HomeRelease NotesRelease Version 4.54.0 (March 23, 2026)
Explore Release Notes

Release Version 4.54.0 (March 23, 2026)

23. 03. 2026

Pre-deployment steps

To be done before deployment

Check configuration changes and apply them in the application.yaml if the default configuration has been overridden there

Check if the release contains migrations. Migrations can affect deployment and downtime.

Use GET /i18n/export/{fileName} to download files with current i18n properties. Check if the downloaded file is correct.

Post-deployment steps

To be done after deployment

Verify permission changes and assign or remove required permissions if they have been overridden

Add new properties from the I18n properties changes to the downloaded i18n properties file and add translation for them if needed. Use POST /i18n/import to upload and apply previously downloaded i18n file with added new properties.

Release migrations

Release migrations

New record added to the env_variable table: key = 'totp.system-users.mandatory', value = 'false'.

Extended the history_action table with a session_id column to track which session each action was performed in.

Added column is_hidden (boolean, default FALSE) to the contract_contract_def table to support hiding contracts from business users.

Changes to notice

Changes to notice

All enum values on the OpenAPI side were changed to lower snake case. This change affects all API requests and responses where any enum is used.

For a detailed description, contact our support.

New functionality

Feature

Description

Benefits

Ability to get deposit address for the account in a Fireblocks-enabled asset.

When a client requests a deposit address for a Fireblocks-enabled asset, SDK.finance checks whether a deposit address is already linked to the internal account. If not, it generates the address using the corresponding use case flow, links it to the account, and returns it in the API response. The mobile app shows the deposit address on the Add money screen for Fireblocks-enabled assets.

Enables clients to receive crypto deposits directly into their Fireblocks-managed wallet accounts without manual address provisioning.

Ability for manual withdrawal finalisation for withdrawal from the account in a Fireblocks-enabled asset.

The administrator verifies the status of a pending withdrawal externally (e.g. via Fireblocks Console) and finalises it by selecting a final status — success or failed. SDK.finance either confirms the held amount and completes the withdrawal, or cancels the withdrawal and releases the held funds back to the user account.

Gives administrators full control to resolve stuck or unresponsive Fireblocks withdrawal transactions and restore account balances.

Ability to re-send pending withdrawal to Fireblocks.

The administrator re-sends a pending withdrawal transaction to Fireblocks in cases where the withdrawal was originally initiated via Fireblocks but was not executed on the Fireblocks side. SDK.finance re-initiates the withdrawal via the Fireblocks API and continues processing based on the result returned by Fireblocks.

Enables recovery from failed Fireblocks withdrawal submissions without requiring manual database intervention.

New format for user action history.

The administrator can view a log of user sessions and actions. Sessions can be filtered by period, session ID, location, suspicious activity, and session status. Session details include IP address, device type, browser, location, duration, and action count. Actions are classified as transactions or client actions, and include the action type, related object ID, and before/after values for tracked changes.

Provides compliance and audit capabilities for monitoring user behaviour, detecting suspicious activity, and supporting incident investigations.

Ability to enable two-factor authorisation using an authenticator application for service users.

A service user with the appropriate permission can enable or disable TOTP for another service user.

When TOTP is enabled for a user by an administrator and the authenticator is not yet connected, the user is prompted to complete the TOTP setup on their next login by scanning a QR code.

Allows administrators to enforce a two-factor authentication policy across all service users without requiring each user to self-enrol.

Ability to mark contract as hidden for business users.

Service users can mark a contract as hidden so that business users cannot view it in the list of available contracts or assign it to themselves.

Service users retain the ability to view and assign hidden contracts regardless of visibility settings.

Provides flexible contract management — promotional, internal, or restricted contracts can be kept invisible to clients while remaining available to administrators.

Ability for the administrator to specify a list of available locales.

The administrator can add or remove locales available in the system directly from the UI. When a language is added, all necessary steps are performed automatically to allow uploading a localisation file. English cannot be removed as it is used by default.

Simplifies localisation management by eliminating the need for configuration file changes when adding or removing supported languages.

Ability for the administrator to specify the initial KYC status for new users.

The administrator can configure the default KYC/KYB status for newly created Individuals, Merchants, and Companies (including shareholders) — either None (KYC required) or Approved (KYC not required). When a Company is marked as KYC not required, its shareholders are also created in approved status.

Enables flexible onboarding flows, allowing operators to skip KYC for trusted client segments or specific organisation types.

Ability for service users to upload documents on behalf of Individual.

API POST /organizations/{organizationId}/profile-documents is now accessible by service roles with the PROFILE_DOCUMENTS_MANAGER permission. Documents uploaded by service users are created in pending status and follow the same approval flow as client-uploaded documents.

