A high-volume week: in rippled, 28 PRs merged to develop including version bumps to 3.2.0-b2 and 3.2.0-b3, multiple Lending Protocol and vault bug fixes gated behind the fixAssortedFixes amendment, a race condition fix in Workers::stop(), and two large clang-tidy modernization passes across hundreds of files. In xrpl.js, custom definitions support and typed ledger_entry responses landed alongside 20+ dependency updates. In xrpl-py, Python 3.9 support was dropped and a precision calculation bug was fixed. On the developer portal, the WebSocket tool was fixed and Redocly was upgraded to 0.131.2. The XRPL-Standards repo gained a new vault_list RPC spec for Single Asset Vaults (XLS-65).
This was a week focused on fixing correctness issues in newer features and modernizing the codebase across the XRP Ledger ecosystem. In the core server software (rippled), several bugs were found and fixed in the Lending Protocol and vault features — for example, when withdrawing from a vault using "shares" instead of a direct asset amount, the system wasn't properly checking whether the destination account could actually hold that many tokens. Another fix addressed a situation where sending tokens to multiple recipients in a single operation could accidentally exceed the maximum allowed supply. These fixes are all gated behind an amendment, meaning they won't take effect until validators vote to enable them. Two beta version bumps (3.2.0-b2 and 3.2.0-b3) were also prepared, though no official release was tagged yet.
For the JavaScript library that developers use to build XRPL applications (xrpl.js), a significant improvement landed: developers working with custom or experimental transaction types can now use the library's full signing and submission features directly, without having to work around limitations in the encoding layer. The library also got better TypeScript types, so when you ask for a specific type of ledger entry, the response now tells your code editor exactly what fields to expect. On the Python side (xrpl-py), support for the now-retired Python 3.9 was dropped, and a bug was fixed where certain perfectly valid token amounts were being incorrectly rejected during validation — if you'd tried to create a transaction with a value like 9999999999999999e80, the library would wrongly say it had too many digits. The developer portal fixed an error in its interactive WebSocket tool and upgraded its underlying site framework.
For ongoing updates, follow @XRPLF and @RippleXDev on X, and check the XRPLF GitHub organization directly for the latest activity.
Note: All rippled changes below were merged to the develop branch and are not yet live on the network. A tagged release is required for any change to reach production.
LoanManage now calls associateAsset on all flag paths instead of skipping it on early returns from defaultLoan/impairLoan/unimpairLoan; LoanPay returns tecNO_PERMISSION instead of temINVALID_FLAG for overpayment on non-overpayable loans; and a financial invariant is enforced. All gated behind fixSecurity3_1_3. Approved by 2 reviewers. Labeled "Amendment".VaultWithdraw preclaim previously skipped the canWithdraw trustline limit check when the withdrawal amount was specified in shares (MPT) rather than assets. Now converts shares to the equivalent asset amount before checking. Gated behind fixAssortedFixes. Approved by 1 reviewer. Labeled "Amendment".rippleSendMultiMPT used a stale read-only snapshot to check MaximumAmount per iteration, so the aggregate could exceed the limit after the first iteration. Replaced with a running total. Old behavior retained behind !fixAssortedFixes for ledger replay. Approved by 1 reviewer. Labeled "Amendment".mpt-crypto SDK's mpt_utility library, removing 220 lines of previously duplicated test code. Approved by 1 reviewer.Payment.cpp::doApply() to correctly distinguish when the payer is a delegatee (uses reserve only) versus the account itself (uses max of reserve and fee). Part of the Permission Delegation (XLS-75) feature.std::optional (rippled#6657, +2/−2 across 2 files) — Changes deletableDirEntryCount in AccountDelete from signed to unsigned, and fixes an assert in ValidatorList.cpp to correctly unwrap an std::optional..cpp