A documentation- and standards-heavy week. On the developer portal, rippled 3.1.3 release notes and amendment documentation were published alongside a major page composition refactor that restructures all landing pages into modular components. In xrpl-py, a bundle of four security-hardening bug fixes merged to main (pending PyPI release), addressing silent data corruption and secret-material leakage. Clio shipped release candidate 2.8.0-rc2 and merged six PRs including a large codestyle alignment refactor. XRPL-Standards saw 11 PRs merge, highlighted by XLS-87: Token Pre-Authorization landing as a new draft spec and an update to the Confidential MPT specification.
This was a week focused on documentation, standards, and SDK quality rather than core protocol changes — rippled's develop branch saw no new merges, in contrast to last week's 25. The most user-facing development was the publication of rippled 3.1.3 documentation on the developer portal, accompanied by an official blog post. This release introduces the fixCleanup3_1_3 amendment, which bundles fixes for NFTs, Permissioned Domains, Vaults, and the Lending Protocol, and has a default vote of Yes. If you run an XRP Ledger server, upgrading to 3.1.3 is recommended.
For Python developers, the Python SDK (xrpl-py) merged a bundle of four bug fixes that address issues where private seed material could accidentally appear in error messages and where certain token amount serializations could silently produce incorrect data. These fixes are merged to main but not yet published to PyPI, so Python developers will get them in the next xrpl-py release. Meanwhile, both the JavaScript and Python SDKs have open PRs to fix a common migration problem: when users provide a secp256k1 seed (starting with s) to Wallet.fromSeed, the library was silently generating keys for a completely different account. Once these PRs merge and are released, developers won't need to manually specify the signing algorithm — the SDK will detect it from the seed format. The Clio API server published release candidate 2.8.0-rc2 and merged its codebase to align with rippled's naming conventions across 301 files. On the standards front, a new draft specification (XLS-87: Token Pre-Authorization) was formally added, and the Confidential MPT specification was updated with important policy changes: issuers must now explicitly opt in to freeze and clawback of confidential funds, and clawback destroys tokens rather than returning them to the issuer.
For ongoing updates, follow @XRPLF and @RippleXDev on X. The rippled 3.1.3 blog post is at xrpl.org/blog/2026/rippled-3.1.3, and all development activity can be tracked on the XRPLF GitHub repos.
Note: All rippled changes below were merged to the develop branch and are not yet live on the network. A tagged release is required for any change to reach production.
Note: SDK PRs below were merged to each library's main branch. They become available to application developers only after a tagged release is published (npm for xrpl.js, Maven Central for xrpl4j, PyPI for xrpl-py). If no corresponding SDK release appears in the data, treat the feature as merged-but-pending-release and phrase availability accordingly.
127.0.0.2 localhost forwarding on macOS and ensured keyspace cleanup handles non-existent keyspaces. clio#3072 (+3/−3).actions/configure-pages to the main repo and fixed workflow behavior in forks. clio#3075, clio#3074.fixCleanup3_1_3 amendment, which contains fixes for NFTs, Permissioned Domains, Vaults, and the Lending Protocol. The official blog post notes a default vote of Yes and recommends operators upgrade. xrpl-dev-portal#3633 (+179/−14 across 9 files, approved by @amarantha-k).index.page.tsx from ~1,200 lines to ~40 lines. xrpl-dev-portal#3640 (+4,845/−4,049 across 175 files).lsmfMPTCanMutateCanLock default changed to false (issuers must explicitly enable freeze/clawback of confidential funds), clawback now burns funds rather than returning to the issuer's reserve, and transfer fees for confidential transfers are documented. Approved by @yinyiqian1. XRPL-Standards#540 (+84/−45).actions/checkout v5→v6, actions/setup-java v4→v5, android-actions/setup-android v3→v4, and switched Clio integration tests from Java 8 to Java 26 (required for Clio's TLS certificates). xrpl4j#788 (+27/−22).catch (NullPointerException e) { throw e; } in SerializedType.getTypeByName() with an explicit IllegalArgumentException containing a descriptive message. Closes #775. xrpl4j#783 (+60/−6).xrpl.js: Deep amount comparison fix (xrpl.js#3338, +41/−2) — Fixes handleDeliverMax using reference equality (!==) for IOU/MPT amounts, which caused spurious validation errors when Amount and DeliverMax were identical but separate object literals. Community contribution by @satyakwok; has one review comment round. Closes #3313.
xrpl.js & xrpl-py: Seed prefix signing algorithm inference (xrpl.js#3337, +45/−14; xrpl-py#999, +32/−17) — Parallel PRs by @ckeshava fixing a common migration issue where Wallet.fromSeed silently coerced secp256k1 seeds to ed25519, deriving the wrong account. No reviews yet.
xrpl.js: MPT-DEX support (XLS-82D) (xrpl.js#3214, +2,450/−88 across 44 files) — Updates transaction and request models for MPTAmount, with integration and unit tests. 38 review rounds, active development by @ckeshava.
