Version 0.10.3.0

Properly track contract transfers of any complexity

As smart contract events are unreliable for tracking smart contract transfers, a few releases ago we switched to a more reliable parsing approach.
This ensures that no transaction is ever missed because we parse blockchain directly and not events. But it made us not being able to parse complex transfers,
for example Binance or Coinbase batching transactions in one.
Now we found a reliable way to parse those, with no action required from your end. It means that we now parse any complexity transfers automatically.

Massive improvements in docker deployments

Our nginx deployments configs were massively refactored and improved in security.

All our deployment guides will be updated with the new recommended, even easier instructions on how to run Bitcart directly, or behind cloudflare, or
with your own reverse proxy. All combinations were tested for and we figured out the optimal settings for each.
Client ip address is now correctly detected in nginx access logs and in Bitcart API running.
This is essential for features like reset password protection against attackers.

Add support for ready deployment presets, for example:

./setup.sh --preset cloudflare

Properly configures your instance to work under cloudflare.

Currently 4 presets are supported:

cloudflare          Bitcart runs behind cloudflare directly
cloudflare-proxied  Your server runs another reverse proxy, and Bitcart is behind that reverse proxy
proxied             Bitcart is behind a reverse proxy that is not cloudflare (requires PROXY protocol)
proxied-legacy      Bitcart is behind a reverse proxy that is not cloudflare (requires X-Forwarded-For HTTP header)

Proxyprotocol support via REVERSEPROXY_PROXYPROTOCOL - this is the recommended approach if you are running another reverse proxy on your server,
more information in deployment guides.

Fix issues where when switching from BITCART_REVERSEPROXY nginx-https to nginx bitcart still tried to use ssl certificates.

SSL policy updates: drop TLS1 and TLS 1.1 and refresh SSL ciphers. This prevented connecting to cloudflare directly before.
Now our SSL setup is modern and secure.

Enable gzip compression of API responses (this works seamlessly with any client). It should reduce the amount of data sent over the network.

Nginx configs are now nicely formatted.

Add https://generator.bitcart.ai - experimental demo site where you can choose your settings and generate a ready docker-compose.yml file.

Note that this is more for preview of what is generated or usage on specialized services where you need to upload docker-compose.yml file.

It is still recommended to use our docker deployment scripts for ease of use (and plugins support).

Trusted IP presets (with cloudflare support) for proper display of client ip address.

Nginx docker image in use is now bitcart/nginx with additional modules installed to allow our advanced secure config to work.

Proper support for cases when containers are running in multiple networks (e.g. if you run opentelemetry monitoring).

Enable keepalive for connections to bitcart API and frontend components: this should allow for faster and more efficient requests to APIs.

Improve security of reverse proxy: only if ip address is trusted, and if a header is known to be properly validated by the trusted ip address (e.g. cloudflare), it is passed to client unmodified. Otherwise it is replaced with a safe value.

Add support for JSON logs in nginx.

Fixes for default server when there are multiple servers hosted.

Improve handling of the case when ssl certificate is not yet ready, it now rejects ssl handshake.

Update acme.sh letsencrypt certificate manager to latest version

Optimize admin and store operations

Optimize container networking: now admin and store no longer talk to API via publicly-accessible API url but prefer to use container networking if possible.
This means that Bitcart should work properly in more usecases, initial load times are faster (especially over onion domains), and for example, if
you use cloudflare, you no longer need to whitelist your own server ip in the firewall.

Optimize initial admin and store loading: to protect from web scrapers taking down API, if initial request is a 404 request, admin and store no longer fetch
details from API server-side. It is loaded up on client-side in browser in such cases. For end users it doesn't impact the experience at all, but those who call
server non-interactively (automated bots) will no longer trigger any useless data loading. This greatly optimizes API stability.

Add validation for invalid payout amounts (< 0)

Version 0.10.2.1

Mostly small bugfixes, update recommended if you are running an instance with public registration:

• Improve password reset security
• Add missing batch endpoint for tokens
• Add missing metrics_management permission to create token UI
• Better validation for token scopes
• Dependency updates
• Add missing bitcart prefix to prometheus metrics
• Add support for customizing pre-save dialogs in admin panel via plugins

Version 0.10.2.0

Switch to github actions

We switched all of our CI/CD operations from CircleCI to Github Actions.

It is a long-awaited change for project maintainers, because it allows us to use a more modern and flexible system.

Github provides more resources to opensource projects on github actions, and we won't have an issue like we had before with circleci which disrupted all of the project operations.

This also allows us to self-host some of CI operations on our own servers via Forgejo actions in the future.

This also leads to the next point

Better security

Thanks to github actions adoption, now all our docker images and binaries (bitcart-cli) are signed and attested. It allows you to verify that docker image downloaded was indeed built
by a github actions workflow, at a specific date, and with URL to view build logs.