handler file and splits them into subfolders matching the xrpl.org API documentation structure. Pure code organization — no functionality changes. Approved.misc checks (rippled#6655, +3,916/−3,966 across 469 files) — The largest merge this week by file count. Enables a suite of misc clang-tidy checks across the entire codebase. Approved. Submitted by contributor @godexsoft.coreguidelines checks (rippled#6698, +299/−343 across 117 files) — Enables coreguidelines clang-tidy checks. Had an outstanding change request about a virtual destructor, but was merged. Submitted by contributor @godexsoft.performance checks (rippled#6648, +141/−139 across 66 files) — Enables performance-faster-string-find, performance-for-range-copy, performance-inefficient-vector-operation, performance-move-const-arg, and performance-no-automatic-move. Submitted by contributor @godexsoft.@codemirror/state to ^6.6.0. Confirmed working by a reviewer.vault_list Clio-only RPC specification to the Single Asset Vault spec (XLS-65). Approved by 1 reviewer. Submitted by contributor @mathbunnyru.XrplDefinitionsBase parameter through utils.encode, utils.decode, Wallet.sign, client.submit(), and client.submitAndWait. This means developers using custom transaction types no longer need to drop down to ripple-binary-codec directly. AI reviewer flagged that definitions wasn't forwarded to submitRequest in one code path. Submitted by core team member @tequdev.client.request() now returns a narrowed LedgerEntryResponse based on the lookup field provided (e.g., account_root narrows the response to LedgerEntryResponse). Submitted by core team member @tequdev.binary flag is set, the response type narrows accordingly. Submitted by core team member @tequdev.MPToken interface's MPTAmount field to use string instead of the MPTAmount type, matching the actual API behavior. Submitted by core team member @tequdev.limit/marker to NFT offer requests, account to AMMInfoRequest, ledger_hash/ledger_index/validated to AccountNFTsResponse, and more. Submitted by contributor @mpint.convertStringToHex/convertHexToString with stringToHex/hexToString.black from 24.8.0 to ^26.3.1 (resolving a Dependabot security alert) and replaces the KW_ONLY_DATACLASS workaround with native kw_only=True across all model classes._calculate_precision incorrectly rejected valid IOU values like 9999999999999999e80 because it counted trailing zeros from decimal expansion rather than only counting significant digits. This was flagged in last week's Community section as an open issue.Greatly enhance simulate RPC (rippled#5637, +987/−140 across 8 files) — Adds support to simulate transactions in past ledgers, not just the current one. Labeled "API Change". Multiple review rounds from Copilot. Has merge conflicts and is blocked waiting on a dependency PR (#5684). Also needs a draft XLS spec.
Untrusted Validator Squelching (rippled#5399, +3,379/−1,080 across 16 files) — Limits message propagation from untrusted validators to improve network efficiency. Approved by a core team reviewer. Has conflicts and is blocked on needing a draft XLS spec.
Structured logging (rippled#5710, +1,932/−152 across 26 files) — Adds structured JSON logging to rippled. Has outstanding change requests about performance benchmarks and log file size impact. Has conflicts.
Linux package builds (DEB + RPM) (rippled#6639, +1,051/−9 across 27 files) — Adds DEB and RPM package builds to CI. AI reviewer flagged security concerns about untrusted PR code on self-hosted runners and suspicious action SHAs. Active review.
Type-safe ledger helpers starting with AccountRoot (rippled#6620, +1,686/−1,180 across 101 files) — A foundational refactor giving each ledger entry type its own read-only and writable class. Awaiting reviewer feedback from core team. Has conflicts.
Harden ledger replay message handlers (rippled#6711, +122/−4 across 2 files) — Adds missing field validation and exception handling for malformed peer messages in the ledger replay pipeline.
Disallow MPTClearRequireAuth if domain exists (rippled#6712, +90/−31 across 3 files) — Prevents issuers from clearing the RequireAuth flag for MPT when a domain exists. Has outstanding change requests about amendment gating.