Enables flexible onboarding flows, allowing operators to upload documents on behalf of the users.

Ability to manage transaction categories on UI

The administrator can manage transaction categories and set the default category for each transaction type from the CFO section → Categories & TXN types. Two tabs are available: Categories and Transaction types.

Simplifies system configuration.

Fixes

Sorting option removed from UI except where backed by API.

The main currency definition is removed from the Currency list.

Improvements

Feature

Description

UI exception filter for expired tokens

Exceptions related to expired tokens are now filtered out on the UI to prevent unnecessary error notifications from being shown to users when their session naturally expires.

API changes

Updated

All enum values on the OpenAPI side were changed to lower snake case. This change affects all API requests and responses where any enum is used.

GET /contracts — hidden contracts are now excluded for non-service-role callers.

PUT /contracts/{contractId} — added optional isHidden field to update contract visibility.

POST /contracts/{contractId}/copy — added optional isHidden field to copy request.

POST /profiles — business users are now blocked from assigning hidden contracts (returns 403).

POST /totp — permission PROFILE_OWNER removed;

API is now available for unauthorised users.

New required property login added to request body.

POST /authorization

New action TOTP_SETUP_INITIATED added;

New property totpSecret is returned in the response when action is TOTP_SETUP_INITIATED (for system users only).

POST /property

New request type TOTPSystemConfigurationData added with boolean property isMandatoryForSystemUser.

PATCH /profiles/my/security-settings

PATCH /profiles/{userId}/security-settings

Property twoFactorsAuthEnabled removed from SecurityUpdateReq. Use twoFactorAuthStatus + twoFactorAuthType instead.

Property twoFactorsAuthEnabled is no longer returned in the SecurityDto section of responses for the following endpoints:

  • POST /users

  • PATCH /users/{userId}

  • GET /users/{userId}

  • POST /users/{userId}/unban

  • POST /users/view

  • GET /profiles/my

  • PATCH /profiles/my/additional

  • PUT /profiles/my/additional

  • PATCH /profiles/my/address

  • PUT /profiles/my/address

  • PATCH /profiles/my/business

  • POST /profiles/my/contact/confirm

  • PATCH /profiles/my/person

  • PUT /profiles/my/person

  • PATCH /profiles/my/security-settings

  • POST /profiles/{userId}/approve

  • POST /profiles/{userId}/decline

  • POST /profiles/{userId}/reset

  • PATCH /profiles/{userId}

  • GET /profiles/{userId}

  • PATCH /profiles/{userId}/additional

  • PUT /profiles/{userId}/additional

  • PATCH /profiles/{userId}/address

  • PUT /profiles/{userId}/address

  • PATCH /profiles/{userId}/integration

  • PATCH /profiles/{userId}/business

  • PATCH /profiles/{userId}/contact

  • PATCH /profiles/{userId}/person

  • PUT /profiles/{userId}/person

  • PATCH /profiles/{userId}/security-settings

POST /gate/transactions/{tx}/action

Three new actions added:

  • MANUAL_FINALIZE_FIREBLOCKS_WITHDRAWAL_SUCCESS (finalise pending withdrawal as successful)

  • MANUAL_FINALIZE_FIREBLOCKS_WITHDRAWAL_FAILED (finalise pending withdrawal as failed)

  • RESEND_PENDING_WITHDRAWAL_TO_FIREBLOCKS (re-send a pending withdrawal to Fireblocks; allowed for substatus null/NONE or PROVIDER_ERROR).

Added

POST /coins/{serial}/deposit-address

Returns the primary active deposit address for the given coin, or creates a new one if no address is linked yet.

Required permission: COIN_CREATOR or COIN_OWNER.

GET /user-activity — list user activities with filtering and pagination.

GET /user-activity/{userActivityId} — get user activity summary.

GET /user-activity/{userActivityId}/sessions — list sessions for a user activity.

GET /user-activity/{userActivityId}/sessions/{sessionId} — get session details.

GET /user-activity/{userActivityId}/sessions/{sessionId}/actions — list actions in a session (filterable by category: transaction, client_action).

GET /user-activity/{userActivityId}/sessions/{sessionId}/actions/{actionId} — get single action details.

GET /organizations/initial-status-settings

Returns current initial KYC status for supported organisation types.

Required permission: ORGANIZATION_SETTINGS_MANAGER.

PATCH /organizations/initial-status-settings

Updates initial KYC status for one or more organisation types (partial update supported).

Required permission: ORGANIZATION_SETTINGS_MANAGER.

POST /i18n/locales

Creates a new supported locale.

Required permission: I18N_RECORD_MANAGER

DELETE /v1/i18n/locales/{language}

Deletes an existing supported locale. Delete a locale from the supported locale list without removing its localization data.

