The Mojaloop Foundation is pleased to announce the release of Mojaloop v17.2.0. This release builds on the significant feature set introduced with Mojaloop v17.0.0 and then consolidated with v17.1.0.
Mojaloop v17.2.0 is a non-breaking release that strengthens the Mojaloop platform’s quality and security capabilities. It accomplishes this through quality improvements, patches to vulnerabilities and fixes to several bugs reported by the community including adopters of Mojaloop and system integrators (SIs).
This release includes a reference (example) backend implementation that fixes issues with Helm charts using Bitnami registry. It also includes enhancements to Mojaloop’s notification and discovery mechanisms.
Notification and Discovery Improvements
V17.2.0 includes enhancements to Mojaloop’s notification mechanism by implementing a notification grace period system and backend request retry mechanism in the Mojaloop SDK. When a transfer prepare operation is successful, the system now sets up a timer to automatically trigger a GET /transfers/{ID} request if a patch notification isn’t received within a configurable grace period, helping prevent missed transfer notifications. The inter-scheme discovery flow is enhanced by updating proxy cache method signatures to include proxy identifiers and enhancing cache hit logging.
Address Issues with Backend Dependencies (Provided for Reference)
Last year, Bitnami narrowed the catalog of Helm charts and images, and deprecated versioned images only supporting the “latest” tag for freely available images — see https://www.chkk.io/blog/bitnami-deprecation for details. TL; DR: This issue is fixed with Mojaloop v17.2.0 (though the example backend is only provided for reference and shipped as a separate chart) by moving to Bitnami legacy charts as a temporary fix. A future release (likely v17.3.0) is planned to include standard Helm charts (for example, Strimzi for Kafka).
Hardening Security, Quality and Strengthening Reliability
All known medium, high and critical vulnerabilities in all the repositories that are part of the Mojaloop releases have been addressed, as of the time of the release. In addition, the test coverage has been improved with new tests added. Significant work went into improving the Testing Toolkit (memory leak fix, spec/map file handling, ISO20022 callbacks and Slack timeout reporting). In addition, there were fixes to FX error handling (improvements related to notifications).
Performance Testing and Guidance
Mojaloop deployments using Mojaloop v17.1.0 and greater have now been proven to operate at 1,000 financial transactions per second (FTPS) and higher, aligning with global industry benchmarks. A publication, the Mojaloop performance whitepaper, provides details regarding this effort. The paper examines throughput, resilience, and cost considerations across different deployment approaches, with a focus on cloud-native environments and non-functional requirements that underpin trust and reliability. The results offer practical insight for policymakers, system operators, and implementers assessing scalable, affordable instant payment systems.
This testing effort continues, informed by feedback from SIs and adopters, with plans to cover a wider range of scenarios and higher TPS targets
Community Effort
We extend our gratitude to all the individual contributors involved (contributors with commits are listed in the release notes) along with Co-Develop, Gates Foundation, INFITX, ThitsaWorks and others whose expertise and commitment made this release a reality.
Roadmap
The evolution continues. The next major enhancement will include TigerBeetle integration, delivering performance improvements to the Mojaloop core and next generation settlement processing. Before the next major release however, the pipeline calls for Mojaloop v17.3.0 which will include performance enhancements, quality and security improvements, and refactoring to prepare for the integration with TigerBeetle.
Want to learn more? Join us at the next Mojaloop Community event (Online) Mojacom 31 (July 14-16). Sessions will focus on the technical aspects of Mojaloop. Attendance is free for all, but registration is required.