Prevent deletion of MPTokens with active escrow (rippled#6635, +105/−2 across 2 files) — Carried over from last week. Awaiting rebase onto the staging branch. Community contributor @Kassaking7's work.
xrpl.js: Sponsorship (XLS-68) (xrpl.js#3238, +3,831/−34 across 36 files) — Adds support for SponsorshipSet and SponsorshipTransfer transaction types plus sponsor signing utilities. Active review with actionable comments from AI reviewer.
xrpl.js: Default signing algorithm to ed25519 (xrpl.js#2658, +145/−17 across 10 files) — Breaking change. Waiting for a major version bump. AI review flagged exposed test key material.
xrpl-py: Update default algorithm in Wallet class (xrpl-py#942, +12/−8 across 3 files) — Companion to the xrpl.js default algorithm change. Under review.
xrpl-py: Ledger object hashing utilities (xrpl-py#862, +720/−0 across 4 files) — Adds hashing functions for AccountRoot, Offer, Check, Escrow, PaymentChannel, SignerList, Trustline, and Ticket objects — useful for Batch transactions (XLS-56). Awaiting rebase.
xrpl4j: Lending Protocol (XLS-66) (xrpl4j#719, +10,236/−3 across 85 files) — Adds all Lending Protocol transactions and ledger objects. AI reviewer flagged a signing issue in counterpartySign().
xrpl4j: Single Asset Vault (XLS-65) (xrpl4j#713, +7,762/−170 across 96 files) — Comprehensive vault support, 41 review rounds ongoing.
xrpl4j: MPT-DEX (XLS-82) (xrpl4j#704, +7,809/−1,292 across 59 files) — Build currently broken awaiting a rippled image with the MPT amendment. 50 review rounds.
Developer portal: MPT DEX integration docs (xrpl-dev-portal#3537, +560/−110 across 30 files) — Updates concept and reference docs for MPTs on the DEX. JSON examples still need real transaction data.
Developer portal: Fungible token escrows tutorial (xrpl-dev-portal#3579, +1,977/−0 across 9 files) — New tutorial with JS, Python, and Go code samples.
Developer portal: Tutorials landing page v2 (xrpl-dev-portal#3572, +1,117/−393 across 8 files, closes #3523) — Auto-populated tutorial sections, a "What's New" section surfacing recently updated tutorials, and community tutorial cards.
opensource.ripple.com: Smart Escrows basics (opensource.ripple.com#209, +121/−0 across 4 files) — Landing page and overview of programmability on the XRPL.
opensource.ripple.com: Confidential Transfers tutorials (opensource.ripple.com#208, +721/−1 across 7 files) — Blocked on SDK changes.
Clio: Optional log rotation (clio#3016, +203/−11 across 6 files) — Adds configuration to disable log rotation.
XRPL-Standards: XLS-82 MPT DEX spec (XRPL-Standards#451, +905/−0) — The formal specification for MPTVersion2 enabling MPT support on the DEX. 16 review rounds.
XRPL-Standards: Assorted spec fixes (XRPL-Standards#510, +97/−58 across 15 files) — Corrections across multiple specs.
LedgerConsensus stalled transaction Q&A (rippled discussion #6700) — A node operator reported seeing a LedgerConsensus:ERR Transaction is stalled. We have been voting NO for 8 rounds message. The issue only occurred once and the operator is looking for similar community experiences.
XRPL Wallet Sponsoring discussion (XRPL-Standards#512) — A community member proposed enabling wallets to sponsor other wallets for mass NFT giveaways and pre-funding. A core team member noted this overlaps with the existing Sponsored Fees and Reserves spec (XLS-68).
Frontrunning and transaction ordering discussion (XRPL-Standards#511) — A community member raised concerns about deterministic transaction ordering within blocks enabling frontrunning/sandwich attacks, and proposed an amendment to address validator-visible transaction manipulation.