Required permission: I18N_RECORD_MANAGER

Deprecated/Deleted

I18n properties changes

Added

{
 "frontend.placeholder.input.input_language": "Input language",
 "frontend.action.add_category": "Add category",
 "frontend.action.create_category": "Create category",
 "frontend.action.edit_category": "Edit category",
 "frontend.action.update_category": "Update category",
 "frontend.action.delete_category": "Delete category",
 "frontend.action.set_category": "Set category",
 "frontend.action.add_filter": "Add filter",
 "frontend.action.resend_to_fireblocks": "Resend to Fireblocks",
 "frontend.action.complete_withdrawal": "Complete withdrawal",
 "frontend.action.delete_language": "Delete language",
 "frontend.action.add_new_language": "Add new language",
 "frontend.action.fill_translations_from_file": "Fill in translations from file",
 "frontend.action.fail_withdrawal": "Fail withdrawal",
 "frontend.action.session_details": "Session details",
 "frontend.action.action_details": "Action details",
 "frontend.action.copy_authenticator_code": "Copy authenticator code",
 "frontend.action.view_team_member_profile": "View team member profile",
 "frontend.action.copy_session_link": "Copy session link",
 "frontend.action.copy_action_link": "Copy action link",
 "frontend.navigation.link.categories_and_transaction_types": "Categories & transaction types",
 "frontend.navigation.link.categories_and_txn_types": "Categories & TXN types",
 "frontend.navigation.link.categories": "Categories",
 "frontend.navigation.link.transaction_types": "Transaction types",
 "frontend.navigation.link.languages": "Languages",
 "frontend.navigation.link.2_fa_authentication": "Two-factor authentication",
 "frontend.navigation.link.set_creation_kyc_status": "Set creation KYC status",
 "frontend.notification.category_created": "Category successfully created",
 "frontend.notification.category_updated": "Category successfully updated",
 "frontend.notification.category_deleted": "Category successfully deleted",
 "frontend.notification.category_set": "Category successfully set",
 "frontend.notification.new_language_added": "New language successfully added",
 "frontend.notification.language_deleted": "The language has been successfully removed",
 "frontend.notification.translation_file_uploaded": "The translation file has been successfully uploaded",
 "frontend.notification.settings_successfully_updated": "Settings successfully updated",
 "frontend.notification.session_link_copied": "Session link successfully copied",
 "frontend.notification.action_link_copied": "Action link successfully copied",
 "frontend.pages.user_action_history.sessions.title": "Sessions",
 "frontend.pages.user_action_history.actions.title": "Actions",
 "frontend.pages.user_action_history.actions.transactions": "Transactions",
 "frontend.pages.user_action_history.actions.client_actions": "Client actions",
 "frontend.pages.cro_contracts.hidden_from_clients_description": "This contract is hidden from the view of clients. They will not check all details and settings.",
 "frontend.pages.organizations_initial_status_settings.title": "Specify approved KYC status that will be applied after creation",
 "frontend.pages.organizations_initial_status_settings.types.individual": "Individual clients, Approved KYC status",
 "frontend.pages.organizations_initial_status_settings.types.merchant": "Merchant clients, Approved KYC status",
 "frontend.pages.organizations_initial_status_settings.types.business": "Company, Approved KYC status",
 "frontend.pages.organizations_initial_status_settings.types.shareholder": "Shareholders will be created in approved status even if Company not marked",
 "frontend.table.label.set_transaction_type": "Set transaction type",
 "frontend.table.label.set_category": "Set category",
 "frontend.table.label.language": "Language",
 "frontend.table.label.ip": "IP",
 "frontend.table.label.browser": "Browser",
 "frontend.table.label.suspicious_activity": "Suspicious activity",
 "frontend.table.label.session_date": "Session date",
 "frontend.table.label.action_type": "Action type",
 "frontend.table.label.old_value": "Old value",
 "frontend.table.label.new_value": "New value",
 "frontend.table.label.changed_by": "Change by",
 "frontend.filter.active": "Active",
 "frontend.form.label.show_extended_information": "Show extended information",
 "frontend.form.label.hide_for_clients": "Hide for clients",
 "frontend.form.label.hidden_for_clients": "Hidden for clients",
 "frontend.form.label.category": "Category",
 "frontend.entity.report_expiration_types.infinity": "Infinity",
 "frontend.entity.report_expiration_types.end_date": "End date",
 "frontend.entity.report_expiration_types.execution_count": "Execution count",
 "frontend.entity.report_type.transaction": "Transaction",
 "frontend.entity.report_type.statement": "Statement",
 "frontend.entity.report_frequency.once": "Once",
 "frontend.entity.report_frequency.daily": "Daily",
 "frontend.entity.report_frequency.weekly": "Weekly",
 "frontend.entity.report_frequency.monthly": "Monthly",
 "frontend.entity.report_frequency.quarterly": "Quarterly",
 "frontend.entity.report_frequency.yearly": "Yearly",
 "frontend.entity.report_types.transaction": "Transaction",
 "frontend.entity.report_types.statement": "Statement",
 "frontend.entity.currency_type.fiat": "Fiat",
 "frontend.entity.currency_type.crypto": "Crypto",
 "frontend.entity.currency_type.bonus": "Bonus",
 "frontend.entity.currency_type.virtual": "Virtual",
 "frontend.entity.transaction.status.created": "Created",
 "frontend.entity.commission_direction.in": "In",
 "frontend.entity.commission_direction.out": "Out",
 "frontend.entity.commission_direction.shared": "Shared",
 "frontend.entity.verification_provider.comply_advantage": "ComplyAdvantage",
 "frontend.entity.verification_provider.manual": "Manual",
 "frontend.entity.verification_provider.open_sanctions": "OpenSanctions",
 "frontend.entity.verification_provider.sumsub": "Sumsub",
 "frontend.entity.verification_item_type.user_id": "User ID",
 "frontend.entity.verification_item_type.first_name_plain": "First name plain",
 "frontend.entity.verification_item_type.last_name_plain": "Last name plain",
 "frontend.entity.verification_item_type.date_of_birth": "Date of birth",
 "frontend.entity.verification_item_type.organization_type": "Organization type",
 "frontend.entity.verification_item_type.credential": "Credential",
 "frontend.entity.verification_item_type.country": "Country",
 "frontend.entity.verification_item_type.zipcode": "Zip code",
 "frontend.entity.verification_item_type.region": "Region",
 "frontend.entity.verification_item_group.profile_document": "Profile document",
 "frontend.entity.verification_item_group.profile_field": "Profile field",
 "frontend.entity.verification_item_group.user_field": "User field",
 "frontend.entity.reconciliation.frequency.none": "None",
 "frontend.entity.reconciliation.frequency.daily": "Daily",
 "frontend.entity.reconciliation.frequency.weekly": "Weekly",
 "frontend.entity.reconciliation.frequency.monthly": "Monthly",
 "frontend.entity.reconciliation.frequency.bimonthly": "Bimonthly",
 "frontend.entity.reconciliation.mismatch_type.transaction_not_found": "Transaction not found",
 "frontend.entity.reconciliation.mismatch_type.wrong_amount": "Wrong amount",
 "frontend.entity.reconciliation.mismatch_type.wrong_currency": "Wrong currency",
 "frontend.entity.reconciliation.mismatch_type.wrong_date": "Wrong date",
 "frontend.entity.reconciliation.mismatch_type.wrong_transaction_status": "Wrong transaction status",
 "frontend.system_settings.2_fa_authentication.title": "Two-factor authentication",
 "frontend.system_settings.2_fa_authentication.description": "Enable two-factor authentication for all users",
 "frontend.categories.delete_confirmation.confirm_category_delete": "Are you sure that you want to delete {name} category?",
 "frontend.agreement_documents.platform_type.mobile": "Mobile",
 "frontend.agreement_documents.platform_type.web": "Web",
 "frontend.setup_authenticator_app.qr_code_aria_label": "Scan QR-code with you authenticator app",
 "frontend.system_settings_languages.upload_translation_file.hint": "The document must be in .property format.",
 "frontend.aria.otp_input_aria_label": "Otp digit {digit}"
}

