rippled 3.1.3 was released this week — the first tagged production release in the data, shipping fixes from the staging branch. Alongside that, 25 PRs merged to rippled's develop branch spanning loan/vault accounting fixes, confidential MPT fee increases, dependency upgrades, and CI improvements. In Clio, a fix merged to stop caching admin-only RPC responses. On the developer portal, credential transaction docs and amm_info request fields were corrected. In xrpl.js, private key material is now redacted in error messages (merged to main, pending npm release). In xrpl4j, Java 16 CI was dropped (merged to main).
The biggest news this week is the release of rippled 3.1.3 — a new production version of the XRP Ledger's core server software. This is what validators and node operators should upgrade to. However, there was a hiccup: the Docker container images that many operators use to deploy rippled weren't published to the usual location. A community member flagged this, and the team confirmed that images are available at an alternate location (rippleci/rippled:3.1.3) while the official channel catches up. If you run an XRP Ledger node via Docker, check that alternate location.
Beyond the release, development continued at a steady pace. On the develop branch (changes not yet live on the network), the team fixed a bug where certain accounts could unfairly keep discounted trading fees on the Automated Market Maker (AMM) after a pool was emptied and refilled — essentially a state leak. Loan payment math was improved to avoid crashes when interest rates are extremely small, and the cost of confidential token transactions was raised to discourage spam during testing. The JavaScript SDK (xrpl.js) merged a security improvement: if your code encounters an error involving a private key, the key is now hidden in the error message instead of being printed in full — important for preventing accidental exposure in logs. This improvement is merged but not yet published to npm, so JavaScript developers will get it in the next xrpl.js release.
On the documentation front, the developer portal fixed duplicate text on the credential transaction pages and added missing fields to the AMM info API reference. These are the kinds of small but impactful fixes that help developers avoid confusion when building on the XRPL.
For ongoing updates, follow @XRPLF and @RippleXDev on X. The rippled 3.1.3 release is available at its GitHub release page, and all activity can be tracked on the XRPLF GitHub repos.
Note: All rippled changes below were merged to the develop branch and are not yet live on the network. A tagged release is required for any change to reach production.
Note: SDK PRs below were merged to each library's main branch. They become available to application developers only after a tagged release is published (npm for xrpl.js, Maven Central for xrpl4j, PyPI for xrpl-py). If no corresponding SDK release appears in the data, treat the feature as merged-but-pending-release and phrase availability accordingly.
verifyDepositPreauth into cleanupExpiredCredentials + checkDepositPreauth, moving the cheaper authorization check before the expensive zero-knowledge proof verification. rippled#7085 (+187/−13, approved).IssuerEncryptedBalance during confidential MPT conversion. rippled#7060 (+45/−17, approved).flotSet → floatFromMantExp, floatToMantissaAndExponent → floatToMantExp, and removes floatAbs, floatNegate, floatLog. rippled#7053 (+2,035/−2,036).sfAuthAccounts could persist across an empty-pool reinitialization via tfTwoAssetIfEmpty, granting discounted fees to previously authorized accounts. rippled#6996 (+95/−0, approved by 2 reviewers).