Release Version 4.39.0 (July 09, 2025)

Check configuration changes and apply them in the application.yaml if the default configuration has been overridden there

Check if the release contains migrations. Migrations can affect deployment and downtime.

Use GET /i18n/export/{fileName} to download files with the current i18n properties. Check if the downloaded file is correct.

Verify permission changes and assign or remove required permissions if they have been overridden

Add new properties from the I18n properties changes to the downloaded i18n properties file, and add translation for them if needed.

Use POST /i18n/import to upload and apply a previously downloaded i18n file with added new properties.

Added a new migration script V76__remove_user_manager_permissions.sql, which removes the old generic permissions from various roles

Added a new Java migration V3__business_process_record_convert_payment_id_type, which converts the paymentId field from integer to string format in BusinessProcessHistory records (MerchantPaymentProcessRecord)

Spring Boot

2.7.18

Spring Security

5.7.12

Spring Actuator

2.7.18

SnakeYAML

1.33

PostgreSQL JDBC driver

42.7.5

Feature

Description

Benefits

Implemented OTP confirmation for currency exchange if OTP is enabled for transfer.

When OTP confirmation is enabled for transfer at the system level and for the user, the system will send OTP to the user credentials when user initiates the exchange. Exchange is transfer between wallets in different currencies.

Add an extra layer of protection to user authentication.

Feature

Description

Permissions to view and manage users are separated according to the user group:

• Business users

• Service users

• Cashiers

These changes were applied to the following APIs

• POST /users/view

• POST /api/v1/users/{userId}/unban

• PATCH /api/v1/users/{userId}

• DELETE /v1/users/{userId}

• GET /v1/users/{userId}

• POST /v1/users/sanctions/view

• POST /v1/members

• DELETE /v1/members/{memberId}

• PATCH /v1/members/{id}

For the POST /v1/users API, the USER_MANAGER permissions have been removed, leaving only the more specific USER_INITIATOR permission.

The push token is assigned to the most recently logged-in user and unlinked from previously logged-in users on that device.

Prevent sending push notifications to the previously logged-in user in cases where multiple users use the same device.

When inactive monthly fee is linked to the contract, the system will return error that the inactive monthly fee cannot be linked.

Implemented validation when the inactive monthly fee is linked to the contract

• when editing contract using PATCH /v1​/contracts​/{contractId}

• when duplicating contract using POST ​/v1​/contracts​/{contractId}​/copy

If confirmation is required the account activation/deactivation, it isspecified in the API response.

New boolean parameter confirmationRequired added to the response of API: PATCH /coins/{serial}

Approach for payment processing in case 3DS is not required is changed to asynchronous

API POST /v1​/gate​/transactions​/{tx}​/authenticate returns only authentication response even in case 3DS is not required.

In case of AUTHENTICATION_SUCCESSFUL status, back-end calls API POST /pts/v2/payments and finalises payment according to the response from Cybersource.

Added coin ID in the coinDto and coinDto is returned in the response PUT /close/coin/{serial}

Implemented API to generate a QR code for the provided URL

Added API: POST /qr-codes
Request example: {“url": “http://example.com“}
Response is a generated QR code in image/PNG content type.

Notification settings initialisation logic has been optimised

If user contacts are not verified, notification initialisation is skipped entirely to avoid logging these skipped operations to reduce noise and system load.

UI fix: Button CRO → Vendors → View operations/View details is visible if the role has at least one of the following permissions:

UI fix: Nationality field in the user profile is mandatory only for Individual users.

UI fix: Button Clients → Add client is visible according to the USER_INITIATOR permission.

Updated

New boolean parameter confirmationRequired added to the response of API: PATCH /coins/{serial}

POST /v1​/gate​/transactions​/{tx}​/authenticate

responseType is removed from response

PUT /v1/close/coin/{serial}

The new section “coin” was added to the response

Added

POST /qr-codes

Deprecated/Deleted