A productive week across the XRPL ecosystem: in rippled, 28 PRs merged to develop including on-chain verification integration via the mpt-crypto SDK, a placeholder amendment for assorted bug fixes, major modularization of the ledger and RPC handler code, and significant dependency updates (OpenSSL 3.6.1, gRPC 1.78.1, Protobuf 6.33.5). In the Java SDK (xrpl4j), the transaction signing API was overhauled to eliminate large switch statements using Immutables-generated builder methods. On the developer portal, a new "Delete an Account" tutorial with JavaScript/Python code samples shipped alongside Go code samples for the Lending Protocol. On opensource.ripple.com, reference and concept documentation for Confidential Transfers (XLS-96) was published. A vulnerability disclosure report for two liveness bugs (fixed in rippled 3.0.0) was also published on xrpl.org.
This was a week of both code infrastructure improvements and significant documentation additions across the XRP Ledger ecosystem. In the core server software (rippled), developers integrated a new cryptographic SDK library for on-chain verification — part of the ongoing work on Confidential Transfers, a feature that would let people make private token transfers on the ledger. The codebase also saw major reorganization: the ledger module was split into cleaner, more manageable pieces across 93 files, and all RPC handler functions were reorganized into individual files grouped by category, making it much easier for developers to find and work on specific API endpoints. Key dependencies were updated too, including OpenSSL (the encryption library), gRPC (the communication framework), and Protobuf (the data serialization library), which will be important for security and compatibility when the next release ships.
For the Java SDK (xrpl4j), the way transactions are signed was completely overhauled. Previously, the code contained large manual lists mapping every transaction type to its signing logic — over 400 lines that had to be updated every time a new transaction type was added. The new approach uses auto-generated code, so adding a new transaction type automatically works with signing. This makes the SDK easier to maintain and less error-prone. On the JavaScript SDK side, the core cryptographic libraries were updated to new major versions, and both the JavaScript and Python SDKs pinned their security scanning tool (Trivy) to a specific version in response to a supply chain attack disclosure.
The developer documentation saw the biggest week-over-week improvement, jumping from 1 merged PR last week to 17 this week. The standout additions include a complete tutorial on how to delete an XRPL account (with working code in JavaScript and Python), Go language tutorials covering the entire Lending Protocol workflow, and new reference documentation for Confidential Transfers on opensource.ripple.com. The API server Clio fixed a bug where the api_version setting was being ignored in subscription streams — meaning developers requesting the newer API format were getting the old format instead. A vulnerability disclosure report was also published, detailing two liveness bugs discovered by Common Prefix in 2025 that could have let a compromised validator crash other validators. These were fixed in rippled 3.0.0, so no action is needed by current operators.
For ongoing updates, follow @XRPLF and @RippleXDev on X, and check the XRPLF GitHub organization directly for the latest activity.
Note: All rippled changes below were merged to the develop branch and are not yet live on the network. A tagged release is required for any change to reach production.
mpt-crypto/mpt_utility APIs, consolidating and replacing prior verification code. This is part of ongoing Confidential MPT (XLS-96) development work.ProofReader component with authorization, locking, and overflow edge case handling.Coro::resume() against completed coroutines (rippled#6608, +19/−7 across 2 files) — Fixes an intermittent assertion failure in CI caused by a documented race condition where resume() could be called on an already-completed coroutine. Submitted by contributor @pratikmankawde.Ledger class. Submitted by contributor @a1q123456.ValidLoanBroker and ValidLoan into dedicated header/source file pairs, following the existing pattern for other invariant files.ripple(d) to xrpl(d) — Per XLS-95, rippled#6676 (+536/−501 across 143 files) is in progress (open), updating documentation, comments, and internal function names. AI reviewers flagged several issues including a sed bug in a helper script; active review continues.feature (clio#3011, +141/−5 across 4 files) — When amendments were completely deleted from libXRPL, Clio could no longer return them in feature queries, even for historical ledger indices where the amendment was enabled. This fix preserves historical amendment data for queries.api_version (clio#3010, +201/−48 across 6 files, closes clio#3007) — The api_version parameter was being ignored when forwarding xrpld's subscription stream. This fix adds repackaging into API v2 format when needed. Resolves the transactions_proposed stream inconsistency flagged by the community last week.LICENSE.md.Asset and Asset2 field definitions in the AMMClawback transaction docs.BlindingFactor type definition and addresses edge cases in the Confidential MPT specification (XLS-96). Approved.withTransactionSignature and withSigners methods to the Transaction interface, prompting the Immutables library to generate type-safe builder helpers for all transaction subclasses. Eliminates over 400 lines of manually maintained switch statements.SignatureUtils (#2-of-2) (xrpl4j#715, +287/−297 across 9 files) — Follow-up PR that removes the now-unused methods deprecated in #712.@noble/curves and @noble/hashes bumps are major version upgrades (1.x → 2.x) requiring .js extensions on imports.Lending Protocol bug fixes (rippled#6678, +128/−16, open, labeled "Amendment") — Fixes multiple issues in the Lending Protocol: LoanManage now calls associateAsset on all flag paths, LoanPay returns tecNO_PERMISSION instead of temINVALID_FLAG for overpayment on non-overpayable loans, and a financial invariant is enforced post-amendment. Currently has conflicts that need resolution. AI reviewers flagged issues with associateAsset on error paths.