(1+r)ⁿ−1 in computePaymentFactor — Fixes catastrophic cancellation at near-zero periodic rates (r·n ≲ 10⁻⁹) that caused debug-build crashes. rippled#7033 (+660/−84, approved).LoanPay — Calculates maximum fee as maxFeeIncrements × baseFee when payments exceed periodicPayment × loanMaximumPaymentsPerTransaction. Ported from 3.1.3. rippled#6970 (+133/−41, approved).server_definitions regressions — Corrects unsorted FIELDS array and duplicate sfGeneric entry introduced in #5590. rippled#7008 (+47/−29, approved).secure_gateway config section name — Fixes a clang-tidy-driven rename from secure_gateway to secureGateway that broke gRPC config parsing. rippled#7091 (+6/−6, approved by 3 reviewers).Io → IO corrections. Contributed by @godexsoft. rippled#7092 (+177/−176, 42 files).visitInvariantEntry/finalizeInvariants implementations. rippled#7080 (+146/−0, approved).develop into confidential-transfer branch — Large sync bringing the feature branch up to date. rippled#7071.boost::optional — Fixes clang-tidy warnings after dependency upgrades. Contributed by @mathbunnyru. rippled#7088 (+9/−9, approved)..clang-tidy style alignment with Clio — Minor config consistency update. Contributed by @mathbunnyru. rippled#7096 (+7/−3).XRPLF/create-issue action — Centralizes CI failure issue creation. rippled#7076 (+10/−48, approved).XRPLF/create-issue adoption (clio#3066).amm_info missing request fields — Adds missing request fields to the amm_info documentation. xrpl-dev-portal#3620 (+14/−9, approved).[redacted] in error messages instead of being interpolated in full. Public keys remain visible since they are not sensitive. Merged to main — pending npm release. xrpl.js#3327 (+64/−7).rippled: MPT sequence byte-order fix (rippled#7098, +302/−17) — Fixes a double byte-swap on little-endian hosts in STIssue::add() that caused non-canonical wire encoding. Already approved by 4 reviewers — likely to merge imminently.
rippled: Config string literals → constants (rippled#7095, +1,230/−998, 82 files) — Replaces section/key name literals with centralized constants. Approved with minor AI review comments.
rippled: Scoped enums refactor (rippled#7086, +2,640/−2,730, 361 files) — Converts remaining C enums to modern scoped enums. Approved by @bthomee, has merge conflicts.
rippled: Propagate MPT flags to vault shares (rippled#7077, +1,367/−72) — Ensures lsfMPTCanTransfer/lsfMPTCanTrade govern vault deposits, withdrawals, and DEX activity. Gated behind fixCleanup3_2_0. Has outstanding change requests from @gregtatcam.
rippled: LoanPay assertion fix (rippled#6967, +345/−41) — Fixes a rounding appearance of lost funds when Vault and Loan scales differ significantly. Approved by 3 reviewers, pending final sign-off.
rippled: O(n²) → O(1) path dedup (rippled#7070, +30/−13) — Performance improvement replacing linear path deduplication with hash set lookup. Approved.
rippled: Consensus test migration to GTest (rippled#7046, +6,511/−1,369, 34 files) — Large migration. Has unsigned commit warnings.
rippled: Number rounding fix at maxRep cusp (rippled#7051, +587/−345) — Corrects incorrect rounding-down when mantissa reaches maximum. Approved.
rippled: Online delete pause on ledger gaps (rippled#5531, +338/−20) — Long-running PR (multiple AI review flags inline). Adds gap detection to prevent ledger gaps from persisting during online deletion.
rippled: Protocol v2.3 LedgerNodeDepth (rippled#6353, +901/−263) — Replaces 32-byte node ID with 2-byte depth in TMLedgerNode. Approved, labeled QE test required.
xrpl-py: Bug-fix collection (xrpl-py#993, +310/−18, 11 files) — Four security-hardening fixes addressing silent data corruption and secret-material leakage. 35 review rounds, still under active development.
xrpl4j: Lending Protocol (XLS-66) (xrpl4j#719, +10,776/−36, 88 files) — 52 review rounds. Major feature PR.
xrpl4j: MPT-DEX (XLS-82) (xrpl4j#704, +7,011/−1,181, 56 files) — Build broken, waiting on updated rippled Docker image.
xrpl-dev-portal: MPT DEX Integration docs (XLS-82) (xrpl-dev-portal#3537, +558/−125, 33 files) — Under active review by @mDuo13 with change requests.
xrpl-dev-portal: Doc updates for 3.1.3 (xrpl-dev-portal#3633, +34/−14) — In progress.
