Versions

Institutional Vault: v3.4.0
Policy Nodes: v9.3.1
NATS: v3.4.0
configmap-init: v0.1.0

Updates

• Approvers can receive email notifications when an operation requires approval, using a customer-hosted SMTP relay configured for the deployment. See wallet.yaml SMTP configuration in the Cloud-agnostic Install Guide.
• Native blockchain drivers support optional per-chain RPC authentication via native_driver_auth_token on each blockchains entry in wallet.yaml, overriding mpa_adapter_config.auth_token for that chain's native_driver_url only (Bearer token or Authorization Basic). See wallet.yaml native driver configuration in the Cloud-agnostic Install Guide.
• Canton Contract Management endpoints are available to MarketOps users as well as Admins.
• Canton Contract Management selects the correct on-ledger instrument configuration when a registrar hosts more than one instrument, preventing Instrument id must match failures on transfers and mint-related flows.
• Azure Helm chart now includes liveness and readiness probes for the Wallet, Policy Nodes, and NATS.

Fixes

• Policy Nodes correct ERC-20 mint transaction validation.
• A background poller reconciles transactions left in Broadcasting when event streaming does not deliver a final status, marking them finished or failed from on-chain state.
• WalletConnect call_contract operations no longer remain stuck in Broadcasting when on-chain confirmation arrives before the transaction hash is persisted.
• Balance sync updates the on-chain block cursor even when the reported balance is unchanged.
• Audit logging captures Core Wallet Platform request bodies for API-initiated operations.
• Outgoing Ethereum transfers no longer create duplicate records when confirmation arrives before the transaction hash is written.
• Direct Mint, Direct Burn, and Offer Mint or Burn delegator lists in Canton Contract Management include only parties eligible under the registrar MasterAllowList claim chain, avoiding submit failures from delegators that appear in the ledger but cannot mint or burn.
• Canton Contract Management classifies parties without Vault signing keys as read-only instead of offering sign actions that cannot complete from the browser session.

Versions

Institutional Vault: v3.3.1
Policy Nodes: v9.3.0
NATS: v3.3.1
configmap-init: v0.1.0

Updates

• Transfer Funds shows async operation status toasts for confirmation, processing, policy block, and error states.
• Canton Contract Management Settings support manually registering a registrar with DTCC specific Compliance, ClientOnboarder and Registrar parties

Fixes

• Transaction sync confirms all records that share the same on-chain hash together, preventing duplicate-hash cases such as ERC-20 mint flows from leaving one transaction stuck in the cast state.

Versions

Institutional Vault: v3.3.0
Policy Nodes: v9.3.0
NATS: v3.3.0
configmap-init: v0.1.0

Updates

• Canton Contract Management updated with participant-onboarding and registry discovery improvements.
• Historical operations table added alongside Inflight operations, with dedicated URLs for each view.
• Inflight and historical operations share a unified operations structure; inflight operations no longer use client-side pagination.
• Operation details modal shows eligible approvers and corrected submitted timestamps.
• Policy Nodes expose a Prometheus metrics endpoint at /metrics on the orchestrator and on policy nodes when telemetry is enabled.

Fixes

• Audit Logs settings table scrolls horizontally within its column instead of overflowing the page.
• Assets pages no longer crash when the deployment has no registered assets.
• Notification WebSocket subscription no longer returns invalid authorization token errors.
• UnregisterChain operation handling corrected.
• Policy Nodes normalize user email identifiers to lowercase before upgrade or onboarding.

Versions

Institutional Vault: v3.2.0
Policy Nodes: v9.2.0
NATS: v3.2.0
configmap-init: v0.1.0

Updates

• Audit log CSV export includes CAIP-2 chain identifiers alongside existing columns.
• Solana cold-wallet registration requests use the same CAIP-19-based asset path pattern as other assets.
• Cold signing views refresh when batch WebSocket updates arrive instead of relying on synchronous batch polling.
• Staking withdrawal requests accept an optional CAIP-19 field for consistency with other asset-aware transfer APIs.
• Pending operations lists and detail views surface approver and rejector attribution using the supported operations APIs.
• Vault per-asset detail requests use a single CAIP-19 path segment instead of separate protocol, network, and symbol segments.

Fixes

• Canton Contract Management derives CAIP-2 for signing and registry calls from the connected ledger synchronizer instead of a static gateway CAIP-2 field, preventing chain registration mismatches.