Docker images now also include SBOM files, Software Bill of Materials, which shows a complete list of all dependencies used to build our docker image.

This allows for better supply chain security.

For example, to verify bitcart docker image:

gh attestation verify --owner bitcart oci://bitcart/bitcart:stable

IMPORTANT: security fixes

Disable registration on new instances by default. After the first (admin) user signed up, registration gets disabled automatically.
It can be re-enabled in server settings. Existing running servers are not affected.

Important security update for instances with public registration: if you run such an instance, update immediately.

IMPORTANT: Log retention period

For storage optimization, now server logs are automatically cleaned up if they are older than 90 days. This is configurable.

Opentelemetry

Bitcart has now gained a lot of observability features even some production apps don't support!

To enable prometheus metrics endpoint, set BITCART_PROMETHEUS_METRICS_ENABLED to true.

It exposes a new /metrics endpoint which can be scraped with prometheus. It requires an auth token with scope of metrics_management.

For now it only exposes http stats and one custom value:

bitcart_pending_creation_payment_methods_count gauge - useful for debugging stuck payment methods, it shows how many payment methods are currently pending creation.

Bitcart backend (api, worker) and daemons now support being instrumented by opetelemetry!

For that, set BITCART_OTEL_ENABLED to true. Opentelemetry default distribution is installed by default in our docker images.

We support traces and logs protocols, metrics are supposed to be handled by our prometheus metrics endpoint

Backups improvements

Allow configuring backups to S3 by env vars (they now work properly):

S3_ACCESS_KEY_ID, S3_SECRET_ACCESS_KEY, S3_DEFAULT_REGION, S3_ENDPOINT_URL.

So it is now possible to store Bitcart backups encrypted in e.g. Backblaze B2 as well!

Set BACKUP_ENCRYPTION env var to true to enable it (it can be done from admin panel's backup UI too).

Backups are encrypted using the BACKUP_ENCRYPTION_KEY. Ensure to write it down!

You can view the encryption key in the following way:

cat .deploy

Use zstd compression for backups

Our backups will now use the .tar.zst extension. zstd compression is faster and more efficient than gzip. Recovering old .tar.gz backups should still be supported.

Better consistency across projects

We now use just for launching tasks in e.g. docker compose files.

It allows us to modify launch command and other things without modifying docker compose files, which causes an issue because it required us
to issue an urgent release before.

For manual deployments as well, you no longer need to manually run commands, just use just tasks to do that and in case the command changes, your workflow doesn't!

For example, just daemon btc instead of python3 daemons/btc.py

We have enabled dependency cooldowns of 1 week for better security of our dependencies.

Better logging in daemons

Now bitcart daemons use the same consistent log format as bitcart backend, allowing for easier e.g. log parsing pipelines in your systems.

Modifications in plugins hooks

db_modify_object* hooks now pass a second parameter: old_model. So in total there are 2 params passed: model (new object), old_model (old object).

Add db_delete_object* hooks.

Plugins API dispatcher should attempt to support both old and new versions of hooks signature, but updating to new signatures is always recommended.

Misc

• Deploys via cloudflare tunnel now properly see client's ip address
• Fix powered by logo display in onedomain mode
• Add plugin deeplinks in admin panel (?plugin_id=X)
• Updates for advanced nginx deploys
• Update tor and cloudflared
• Add bitcart-cli.sh autocomplete, fix saving env vars on macos (zsh)
• Drop daemons plugins support, they were not used and can't be used reliably anyway
• Add back the email_settings endpoint missed during migration to new backend
• Added new healthcheck endpoints /health/live - returns ok if bitcart is running, /health/ready - returns ok if bitcart is running AND database, redis and coins are working properly.
• Allow to run alembic migrations when password has special characters
• Silence paramiko.transport logger as it's too verbose
• Add an opt-out message to checkout page offering to use ETH plugin when checkout UX is not optimal
• Support Python 3.14
• XMR: add 1 second TTL to block number calls. This should help reduce number of RPC calls made
• Fix pending triggers migration issue occuring sometimes in migrations
• Use modern websockets-sansio protocol

Version 0.10.1.1

Fixes for cashtokens decimal formatting

Version 0.10.1.0

IMPORTANT: fix redis memory and worker CPU issues

There was an issue where background tasks were creating entries in redis but were not cleaned up. The scope of issue varies instance by instance, but
what is certain is there was a near 100% CPU usage in background worker. This is now fixed.
After installing the update ensure to run ./restart.sh to clear redis memory.

IMPORTANT: fixes for MATIC (POL) exchange rates

Coingecko has changed the id for MATIC, which means exchange rate was broken and defaulted to 1:1. This is now fixed. Update ASAP if you use MATIC.

Cashtokens support in BCH

UTXO-native smart contracts in BCH chain are there! It works the same way as our existing support for ETH and similar tokens, but thanks to UTXO powers, it doesn't need any specific fixes to accept payments from anywhere.