XRPL-Standards: Float host functions and versioning rules (XRPL-Standards#504, +305/−15) — Adds six new host functions and §5.11 versioning rules. 61 review rounds with active design discussion.
opensource.ripple.com: Confidential Transfers doc updates (opensource.ripple.com#215, +65/−27) — ZKP spec alignment, transfer fee constraint, and special transaction cost documentation. Has change requests from @oeggert.
Missing 3.1.3 deployment artifacts — Community member @thebeanogamer filed an issue noting that while rippled 3.1.3 has a git tag, there's no proper GitHub Release page or published Docker images at the expected xrpllabsofficial/xrpld location. The rippled CI pipeline publishes images to rippleci/rippled:3.1.3 instead, confirmed as production-safe. Another community member (@mitter91) raised concerns about testnet amendment activation without release notes, noting some public servers from xrpl.org's official list were affected.
Feature request: sfDomainID on EscrowCreate — Community member @raosunjoy proposed extending sfDomainID support to EscrowCreate and EscrowFinish, enabling Permissioned Domain membership enforcement at escrow submit time for regulated settlement venues.
SHAMap leaf-item size validation gap — Contributor @vlntb identified that LedgerReplayMsgHandler::processReplayResponse bypasses wire-parsing factories when constructing leaf items, missing the size validation checks present in other code paths.
MPT serialization inconsistency across SDKs — @ckeshava filed matching issues in both xrpl.js and xrpl-py documenting how Issue.from() and Issue.fromParser() produce different internal byte buffers for MPT issues, linked to the upstream rippled byte-order bug (rippled#7098).
Community contributions — @mathbunnyru contributed 6 merged PRs across rippled (dependency bumps, CI improvements, IWYU pragma, clang-tidy alignment). @xVet contributed the default reserve value update. Community member @0x3nigma opened a JSON validation fix for parseVault. @xh74d82hl continued work on transaction typeMap alphabetization in xrpl4j.
Clio compatibility issue — An automated check flagged that Clio's build fails against libXRPL 3.1.3, indicating potential compatibility work needed.
Compared to last week (April 27 – May 3, 2026):
| Metric | This Week | Last Week | Change |
| Repos with activity | 8 | 8 | flat |
| rippled PRs merged | 25 | 34 | ↓9 |
| rippled PRs opened | 19 | 7 | ↑12 |
| rippled commits | 18 | 13 | ↑5 |
| xrpl.js PRs merged | 1 | 2 | ↓1 |
| xrpl.js PRs opened | 7 | 2 | ↑5 |
| xrpl-py PRs merged | 0 | 1 | ↓1 |
| xrpl-py PRs opened | 3 | 5 | ↓2 |
| xrpl4j PRs merged | 1 | 4 | ↓3 |
| xrpl4j PRs opened | 6 | 7 | ↓1 |
| xrpl-dev-portal PRs merged | 2 | 7 | ↓5 |
| xrpl-dev-portal PRs opened | 7 | 5 | ↑2 |
| xrpl-dev-portal commits | 2 | 30 | ↓28 |
| XRPL-Standards PRs merged | 0 | 11 | ↓11 |
| XRPL-Standards PRs opened | 4 | 0 | ↑4 |
| clio PRs merged | 5 | 11 | ↓6 |
| clio commits | 5 | 11 | ↓6 |
| opensource.ripple.com PRs opened | 1 | 2 | ↓1 |
| Releases | 1 | 2 | ↓1 |
Notable carryovers: The server_definitions regression fix (rippled#7008) — opened last week as "In Progress" — merged Tuesday. The amm_info docs fix (xrpl-dev-portal#3620) — approved and close to merging last week — also landed. Several lending/vault PRs that were "In Progress" last week (principal-zeroing fix rippled#7050, overpayment assertion rippled#7039, IOU precision loss rippled#7057) remained open with merge conflicts due to the ongoing clang-tidy naming enforcement. Overall, merged PR counts dropped across most repos compared to last week's unusually high volumes, while rippled saw a surge in newly opened PRs (19 vs. 7), reflecting active feature development and post-3.1.3 cleanup.