VaultClawback zero-amount clamping (rippled#6646, +220/−9, open, approved by @shawnxie999, labeled "Amendment") — Fixes an edge case where zero-amount clawback ("clawback all") could recover more assets than available when there's an outstanding loan. Gated behind fixAssortedFixes.
Vault withdrawal trustline limit check (rippled#6645, +128/−4, open, labeled "Amendment") — Fixes a gap where share-denominated (MPT) vault withdrawals skipped trustline limit checks. Gated behind fixAssortedFixes.
Enforce aggregate MaximumAmount in multi-send MPT (rippled#6644, +134/−20, open, approved by @pratikmankawde, labeled "Amendment") — Fixes a stale-snapshot bug that allowed multi-destination MPT sends to exceed MaximumAmount. Gated behind fixAssortedFixes.
CI: Linux package builds (DEB + RPM) (rippled#6639, +1,099/−10 across 28 files, open) — Adds DEB and RPM package builds to CI with smoketest validation. This will streamline how operators install rippled on Linux. AI reviewer flagged several CI and security concerns under review.
Move more helper files into libxrpl/ledger/helpers (rippled#6638, +142/−147 across 75 files, open) — Continues the ledger helper reorganization. AI reviewers flagged concerns about potential behavioral changes in inlined code; has conflicts.
GRPC TLS support (rippled#6374, +1,195/−5, open) — Adds TLS support to gRPC connections. Multiple review rounds ongoing with security and test coverage concerns flagged.
Fix Workers::stop() race condition (rippled#6574, +17/−5, open) — Fixes a race between m_allPaused and m_runningTaskCount during shutdown. Being tested via Antithesis (automated fault injection testing).
Confidential Transfer for MPT (rippled#5860, +11,706/−108 across 39 files, labeled "Blocked: Needs Final XLS") — WIP for Confidential MPT (XLS-96). Active development with 155 review rounds; ongoing.
Clio: VaultList for Lending Protocol (clio#2972, +1,100/−0) — Implements a new vault_list RPC. Companion spec PR at XRPL-Standards#506.
Clio: Optional log rotation (clio#3016, +203/−11) — Adds configuration to disable log rotation.
xrpl.js: Custom definitions support (xrpl.js#3229, +3,248/−48 across 18 files) — Threads an optional XrplDefinitionsBase parameter through encoding, signing, and submission APIs. Active review.
xrpl.js: Specific response types for ledger_entry (xrpl.js#3230, +209/−27) and Type narrowing for LedgerEntryRequest (xrpl.js#3231, +60/−14) — TypeScript type improvements so client.request() returns narrower response types. Active review.
xrpl.js: Missing request/response fields (xrpl.js#3217, +640/−11 across 14 files) — Adds pagination fields to NFT offer types, account to AMMInfoRequest, and ledger index fields to various responses. CI failures being resolved.
xrpl.js: Change default signing algorithm to ed25519 (xrpl.js#2658, +145/−17) — Breaking change; waiting for a major version bump.
xrpl-py: XLS-82d MPT-DEX support (xrpl-py#914, +2,177/−43 across 32 files) — Waiting on rippled integration tests to pass.
xrpl4j: Single Asset Vault support (XLS-65) (xrpl4j#713, +7,755/−170 across 96 files) — Comprehensive Vault transaction support; 38 review rounds ongoing.
xrpl4j: Account Permission Delegation (XLS-75) (xrpl4j#689, +5,240/−4 across 46 files) — 68 review rounds; active development.
opensource.ripple.com: Sponsored Fees and Reserves docs (XLS-68) (opensource.ripple.com#207, +1,263/−0 across 14 files) — Concept and reference documentation under review.
opensource.ripple.com: Confidential Transfers tutorials (opensource.ripple.com#208, +721/−1) — Blocked on SDK changes.
fixAssortedFixes are approved or near-approved. Once conflicts are resolved on #6678, these could all land. They collectively address multiple correctness issues in vault clawback, vault withdrawal, and multi-send MPT transactions.sfLockedAmount > 0). Latest review is approved, but the PR needs to be updated to use the newly registered fix amendment. Community contributor @Kassaking7's first PR.xrpl package API (signing, submitting) rather than dropping down to ripple-binary-codec directly. Active review with 7 rounds completed.Vulnerability disclosure published — The blog post detailing two liveness bugs discovered by Common Prefix (reported June 2025, fixed in rippled 3.0.0) was published this week. The bugs could have allowed a compromised UNL validator to crash other validators via manipulated transaction set data. No action needed — the fix has been live since version 3.0.0.
