1.2.2

Bug fixes:

• It was impossible to send from the wallet to more than two destinations (#2825) @NicolasDorier
• Fix rounding issue in the invoice refund flow (#2778, #2810) @NicolasDorier
• When cloning an expired payment request, the new payment request was also expired (#2820) @dennisreimann
• Fix instructions to import a coldcard wallet via file upload (#2809) @mandelbit
• Lightning payments should not be proposed for top-up invoices (#2772, #2780) @ubolator
• Typo fixes (#2774) @jorisvial
• Fix payjoin client to properly handle receiver using output substitution (#2677) @NicolasDorier
• The checkout would crash for some client if automatic detection of language was checked, and the browser was not setting the accepted language @NicolasDorier

1.2.1

Bug fix:

• Fix Display app on website root feature @NicolasDorier

1.2.0

Improvements:

• Migrate to Bootstrap5 (#2490) @dennisreimann
• Greenfield: Server Info: Support all currency codes for sync status (#2511) @Kukks
• Greenfield: Add StoreId to Invoice model (#2592) @Kukks
• Greenfield: Change enabledOnly filter to enabled @Kukks
• Self host PoS app default images (#2449) @dennisreimann
• Various UI Tweaks and improvements (#2558 #2562 #2568 #2572 #2606 #2608 #2615 #2627 #2628 #2649 #2645 #2673 #2646 #2647 #2745 #2746) @dstrukt @dennisreimann @woutersamaey @johanf85 @bolatovumar
• Notify users to use newer BTCPay Vault app if necessary @NicolasDorier
• Set lightning invoice fallback in QR code as uppercase (#2492) @bjarnemagnussen @Kukks
• Optimize payout database fetching @NicolasDorier
• Wallet Signing UI improvements (#2559) @dennisreimann
• Add payjoin to hot wallet setup and turn on by default (#2450) @dennisreimann
• Add permission code to API page (#2599) @woutersamaey @dennisreimann
• Introduce Server paging for Payouts List (#2564) @Kukks @dennisreimann
• Hide referer URL to hide our BTCPay Server URL (#2655) @woutersamaey
• Deeper accessibility for plugin system @Kukks
• Add webhook delivery status indicator (#2679) @bolatovumar
• Auto-select store when creating a new invoice (#2680) @bolatovumar
• Save paymentRequestId in Metadata when creating invoice for Payment Request (#2644) @woutersamaey
• Support multiple file upload (#2705) @cypherbeerus
• Improve Dutch translation (7ac8357) @woutersamaey
• Improve Portuguese translation (7ac8357) rafaelpac
• Improve payment view (#2748) @dennisreimann @dstrukt
• Improve Wallet Send UI (#2750) @dennisreimann
• Show new store warning icon only if neither on-chain wallet nor LN is configured (#2760) @bolatovumar
• Update successful refund message (#2764) @cypherbeerus
• Fix translation on finnish, bulgarian, Kazath (fa91174, 10e3595 965beeb) @NicolasDorier

New features:

• Greenfield: Delete User API (#2340) @bolatovumar @Kukks
• Can create invoices without a specific amount: Top-up invoices (#2730 #2659) @NicolasDorier
• Greenfield: Add misc/permissions to document the hierarchical structure (#2654) @NicolasDorier
• Greenfield: Add "skip" and "limit" params for onchain txs API endpoint (#2688) @bolatovumar
• Greenfield: Add CanModifyInvoices permission (#2595) @Kukks
• Greenfield: Add text search terms to an invoice (#2648) @NicolasDorier
• Greenfield: Add Get store Payment methods API (#2545) @Kukks @bolatovumar
• GreenField: Add Generate Store OnChain Wallet API (#2708) @Kukks
• Test Webhooks functionality (#2474) @bolatovumar
• Allow marking payout as paid manually (#2539) @Kukks
• Pull payments: Detect External OnChain Payouts (#2462) @Kukks
• Auto-detect language on payment page (#2552) @woutersamaey @Kukks
• Support spending to Taproot (#2718) @NicolasDorier
• Show Immature Balance in walletsend page (#2731 @732) @sageprogrammer @NicolasDorier
• Add hebrew translation for checkout (7ac8357) @jonathanalevi
• Add korean translation for checkout (7ac8357) Saeyoung Kim

Bug fixes:

• Fix issue with mysql migration and maxLength (#2541) @jkljajic
• Fix broken shopify links @Kukks
• Fix bug with LN payment method API endpoint throwing 500 (#2567) @bolatovumar
• Fix various wording and typos @pavlenex @britttttk @Zaxounette Jimi Ford
• Fix visual bug with invoices search help text overlapping invoice action buttons (#2583) @bolatovumar
• Fix: Invoice Search Text crashes invoice creation when value is too long (#2675) @Kukks
• Greenfield documentation fixes (#2657 #2674 #2681 #2598) @woutersamaey @bolatovumar
• Re-enable "Create" button for invoices on correct form input (#2694) @bolatovumar
• Fix: Payment Request status does not update on invoice marked events or when pr amount is changed (#2700) @Kukks
• Properly clip taxIncluded and invoice's amount (#2724) @NicolasDorier
• Fix PoS bug on dark mode (#2743) @dennisreimann
• Remove support for payout to a Bitcoin Url (#2766) @NicolasDorier
• Fix: Support Clightning 0.10.1 @Kukks

1.1.2

• Fix: Unable to activate shopify integration @Kukks

1.1.1

Minor release minor bug fixes.

Improvements:

• Update BC-UR bundle and support decoding hex format of wallet (#2505 #2499) @Kukks

Bug fixes:

• During refund or payout, some payments issued from BTCPay were not properly detected. (#2513 #2518) @Kukks @NicolasDorier
• Fix payment button steps and validation range (#2506 #2503) @Kukks
• The local culture of the server could break some feature on BTCPay Server (#2512) @NicolasDorier
• Make sure unaccounted payments (double spent payments, or payjoin original transaction), are not accounted by the payment requests and crowdfund app @NicolasDorier
• Coinswitch page was not reflecting correctly in the side navigation @Kukks
• Coinswitch showed as enabled when it was configured but disabled @Kukks
• Lightning payment were not detected if Only enable the payment method after user explicitly chooses it was checked for the store @Kukks

1.1.0

See our blog post for an overview of this new release.

Improvements:

• Improving navigation between files and storage services and rewording info text (#2272) @rockstardev
• UI: Header and navigation improvements (#2412 #2378) @dennisreimann @dstrukt
• Plugins will be disabled in the case of an unrecoverable runtime error caused by a plugin @Kukks
• UI: Improve Lightning setup page (#2348 #2477) @dennisreimann @dstrukt
• Greenfield: Provides unconf/conf balance, keypath + address + timestamp + confirmation count of utxos @Kukks
• Add BTCPAY_TOR_SERVICES configuration to expose tor services via the server settings. Useful for integration with self-hosted node such as Umbrel (#2388) @Kukks @junderw
• Payment methods can be toggled directly from the update store page, rather than inside the page of each payment method (#2469) @dennisreimann
• Start separation of Coinswitch feature and Shopify integration as plugins (#2384 #2390) @Kukks
• Greenfield: Ability to pass more query parameters to filter results of api/v1/invoices @SakerOmera
• Human friendly error if webhook or webhook delivery not found @NicolasDorier
• Add button to copy API key to clipboard (#2439) @ubolator

New features:

• Support WebAuthN/FIDO2 as second factor @Kukks
• Can get a receive address in the wallet accepting Payjoin (without creating an invoice) @Kukks
• Can disable modification of SSH settings via the server settings to prevent escalation of privilege. (See #2468) @NicolasDorier
• Manual coin selection has a "confirmed utxo" filter @Kukks
• Greenfield: Can query fee rate @Kukks
• New setting for checkout: Ability to activate specific payment methods after the creation of the invoice @xpayserver @Kukks @rockstardev

Bug fixes:

• Fix: Clicking on "Unreserve this address" was not properly reflected in the UI @Kukks
• Fix: Block explorer links for signet @kristapsk
• Fix: Typo in PoS cart view (#2428) @MaxHillebrand
• Allow accessing "misc/lang" endpoint with Greenfield auth schemes (#2471) @bolatovumar
• Greenfield: Fix typo of webhook type OrignalDeliveryId => OriginalDeliveryId @NicolasDorier
• If the posData property of invoice metadata was not a JObject, the invoice would crash @Kukks
• If a store was created via the Greenfield API, warning signs of unconfigured stores would not appear. (Fix #2434) @bolatovumar
• Do not crash if plugin folder mismatches plugin identifier @Kukks
• Fix notification count on mobile (#2483) @dennisreimann
• Fix: Passing invalid query parameters or route value in the Greenfield API should returns HTTP 422 + validation details rather than empty 400. @NicolasDorier
• Greenfield: Deleting a store in the server, should delete only webhooks of this store @NicolasDorier

Miscellaneous

• Add user id in logs when somebody logs in. @NicolasDorier
• Fix: Json type in doc API @g33kme

1.0.7.2

Small release fixing bugs introduced in 1.0.7.1:

Bug fixes:

• The date in invoice page were not showing anymore the browser date time, but the server date time. (@NicolasDorier)
• Apps on root where not working anymore, redirecting to login page rather than showing the app (see #2414) (@bolatovumar)

1.0.7.1

This is a security release that patches one critical and several low-impact vulnerabilities that affected BTCPay Server versions 1.0.7.0 and older.