Breaking Changes

• Deprecated v2 configuration, compliance screening, events, automated approver listing, group listing, key backup download, raw transfer, user listing, user creation, user-by-id, staking listing, staking withdrawal submission, transaction listing, transaction detail, and transaction deletion. Use GET /api/transactions, the v1 transaction detail routes, GET /api/operations/{id}, and other v1 or CWP routes described in the published OpenAPI specifications.
• POST /api/transactions/transfer and POST /api/staking/stake request bodies require a CAIP19 field instead of separate Asset, Protocol, and Network fields.

Versions

Institutional Vault: v3.1.0
Policy Nodes: v9.2.0
NATS: v3.1.0
configmap-init: v0.1.0

Updates

• New Audit log CSV export produces a simplified flat-column human-readable format safe for Excel and Google Sheets. The forensics raw-JSON format is available via the format=forensics-zip query parameter
• Audit-log settings page now displays recent audit entries inline.
• Approvals now include mint and burn outputs with resolved instrument identifiers in Canton transaction intents.
• Approvals now include ERC-20 decoded outputs (recipient and amount) in transaction intents for improved approver visibility.
• CAIP-19 identifiers are included in /api/vaults account responses.
• Client-side search bars added to the accounts list, account assets tab, assets list, and asset detail accounts tab.
• Vault and CWP OpenAPI specifications are combined into a single spec.
• /api/v2/transfers accepts a caip19 field in place of the integer assetID.
• Group rename supported in the wallet UI under Settings > Groups with validation and CWP operation submission.
• Solana cold wallet displays a Transactions per Batch modal showing the current allowed batch size with an option to increase it.
• Legacy policy v1 UI references removed and the confirmation toast defaults to off when policy data is unavailable.
• Read-only POST endpoints under /api/cwp (operations/search, canton/getKeys, canton/getTransaction) no longer write audit rows. The audit log is now scoped to state-changing operations only.
• Azure Key Vault secret writes now include a contentType attribute (application/json or text/plain) to satisfy Azure Policy requirements.
• Policy Nodes expose a /ready health endpoint alongside the existing /live endpoint.
• Support for UnregisterToken and UnregisterChain operations.
• Wallet listener backfills local database rows when registerUser, resetUser, createAccount, updateGroup, and renameGroup operations are issued via the direct CWP HTTP interface.

Fixes

• WalletConnect sessions are now correctly displayed in the wallet UI for EVM chains.
• Wallet startup no longer crashes when a registered blockchain protocol is missing from the internal L1 asset map.
• NATS authentication failure resolved when adding a new EVM tracker to an existing deployment where the tracker certificate was signed by a different intermediate CA than the one trusted by the NATS server.
• NATS authentication failure resolved for existing services whose client certificates were not reissued after an intermediate CA rotation.
• Supported chain cache now expires periodically instead of persisting indefinitely, preventing stale chain data after registration changes.
• Configurator no_auth_token flag no longer removes UTXO service and Ubiquity configuration blocks from generated wallet config.
• Policy Nodes fixed rate lookup is now checked before calling the external pricing service, avoiding unnecessary network calls when a fixed rate is configured.
• Policy Nodes approval fetch corrected to prevent missed pending approvals.

Breaking Changes

• GET /api/assets/{protocol}/{network}/{symbol} replaced by GET /api/assets/{caip19}. URL-encode the CAIP-19 value in the path. See the bundled CAIP-19 migration guide.
• /api/v2/accounts and /api/v2/assets endpoints removed. Use /api/vaults and /api/assets instead.

Versions

Institutional Vault: v3.0.1
Policy Nodes: v9.0.1
NATS: v3.0.1
configmap-init: v0.1.0

Updates

• Canton Contracts side menu hidden from frontend when Canton driver is not configured.
• Addition of default_host and frontend_host variables within deployment to support custom API and frontend host configuration.

Fixes

• Conflicting Terraform variable declarations for default_host/frontend_host resolved.
• Key vault name resolution from Terraform outputs corrected to detect when secrets have already been populated.
• Azure key vault names updated to ensure uniqueness.
• Polkadot icon corrected within wallet frontend.

Breaking Changes

• /api/transactions/assetDetails/:asset endpoint removed.

Versions

Institutional Vault: v3.0.0
Policy Nodes: v9.0.1
NATS: v3.0.0
configmap-init: v0.1.0

Updates

• KAIA asset and KAIA tokens added for Kairos testnet and mainnet.
• Inflight Operations tab added to frontend Settings menu with quick navigation button in header, displaying all intents pending confirmation or approval.
• Canton tokenisation application introduced, supporting external party creation, end investor onboarding invites, token allow list management, mint/burn requests and approvals, trade proposals, and multi-party trade allocation.
• Policy V1 replaced by Policy V2, introducing transaction-attribute filtering, category-scoped restrictions (config, policy, transaction), and multiple independent rules per category.
• /api/assets updated to return assets with CAIP-19 identifier.
• /api/transactions/transferDetails and GET /api/staking/assets now accept CAIP-19 identifier as URL parameter instead of protocol, network, and symbol.
• Network naming changed from assethub-polkadot to assethub-mainnet.
• Expire tags added to NATS and DB setup for Azure, and DB setup can now run multiple times for Azure.
• Conditional logic added to prevent resource conflicts when deploying two instances in a single AKS cluster.