Validator Graceful Handoff discussion (XRPL-Standards#505) — A community member proposed a tmHandoff peer protocol message and warm-standby process mode that would allow validators to signal planned absences, enabling near-zero-downtime software upgrades. This is a pre-standard discussion — no XLS number assigned yet. Another community member linked related prior work on graceful shutdown detection.
New host functions and versioning rules for XRPL-Standards (XRPL-Standards#504, open, +308/−15) — Adds six new float host functions and versioning rules for host function immutability. Active discussion on how smart escrows should handle mantissa/exponent persistence.
New rippled issues filed — A core team collaborator filed 10 new issues this week covering defense-in-depth improvements: missing isPseudoAccount checks in payment paths (#6666), stale OrderBookDB entries after AMMDelete (#6665), AMMVote writing to expired auction slots (#6664), missing AMMDelete preflight validation (#6663), and more. Most are labeled "AI Triage" and represent defense-in-depth improvements rather than exploitable vulnerabilities. #6641 (clarify ticketDelete code) is labeled Good First Issue.
First-time contributor — @Kassaking7 submitted their first PR (rippled#6635) fixing MPToken deletion when there's an active escrow. After receiving change requests about amendment gating and test improvements, they addressed the feedback and received approval.
xrpl-py precision bug (xrpl-py#923) — A community member reported that verify_iou_value incorrectly rejects valid IOU values like 9999999999999999e79 because the precision calculation expands the number to its full decimal form (95 digits) instead of counting only the 16 significant figures.
Feature requests for rippled — Two feature requests were filed: #6629 proposes enriching account_currencies with issuer entries and trust line state metadata, and #6625 reports that book_offers pagination doesn't always return a marker, making full order book traversal unreliable.
Compared to last week (March 16–22, 2026):
| Metric | This Week | Last Week | Change |
| Repos with activity | 8 | 8 | flat |
| rippled PRs merged | 28 | 38 | ↓10 |
| rippled PRs opened | 19 | 28 | ↓9 |
| rippled commits | 29 | 40 | ↓11 |
| rippled new issues filed | 13 | 11 | ↑2 |
| xrpl-dev-portal PRs merged | 17 | 1 | ↑16 |
| xrpl-dev-portal PRs opened | 12 | 5 | ↑7 |
| xrpl-dev-portal commits | 17 | — | — |
| xrpl.js PRs merged | 5 | 2 | ↑3 |
| xrpl.js PRs opened | 11 | 9 | ↑2 |
| xrpl.js commits | 5 | 2 | ↑3 |
| xrpl-py PRs merged | 1 | 0 | ↑1 |
| xrpl-py PRs opened | 0 | 1 | ↓1 |
| xrpl-py commits | 1 | — | — |
| XRPL-Standards PRs merged | 2 | 4 | ↓2 |
| XRPL-Standards PRs opened | 2 | 4 | ↓2 |
| XRPL-Standards commits | 2 | 4 | ↓2 |
| clio PRs merged | 8 | 3 | ↑5 |
| clio PRs opened | 2 | 1 | ↑1 |
| clio commits | 8 | 4 | ↑4 |
| xrpl4j PRs merged | 2 | 2 | flat |
| xrpl4j PRs opened | 4 | 4 | flat |
| xrpl4j commits | 2 | 2 | flat |
| opensource.ripple.com PRs merged | 2 | 0 | ↑2 |
| opensource.ripple.com PRs opened | 2 | 1 | ↑1 |
| opensource.ripple.com commits | 3 | — | — |
| Releases | 0 | 1 | ↓1 |
Notable carryovers from last week: xrpl-dev-portal#3529 (account deletion docs and tutorial) was "In Progress" last week and merged this week. opensource.ripple.com#201 (Confidential Transfers docs) was approved last week and merged this week. The Clio transactions_proposed stream inconsistency (clio#3007), flagged in last week's Community section, was resolved via clio#3010. The developer portal saw a major surge — from 1 merge last week to 17 this week — driven by QA component work and the landing of several documentation PRs that had been in review.