0.0-beta3

Update

• fix: fix muxed account handling in Address class. (#733)

Full Changelog: 2.0.0-beta2...2.0.0-beta3

2.0.0-beta2

Update:

• refactor: add validation for asset issuer. (#725)
• refactor: add validation for liquidity pool ID length in TrustLineAsset. (#726)
• fix: isolate Kotlin dependency to test scope. (#731)

Full Changelog: 2.0.0-beta1...2.0.0-beta2