Daemons healthcheck notifications

In case a daemon is down, you can now receive notifications to your preferred source. For that, configure healthcheck store id in server policies and connect at least 1 notification provider. You will get notifications if daemons are down.

Allow customizing payment methods in invoice creation

It is finally possible, you don't need to create multiple stores anymore. What you can do now is create one store, and when creating invoice, override payment methods used for this specific invoice. You can't select wallets not connected to this store.

Advanced mark as complete dialog

Now mark as complete no longer uses the first available payment method to mark invoice as complete. You can select payment method used, and optionally set sent_amount and tx_hashes to whatever the value it was.

Add per-wallet transaction speed override

In some wallets or chains you may want to accept payments only after a higher degree of confirmations. The policy in store applied to all wallets by default, but now you can edit it on the wallets level. It is still capped to 10 confirmations for all currencies, and 32 for XMR. Maximum limits may be adjusted after user feedback.

Other changes

• Fix for product_names and refunds
• Better error handling of database errors
• Provide metadata accessing functions to templates
• Create an autocomplete mode for list items endpoint
• Make schema parsing more reliable (frontend handles it itself)
• Add support to exact filter by metadata fields
• Refactor pagination, add new search_query hook
• Expose product quantities in API and display in admin panel
• Don't require json responses in IPN
• Add ability to allow lightning incoming channels
• Don't truncate ULIDs in admin panel

Version 0.10.0.1

Fix excessive memory usage of ETH-based daemons (TRX not affected)

The memory usage was capped but still too high due to excessive caching, update if you want to reduce memory footprint.

Fix worker and backend graceful shutdown

Fix tokens list created date display

Version 0.10.0.0

New backend

Bitcart backend was rewritten from scratch to the new backend, which finally allowed us to upgrade to Python 3.12+, and now we use modern database ORMs
which are maintained and well-written.

When porting, the functionality was kept as it to preserve backwards-compatibility, but old plugins are not compatible with the new backend.

If you use the ETH plugin, install version 1.0.4 to use with the new backend.

The logs now feature a better format, and also they are colored if you view them from the terminal.

With the new powers Bitcart backend has, it is now possible to quickly add new features.

With this release, we encourage you to try contributing to Bitcart or developing your own plugin: this is the best time to do so!

Also the new backend has better transaction isolation, so some possible concurrency bugs are fixed.

Version 0.9.1.0

Last release containing some fixes before the new backend is going to be pushed

Version 0.9.0.0

The long-awaited release

After almost 2 years, we now have a new release. It's not like we had no changes, we had over 200 commits of changes.

The thing is, after addition of ./install-master.sh script, it was sometimes easier to just run it without issuing a release.

But now it's the right time to make all new users receive proper Bitcart version by default

ETH payments plugin

As you may probably know, ETH payments is a complex topic. After years of research, we've checked all solutions available.

Bitcart by default uses detection of incoming payments by asking for address of the sender beforehand.

This works well detection-wise, but provides bad UX especially because exchange users can't send you payments. It doesn't require paying any network fees, but UX is suboptimal.

That's why we have created a plugin which allows to make UX the best possible, and also save on network fees more than any solution existing.

Check out plugins marketplace in your admin panel to get the plugin!

Plugins marketplace

Before this release, plugins were installed manually, often shared as files in our community.

Now, all plugins are listed in your admin panel's plugins page, and you can install it with a single click! (and another click to reload plugins).

Also marketplace added the licensing server, which allows us to sell paid plugins and make it possible to make Bitcart development sustainable for many-many years.

Seed server in daemons

Another issue that has occurred during years of helping users was that, some RPCs for non-BTC-based coins are unreliable. Sometimes they get closed, or it hits rate limits.

And because of that, many users complained about X coin not running error. Which means we would have to forward the same message over and over again because we can't instantly update RPC url in all instances quickly.

So now we've launched the seed server at https://seed-server.bitcart.ai (e.g. https://seed-server.bitcart.ai/eth)

By default daemons are configured to use the seed server, and every hour (configurable) it will check for updates in server list and update it in runtime.

Which means, if any issues occur, in at most 1 hour your daemons will be working properly.

It allowed us to insert some servers we didn't want to commit to bitcart repositories, which means better RPC quality by default as well.

If you want to opt out of that behaviour, you just need to set COIN_SERVER to some specific RPC url not equal to seed server URL, and it will work the old way.

Daemons RPC multiple providers support

As an additional feature to the daemons, you can now configure multiple RPC servers per coin. When sending requests, if one RPC fails, it tries the next from the list. If one RPC fails too many times, the default RPC for next requests is switched to the next RPC in the list as well.

You can set multiple servers via COIN_SERVER=server1,server2,server3. But note that by default seed server is used, which already provides multiple RPC urls for most coins.