The critical vulnerability (CVE-2021-29251) impacts users who:

• Use Docker Deployment, have a configured email server and enabled registration for users in Server Settings > Policies

We strongly recommend affected users to update their instances to mitigate the risk. We will release a full public disclosure of vulnerabilities with the next major version of the BTCPay Server.

We want to thank @teslamotors for filing a responsible disclosure, helping us with remediation, and handling the situation professionally.
We also want to thank Qaiser Abbas, an independent web-security researcher, for an additional responsible vulnerability disclosure that was handled in this release.

Thank you for keeping our users safe.

Improvements:

• Add user email search/sort @bolatovumar
• Fix pay button link preview (see #2396) @bumbummen99
• Change display date format on view pull payments (see #2339) @alexgidge
• Update form required input styling (see #2373) @bolatovumar
• Order file uploaded list by descending timestamp (#2273) @bolatovumar
• Remove misleading title from hint icon @dennisreimann
• Make dates/timespan swagger docs more clear (#2399) @Kukks
• Add rate limiter for forgotpassword @NicolasDorier
• Upgrade Boostrap to v4.6 and jquery to 3.6.0 @dennisreimann
• Use better PRNG for payjoin input selection @NicolasDorier
• Decrease authentication cookie timeout after password change from 30min to 5min @NicolasDorier
• Use secure/http-only cookies for preferences @NicolasDorier

Bug fixes:

• Ensure submitting empty currency does not break update PoS page (#2376) @bolatovumar
• Fix point of sale item newline break (#2366) @Kukks
• Validate filename in file upload endpoints @NicolasDorier
• Turn off autocomplete for BIP39 Seed or HD private key inputs @nosovk
• Fix payment request template body/page height and footer style @patrick

1.0.7.0

See blog post for more details.

Features:

• New Wallet Setup UI (see #2164, #2296) @dennisreimann @dstrukt
• Greenfield: New on-chain wallet API @Kukks
• Greenfield: Ability to configure store's lightning payment methods @Kukks
• Allow an invoice to be marked invalid/complete even from the new state @Kukks
• Point of Sale and Crowdfund: Allow custom buy button text (see #2299) @dennisreimann
• Specter wallet file import (see #2252) @dennisreimann

Improvements:

• Reenabling uppercase BECH32 in QR codes (see #2110) @rockstardev
• If a store is set to internal node, use "Internal Node" as connection string rather than the actual connection string. @NicolasDorier
• Improve Policies options UX in server settings (see #2307) @dstrukt @dennisreimann
• Fix view payment request loading spinner alignment @bumbummen99
• Fix cart pay button loading spinner vertical alignment @bumbummen99
• Invoices list: Remove icon indicator for onchain (see #2240) @dennisreimann
• Login: Improve tab navigation for input fields (see #2258) @dennisreimann

Bug fixes:

• Hovering the mouse pointer on invoice logs row would make them unreadable @bolatovumar
• Remove exchange rates that lost support in Coingecko @NicolasDorier
• Get invoice in greenfield was crashing if invoiceId did not exist @NicolasDorier
• Getting a file from the storage service which did not exist would return http 500 instead of 404 @NicolasDorier
• Fix direct URL for local storage with custom root path #2318 @bolatovumar
• The pay button would not show up properly on some websites @bolatovumar
• Profile email change should check email's availability @NicolasDorier
• Fixed mysql/sqlite support @ketominer
• Checkout: Fix scan/copy tab sizes with varying content (see #2264) @dennisreimann
• Greenfield: Lightning API would return HTTP 500 if store owner did not set the connection string @dennisreimann
• Point of Sale: The custom price was not properly working (see #2248) @bolatovumar

1.0.6.8

This release is trying some improvement to decrease the chances of being falsy flagged by Google Safe Browsing.

• Remove Tor URL from login page (useless now thanks to the url bar link) @dennisreimann
• Remove allowtransparency from checkout overlay @dennisreimann
• Remove clipboard code from the login page (was used to copy the tor url) @dennisreimann
• Rename some pages from PascalCase to lowercase. (Register => register, Login => login) @dennisreimann