{
 "mobile.label.depositAddress": "Deposit address"
}

Configuration changes

Added

configuration property action-messaging.enabled — enables action event publishing and consumption via Kafka. Default: ${spring.kafka.enabled}.
configuration property action-messaging.kafka.topic — Kafka topic for action events. Default: sdk5.local.actions.
configuration property action-messaging.kafka.consumers.user-activity.id — consumer group ID for user-activity processor. Default: sdk5.local.actions.user-activity.

Database changes

New record added to the env_variable table: key = 'totp.system-users.mandatory', value = 'false'.

Extended the history_action table with a session_id column to track which session each action was performed in.

Permission changes

New permission SYSTEM_USER_TOTP_STATUS_MANAGER added and granted to the administrator role.

New permission TOTP_SYSTEM_CONFIGURATION_MANAGER added and granted to the administrator role.

New permission TOTP_SYSTEM_CONFIGURATION_VIEWER added and granted to the administrator role.

New permission MANUAL_WITHDRAWAL_RESOLVER added and granted to roles

  • administrator

  • ceo

New permission USER_ACTION_VIEWER added and granted to the following roles:

  • administrator

  • role_administrator

  • customer_success_specialist

  • ceo

Permission I18N_RECORD_MANAGER granted to the following roles:

  • administrator

  • ceo