xrpl.js: Dynamic MPT (XLS-94D) support (xrpl.js#3081, +1,316/−16) — 68 review rounds, integration tests passing per CI. Awaiting review from @pdp2121.
xrpl4j: Integration test flakiness fix (xrpl4j#787, +179/−94) — Adds account-sequence polling before reading derived state from Clio nodes, addressing replication lag. 7 review rounds; still flaky on Clio per @sappenin.
xrpl4j: CurrencyAmountDeserializer NPE fix (xrpl4j#786, +86/−5) — Replaces node.get() with node.path() to prevent NPE on missing JSON fields. 7 reviews.
xrpl4j: No-result NPE fix (xrpl4j#785, +99/−2) — 4 reviews.
xrpl4j: Lending Protocol (XLS-66) (xrpl4j#719, +10,776/−36 across 88 files) — Major feature PR with 54 review rounds. Has outstanding review comments from @cybele-ripple about repeated placeholder values.
xrpl4j: Dynamic MPT (XLS-94D) (xrpl4j#780, +2,606/−6 across 16 files) — No reviews yet.
Clio: Delegate filter for account_tx (clio#2827, +821/−5) — Adds filtering by delegation relationships. Waiting on upstream rippled#6126 to merge first.
XRPL-Standards: Wasm VM limits (XRPL-Standards#532, +7/−0) — Adds memory/data size constraints to XLS-0102. 3 reviews.
XRPL-Standards: XLS-65 reformat (XRPL-Standards#463, +689/−508) — Structural restructure of the spec to match the template, with error codes being added. 26 review rounds, actively in progress by @Tapanito.
xrpl-dev-portal: 2026 brand update (xrpl-dev-portal#3362, +56,839/−7,333 across 532 files) — Very large WIP PR by community contributor @AKCodez.
Amount and DeliverMax are provided as separate object literals. Active review discussion suggests it's close.Amendment idea: Withdraw Authorization — Community member @Handy4ndy proposed sender-controlled outgoing payment restrictions via WithdrawPreauth and WithdrawNoauth in Discussion #544. @mvadari asked how this interacts with the existing Firewall spec's separate signing rules. A related Deposit Authorization idea extending receiver-side incoming payment control was also posted (Discussion #543).
New spec proposal: XLS-93 Token PayChan — Community contributor @dangell7 submitted a new draft spec for token-enabled payment channels in XRPL-Standards#536 (+311/−0). @mvadari noted it needs rebasing to latest master before review.
xrpl4j: Separate mainnet integration tests — @sappenin filed an issue noting that some integration tests unconditionally hit mainnet regardless of CI flags, proposing they be split into a dedicated CI job.
MPT serialization alignment — The parallel seed-prefix fixes in xrpl.js and xrpl-py by @ckeshava reflect ongoing cross-SDK consistency efforts following the upstream MPT byte-order fix identified last week.
opensource.ripple.com — A branch for Q2 2026 roadmap graphic updates was pushed (rx-roadmap-q2-2026) but no PR has been opened yet.
Compared to last week (May 4–10, 2026):
| Metric | This Week | Last Week | Change |
| Repos with activity | 7 | 8 | ↓1 |
| rippled PRs merged | 0 | 25 | ↓25 |
| rippled PRs opened | 0 | 19 | ↓19 |
| xrpl.js PRs merged | 0 | 1 | ↓1 |
| xrpl.js PRs opened | 4 | 7 | ↓3 |
| xrpl-py PRs merged | 1 | 0 | ↑1 |
| xrpl-py PRs opened | 2 | 3 | ↓1 |
| xrpl4j PRs merged | 2 | 1 | ↑1 |
| xrpl4j PRs opened | 5 | 6 | ↓1 |
| xrpl-dev-portal PRs merged | 3 | 2 | ↑1 |
| xrpl-dev-portal PRs opened | 5 | 7 | ↓2 |
| xrpl-dev-portal commits | 3 | 2 | ↑1 |
| XRPL-Standards PRs merged | 11 | 0 | ↑11 |
| XRPL-Standards PRs opened | 5 | 4 | ↑1 |
| XRPL-Standards commits | 10 | 0 | ↑10 |
| clio PRs merged | 6 | 5 | ↑1 |
| clio PRs opened | 1 | 0 | ↑1 |
| clio commits | 5 | 5 | flat |
| Releases | 4 | 1 | ↑3 |
Notable carryovers: The xrpl-py bug-fix bundle (xrpl-py#993) — flagged as "In Progress" last week at 35 review rounds — merged Wednesday. The xrpl-dev-portal 3.1.3 doc updates (xrpl-dev-portal#3633) — noted as in progress last week — also landed. This week saw zero rippled activity (no PRs merged or opened), a sharp contrast to last week's 25 merges and 19 openings, while XRPL-Standards swung in the opposite direction: 11 merges this week versus zero last week. The 4 releases (Clio 2.8.0-rc2, Clio nightly, two xrpl.js pre-releases) represent a 3× increase over last week's single release.