Support using a separate archive node for internal transactions

For ETH-based coins, the issue was that bitcart actually wasn't parsing all transactions existing. For example some exchanges like Coinbase may use internal transactions sometimes. Internal transactions are special type which isn't returned by any of the default RPCs in any API call. It requires calling a special method which isn't available in most places.

But if you do have access to one, you can set COIN_ARCHIVE_SERVER and if the server supports tracing, it will also parse internal transactions.

Because it's a separate server it is used only for tracing calls, because those RPCs are rare and we really don't want to use their total requests limit.

It is assumed that COIN_SERVER is a fast, almost-unlimited server which can serve many requests we have, while COIN_ARCHIVE_SERVER is used only for it's main purpose.

Better notification providers

We've replaced the old notifications library with Apprise, which allows to use a variety of different notification providers.

Now you can even send SMS if you want to.

NOTE: you may need to re-check your notification provider settings as data format has changed.

New captcha provider

Now you can use Cloudflare Turnstile as a captcha provider, which is easier to use for end users. HCaptcha isn't removed, and now you can switch between different options.

Optional Sentry integration

If you want to use Sentry for error tracking, you can now do so by setting BITCART_SENTRY_DSN environment variable.

Better email settings

Before it was confusing to configure email servers with the "SSL/TLS" switch, which was not reflecting what it actually did. Now you can choose between a list of auth modes.

Other changes

There are too many changes to list, but here's some of them:

• Payment ID field to invoices for better matching of paid methods
• Add favicon to API docs
• New commands in daemon: rescan_blocks, batch_load
• Support for one-time calls in xpub data. This allows to execute request and close wallet right away.
• Refactored email utilities
• Better email verification on sign up
• Refactored schemes with Python 3.9+ type hints
• Upgraded to Pydantic v2
• Changed from passlib to pwdlib
• Require Python 3.11+ (with Python 3.12 support)
• Use Ruff for linting and formatting
• Use uv instead of pip-compile
• Use human-readable migration names
• Renamed alembic folder to migrations
• Upgraded all dependencies
• Electrums upgrade
• Fixed TRX contract sending
• Fixed processing of invoices dropped from mempool
• Fixed explorers for BCH
• Fixed DKIM signing of emails
• Fixed USDT exchange rate when only Tron is enabled
• Fixed network fee estimation
• Fixed SMTP port 465 issues
• Fixed contract getting
• Fixed BNB payouts
• Fixed currency-api link
• Fixed HTML mode in notifications
• Fixed ETH max amount payouts
• Fixed quotes with more than one underscore
• Fixed verification emails sending
• Fixed XMR amount formatting for underpaid detection
• Fixed TRX daemon startup
• Fixed setting fields to empty string
• Fixed sign up when email is required
• Fixed XMR invoices stuck on paid
• More robust handling of Decimals
• Allow to edit global templates
• Optimize daemon shutdown
• Reduce log spam in notifications
• Add BCH testnet4 and chipnet support

Version 0.8.0.0

Name change: from BitcartCC to Bitcart

It is an important milestone in our project. Initially we couldn't take that name because it was already filled by some other projects
Now, after years there is only one bitcart: ours. In fact, it was used as bitcart in code before, and now the UI naming will catch up too
It is more consistent. Also from the community polls it is easier and many people used Bitcart instead of BitcartCC even before.

Together with a new name, we've got a new professional-made logo redesign

This release has breaking changes in docker deployment mostly due to changing of some files.

In order to do the update, run:

./update.sh
./setup.sh
contrib/upgrades/upgrade-to-0800.sh

The env vars are now stored in /etc/profile.d/bitcart-env.sh, and systemd file is also named bitcart.service now.

All plugins have been updated with new naming and logos

Electrums upgrade

With the new electrums and other daemons update, it fixed a rare but possible bug when BTC or LTC wallets got stuck forever. More robustness, more performance!

Tracing internal ETH transactions

If your RPC supports debug_traceTransaction method, then bitcart will also automatically detect internal transactions to your wallet! Unfortunately for now the default RPC doesn't support it, but bitcart is ready

Publish to multiple container registries

Now Bitcart docker image is published to dockerhub, ghcr.io and nirvati registries for better reliability!

Bug fixing

• A bug with metamask button in admin panel have been fixed
• Also, before when you added a new wallet with contract in a new blockchain, it broke the exchange rates system and everything was stuck until a reboot. This is now fixed
• get_updates method now no longer crashes in eth-based daemons
• Speed-up payouts loading, fix tron payouts
• Add more data to new_transaction event in eth-based coins
• Allow passing nonce directly and add getnonce method in eth-based coins
• Add ability to customize gas price by a multiplier globally or by call in eth-based coins
• Store time it takes for customer to pay for an invoice
• Fix store POS for non-global store