New host functions and versioning rules (XRPL-Standards#504, open, +308/−15) — Carried over from last week. Adds six new float host functions and versioning rules establishing that deployed host functions are immutable. Active discussion on how smart escrows should handle mantissa/exponent persistence.
Definitions.json correctness checks proposed — Both xrpl.js#3239 and xrpl-py#927 were filed to add CI/CD checks that verify definitions.json against either the server_definitions RPC or rippled's develop branch. This would prevent incorrect definitions from being released.
Community bug reports and PRs — Community member @geoffreysaldo submitted a defensive assertion for the AMM denominator (rippled#6722, needs signed commits). Community member @Kassaking7 is working on a hybrid offer invariant fix (rippled#6716, needs amendment gating per reviewer feedback). Community member @mvanhorn's oracle deduplication fix (rippled#6586, closes #6583) is progressing with tests updated per review feedback. Community member @shortthefomo contributed pathfinding improvements (rippled#6507, #6667) and an RWDB backport (rippled#6549) — all awaiting review.
New issues — rippled#6693 (labeled "Bug"): book_changes RPC merges domain and open book volumes into the same tally entry for Permissioned DEX — low severity, RPC output only. rippled#6691 (labeled "Bug"): CheckCash missing DeliveredAmount metadata for XRP exact-amount path — low severity metadata inconsistency. xrpl-dev-portal#3570: duplicate text on the CredentialCreate reference page.
Compared to last week (March 23–29, 2026):
| Metric | This Week | Last Week | Change |
| Repos with activity | 8 | 8 | flat |
| rippled PRs merged | 28 | 28 | flat |
| rippled PRs opened | 17 | 19 | ↓2 |
| rippled commits | 23 | 29 | ↓6 |
| rippled new issues filed | 5 | 13 | ↓8 |
| xrpl-dev-portal PRs merged | 3 | 17 | ↓14 |
| xrpl-dev-portal PRs opened | 9 | 12 | ↓3 |
| xrpl-dev-portal commits | 6 | 17 | ↓11 |
| xrpl.js PRs merged | 10 | 5 | ↑5 |
| xrpl.js PRs opened | 25 | 11 | ↑14 |
| xrpl.js commits | 3 | 5 | ↓2 |
| xrpl-py PRs merged | 2 | 1 | ↑1 |
| xrpl-py PRs opened | 15 | 0 | ↑15 |
| xrpl-py commits | 2 | 1 | ↑1 |
| XRPL-Standards PRs merged | 4 | 2 | ↑2 |
| XRPL-Standards PRs opened | 2 | 2 | flat |
| XRPL-Standards commits | 4 | 2 | ↑2 |
| clio PRs merged | 4 | 8 | ↓4 |
| clio PRs opened | 2 | 2 | flat |
| clio commits | 4 | 8 | ↓4 |
| xrpl4j PRs merged | 0 | 2 | ↓2 |
| xrpl4j PRs opened | 3 | 4 | ↓1 |
| xrpl4j commits | 0 | 2 | ↓2 |
| opensource.ripple.com PRs merged | 2 | 2 | flat |
| opensource.ripple.com PRs opened | 2 | 2 | flat |
| opensource.ripple.com commits | 4 | 3 | ↑1 |
| Releases | 0 | 0 | flat |
Notable carryovers from last week: The Lending Protocol bug fixes (rippled#6678), vault withdrawal trustline check (rippled#6645), and multi-send MPT MaximumAmount enforcement (rippled#6644) were all flagged as "In Progress" last week and merged this week. The xrpl-py precision bug (#923) reported last week was fixed and closed via #924. The xrpl.js custom definitions PR (#3229) and typed ledger_entry responses (#3230, #3231) were all in progress last week and merged this week. The xrpl.js and xrpl-py repos both saw large surges in opened PRs (primarily dependency updates from Dependabot). rippled PR volume held steady at 28 merges, while the developer portal cooled off from its 17-merge surge last week to 3 this week.