Bitcart

Properly track contract transfers of any complexity

As smart contract events are unreliable for tracking smart contract transfers, a few releases ago we switched to a more reliable parsing approach.
This ensures that no transaction is ever missed because we parse blockchain directly and not events. But it made us not being able to parse complex transfers,
for example Binance or Coinbase batching transactions in one.
Now we found a reliable way to parse those, with no action required from your end. It means that we now parse any complexity transfers automatically.

Massive improvements in docker deployments

Our nginx deployments configs were massively refactored and improved in security.

All our deployment guides will be updated with the new recommended, even easier instructions on how to run Bitcart directly, or behind cloudflare, or
with your own reverse proxy. All combinations were tested for and we figured out the optimal settings for each.
Client ip address is now correctly detected in nginx access logs and in Bitcart API running.
This is essential for features like reset password protection against attackers.

Add support for ready deployment presets, for example:

./setup.sh --preset cloudflare

Properly configures your instance to work under cloudflare.

Currently 4 presets are supported:

cloudflare          Bitcart runs behind cloudflare directly
cloudflare-proxied  Your server runs another reverse proxy, and Bitcart is behind that reverse proxy
proxied             Bitcart is behind a reverse proxy that is not cloudflare (requires PROXY protocol)
proxied-legacy      Bitcart is behind a reverse proxy that is not cloudflare (requires X-Forwarded-For HTTP header)

Proxyprotocol support via REVERSEPROXY_PROXYPROTOCOL - this is the recommended approach if you are running another reverse proxy on your server,
more information in deployment guides.

Fix issues where when switching from BITCART_REVERSEPROXY nginx-https to nginx bitcart still tried to use ssl certificates.

SSL policy updates: drop TLS1 and TLS 1.1 and refresh SSL ciphers. This prevented connecting to cloudflare directly before.
Now our SSL setup is modern and secure.

Enable gzip compression of API responses (this works seamlessly with any client). It should reduce the amount of data sent over the network.

Nginx configs are now nicely formatted.

Add https://generator.bitcart.ai - experimental demo site where you can choose your settings and generate a ready docker-compose.yml file.

Note that this is more for preview of what is generated or usage on specialized services where you need to upload docker-compose.yml file.

It is still recommended to use our docker deployment scripts for ease of use (and plugins support).

Trusted IP presets (with cloudflare support) for proper display of client ip address.

Nginx docker image in use is now bitcart/nginx with additional modules installed to allow our advanced secure config to work.

Proper support for cases when containers are running in multiple networks (e.g. if you run opentelemetry monitoring).

Enable keepalive for connections to bitcart API and frontend components: this should allow for faster and more efficient requests to APIs.

Improve security of reverse proxy: only if ip address is trusted, and if a header is known to be properly validated by the trusted ip address (e.g. cloudflare), it is passed to client unmodified. Otherwise it is replaced with a safe value.

Add support for JSON logs in nginx.

Fixes for default server when there are multiple servers hosted.

Improve handling of the case when ssl certificate is not yet ready, it now rejects ssl handshake.

Update acme.sh letsencrypt certificate manager to latest version

Optimize admin and store operations

Optimize container networking: now admin and store no longer talk to API via publicly-accessible API url but prefer to use container networking if possible.
This means that Bitcart should work properly in more usecases, initial load times are faster (especially over onion domains), and for example, if
you use cloudflare, you no longer need to whitelist your own server ip in the firewall.

Optimize initial admin and store loading: to protect from web scrapers taking down API, if initial request is a 404 request, admin and store no longer fetch
details from API server-side. It is loaded up on client-side in browser in such cases. For end users it doesn't impact the experience at all, but those who call
server non-interactively (automated bots) will no longer trigger any useless data loading. This greatly optimizes API stability.

Add validation for invalid payout amounts (< 0)

Switch to github actions

We switched all of our CI/CD operations from CircleCI to Github Actions.

It is a long-awaited change for project maintainers, because it allows us to use a more modern and flexible system.

Github provides more resources to opensource projects on github actions, and we won't have an issue like we had before with circleci which disrupted all of the project operations.

This also allows us to self-host some of CI operations on our own servers via Forgejo actions in the future.

This also leads to the next point

Better security

Thanks to github actions adoption, now all our docker images and binaries (bitcart-cli) are signed and attested. It allows you to verify that docker image downloaded was indeed built
by a github actions workflow, at a specific date, and with URL to view build logs.

Docker images now also include SBOM files, Software Bill of Materials, which shows a complete list of all dependencies used to build our docker image.

This allows for better supply chain security.

For example, to verify bitcart docker image:

gh attestation verify --owner bitcart oci://bitcart/bitcart:stable

IMPORTANT: security fixes

Disable registration on new instances by default. After the first (admin) user signed up, registration gets disabled automatically.
It can be re-enabled in server settings. Existing running servers are not affected.

Important security update for instances with public registration: if you run such an instance, update immediately.

IMPORTANT: Log retention period

For storage optimization, now server logs are automatically cleaned up if they are older than 90 days. This is configurable.

Opentelemetry

Bitcart has now gained a lot of observability features even some production apps don't support!

To enable prometheus metrics endpoint, set BITCART_PROMETHEUS_METRICS_ENABLED to true.

It exposes a new /metrics endpoint which can be scraped with prometheus. It requires an auth token with scope of metrics_management.