Breaking Changes

• /api/transactions/blockchainProgress endpoint removed.

Versions

Institutional Vault: v2.7.0
Policy Nodes: v8.27.2
NATS: v2.7.0
configmap-init: v0.1.0

Updates

• Add Asset and address registration flows now identify assets with CAIP-19 values obtained from /api/supported-assets.
• The Add Asset dialog populates the blockchain dropdown dynamically from /api/supported-chains instead of a hardcoded list, displaying each chain with its protocol, network, and CAIP-2 identifier.
• Transfer, call-contract, and deploy-contract paths accept CAIP-19 wherever an asset must be specified.
• CAIP-19 columns added to addresses, address balances, assets, and transactions tables with a backfill script for existing data.
• Token balances and transactions are now supported on Canton for any CIP-56 HoldingV1 instrument, not just native Canton Coin.
• An Inflight Operations tab in the Policy V2 interface surfaces pending restriction updates that are awaiting approval.
• Token icons display native network badges in cold wallet transactions.
• Client-provided crypto icon overrides are supported with backend and default fallback behavior.
• Asset icons are cached in memory after first load, eliminating repeated network requests when scrolling transaction lists.
• Transfer fee rate input is temporarily hidden and FeeRate is optional in transfer requests.
• ETH Sepolia and Hoodi are grouped together on the exchange rate page.
• WalletConnect is deprecated.
• Audit logs include resolved wallet addresses, account names, and contract function names (mint, burn, freeze, unfreeze, pause, unpause, clawback) for transfer-family operations.
• Unknown Policy Nodes operations are now captured in audit logs.
• Azure init jobs are reworked into containers with Go binaries.
• The configurator supports a configurable log level and images are pushed to the blockdaemon/iv/ registry path.
• EVM trackers support a configurable env field.
• Policy Nodes resolve addresses to master keys and account names in transaction intents.
• Policy Nodes transaction intents can carry decoded raw transaction context for clearer approver and consumer visibility.
• Policy Nodes restriction function names for Freeze, Unfreeze, Pause, and Clawback are simplified by removing the DTC prefix.

Fixes

• OIDC callback handling is hardened and auth-dependent requests are deferred until login completes.
• Native token transfers with zero amount to an external address are handled correctly.
• Policy Nodes Canton raw signing proceeds against applicable rules when a submission references a previously unseen package identifier instead of failing solely for that reason.

Breaking Changes

• POST /api/vaults/{id}/addAsset now accepts a single CAIP19 string. Replace the previous L1Protocol, Network, and Asset fields with the matching CAIP-19 from /api/supported-assets.
• POST /api/assets/addAddress requires the CAIP19 field on every request body.
• Update transfer and smart-contract clients to supply CAIP-19 wherever an asset is required. See the bundled CAIP-19 migration guide for common mappings and a checklist.

Versions

Institutional Vault: v2.6.4
Policy Nodes: v8.26.6
NATS: v2.6.4
configmap-init: v0.1.0

Changelog

Policy Nodes:
- Canton signing recognizes TransferInstruction Reject and Withdraw outcomes alongside ExecutedTransfer.
- The Canton gRPC client backs off keepalive intervals to comply with server policy.
- The Canton faucet driver propagates errors when an upstream call returns a non-200 response.

Versions

Institutional Vault: v2.6.3
Policy Nodes: v8.26.5
NATS: v2.6.3
configmap-init: v0.1.0

Changelog

Audit and operations:
- Audit logs export as CSV instead of ZIP.

Policy workflow:
- Policy v2 retrieves transaction restriction function filter options dynamically from the policy service rather than a fixed list.

Wallet UI:
- Pending export transactions can be cancelled directly from the wallet interface.

Wallet and authentication:
- The wallet remains operational when the Canton driver is unavailable instead of failing to start.

Asset and chain identification:
- Solana transaction synchronization is more reliable.

Deployment and configuration:
- Corrected secret naming during tfvars file generation.
- The deprecated WithNoApprovalsGroups option is removed from policy node configuration.

Policy Nodes:
- Solana batch signing supports multiple nonce accounts per authority and multiple SOL transactions per batch.
- Canton testnet support uses CAIP-2 identifiers in the signing gateway in place of a separate testnet flag.