For now it only exposes http stats and one custom value:

bitcart_pending_creation_payment_methods_count gauge - useful for debugging stuck payment methods, it shows how many payment methods are currently pending creation.

Bitcart backend (api, worker) and daemons now support being instrumented by opetelemetry!

For that, set BITCART_OTEL_ENABLED to true. Opentelemetry default distribution is installed by default in our docker images.

We support traces and logs protocols, metrics are supposed to be handled by our prometheus metrics endpoint

Backups improvements

Allow configuring backups to S3 by env vars (they now work properly):

S3_ACCESS_KEY_ID, S3_SECRET_ACCESS_KEY, S3_DEFAULT_REGION, S3_ENDPOINT_URL.

So it is now possible to store Bitcart backups encrypted in e.g. Backblaze B2 as well!

Set BACKUP_ENCRYPTION env var to true to enable it (it can be done from admin panel's backup UI too).

Backups are encrypted using the BACKUP_ENCRYPTION_KEY. Ensure to write it down!

You can view the encryption key in the following way:

cat .deploy

Use zstd compression for backups

Our backups will now use the .tar.zst extension. zstd compression is faster and more efficient than gzip. Recovering old .tar.gz backups should still be supported.

Better consistency across projects

We now use just for launching tasks in e.g. docker compose files.

It allows us to modify launch command and other things without modifying docker compose files, which causes an issue because it required us
to issue an urgent release before.

For manual deployments as well, you no longer need to manually run commands, just use just tasks to do that and in case the command changes, your workflow doesn't!

For example, just daemon btc instead of python3 daemons/btc.py

We have enabled dependency cooldowns of 1 week for better security of our dependencies.

Better logging in daemons

Now bitcart daemons use the same consistent log format as bitcart backend, allowing for easier e.g. log parsing pipelines in your systems.

Modifications in plugins hooks

db_modify_object* hooks now pass a second parameter: old_model. So in total there are 2 params passed: model (new object), old_model (old object).

Add db_delete_object* hooks.

Plugins API dispatcher should attempt to support both old and new versions of hooks signature, but updating to new signatures is always recommended.

Misc

• Deploys via cloudflare tunnel now properly see client's ip address
• Fix powered by logo display in onedomain mode
• Add plugin deeplinks in admin panel (?plugin_id=X)
• Updates for advanced nginx deploys
• Update tor and cloudflared
• Add bitcart-cli.sh autocomplete, fix saving env vars on macos (zsh)
• Drop daemons plugins support, they were not used and can't be used reliably anyway
• Add back the email_settings endpoint missed during migration to new backend
• Added new healthcheck endpoints /health/live - returns ok if bitcart is running, /health/ready - returns ok if bitcart is running AND database, redis and coins are working properly.
• Allow to run alembic migrations when password has special characters
• Silence paramiko.transport logger as it's too verbose
• Add an opt-out message to checkout page offering to use ETH plugin when checkout UX is not optimal
• Support Python 3.14
• XMR: add 1 second TTL to block number calls. This should help reduce number of RPC calls made
• Fix pending triggers migration issue occuring sometimes in migrations
• Use modern websockets-sansio protocol

Fixes for cashtokens decimal formatting

IMPORTANT: fix redis memory and worker CPU issues

There was an issue where background tasks were creating entries in redis but were not cleaned up. The scope of issue varies instance by instance, but
what is certain is there was a near 100% CPU usage in background worker. This is now fixed.
After installing the update ensure to run ./restart.sh to clear redis memory.

IMPORTANT: fixes for MATIC (POL) exchange rates

Coingecko has changed the id for MATIC, which means exchange rate was broken and defaulted to 1:1. This is now fixed. Update ASAP if you use MATIC.

Cashtokens support in BCH

UTXO-native smart contracts in BCH chain are there! It works the same way as our existing support for ETH and similar tokens, but thanks to UTXO powers, it doesn't need any specific fixes to accept payments from anywhere.

Daemons healthcheck notifications

In case a daemon is down, you can now receive notifications to your preferred source. For that, configure healthcheck store id in server policies and connect at least 1 notification provider. You will get notifications if daemons are down.

Allow customizing payment methods in invoice creation

It is finally possible, you don't need to create multiple stores anymore. What you can do now is create one store, and when creating invoice, override payment methods used for this specific invoice. You can't select wallets not connected to this store.

Advanced mark as complete dialog

Now mark as complete no longer uses the first available payment method to mark invoice as complete. You can select payment method used, and optionally set sent_amount and tx_hashes to whatever the value it was.

Add per-wallet transaction speed override

In some wallets or chains you may want to accept payments only after a higher degree of confirmations. The policy in store applied to all wallets by default, but now you can edit it on the wallets level. It is still capped to 10 confirmations for all currencies, and 32 for XMR. Maximum limits may be adjusted after user feedback.

Other changes

• Fix for product_names and refunds
• Better error handling of database errors
• Provide metadata accessing functions to templates
• Create an autocomplete mode for list items endpoint
• Make schema parsing more reliable (frontend handles it itself)
• Add support to exact filter by metadata fields
• Refactor pagination, add new search_query hook
• Expose product quantities in API and display in admin panel
• Don't require json responses in IPN
• Add ability to allow lightning incoming channels
• Don't truncate ULIDs in admin panel

Fix excessive memory usage of ETH-based daemons (TRX not affected)

The memory usage was capped but still too high due to excessive caching, update if you want to reduce memory footprint.

Fix worker and backend graceful shutdown

Fix tokens list created date display