Distributed Ledger
Client Tool
Shared Components

Project Health

This quarter we achieved a quality Ubuntu 20.04-based Hyperledger Indy release candidate – a big milestone. The Release Candidate includes both Indy Plenum and Indy Node, each of which were built, tested and published using a modern, automated CI/CD pipeline. The maintainers are working on the downstream plugins to enable deployment on existing networks. Several new networks that are starting up have been deployed using the new release candidates. This release is also the hold up for the deployment of `did:indy`.

The community worked a lot this quarter on a couple of reported vulnerabilities (CVEs). Both can be addressed in the current (pre-Ubuntu 20.04) and later versions, and fixes have been created. One is a documentation advisory for configuring Indy nodes. It is still being finalized, but is close to completion. The second is a new release of Indy that is now available and ready for all "pure Indy" deployments. Downstream releases are in process. The pain of producing this (hopefully) final Ubuntu 16.04-based release demonstrates why the need for the modern CI/CD pipeline is so desperately needed.

Much progress has been made this quarter in defining AnonCreds ZKP-based verifiable credentials (which started life in Indy) as an open standard (see the spec being created). Much progress has been made recently in making AnonCreds ledger agnostic, meaning that it is not dependent on Hyperledger Indy, but can be supported by other ledgers and mechanisms. That change will reduce the resistance to the use of AnonCreds by those thinking it is "proprietary", but should also help Indy, as it is the easiest way to deploy the capability.

The interest in deploying instances of Indy continues to be strong, with lots of questions on Hyperledger Chat from people learning to run their own instances.

Per the Indy Activity Dashboard (2022-04 to 2022-06), there were 133 commits from 16 contributors. both of which are about the same as last quarter. However, that does not count the CVE repos that are still private until the vulnerabilities have been deployed in production instances.

Questions/Issues for the TSC

Issues from previous reports:

Build Pipelines

Update: The Ubuntu upgrade is complete and producing releases – including a release candidate. Awaiting final testing and downstream artifacts to be tested before declaring the release ready.

Diversity of Contributor Community

Update: Little change this quarter in contributor community. Lots of interest, but the core maintainers continue to do most of the work.


  • indy-plenum (Ubuntu 16.04) – CVE release
  • indy-plenum (Ubuntu 16.04) – v1.13.2-rc2
  • indy-node (Ubuntu 16.04) – CVE release
  • indy-node (Ubuntu 16.04) – v1.13.1-rc0, v1.13.2-rc2

Overall Activity in the Past Quarter

In the past quarter (as in the previous quarter), ledger code development focused on code management – upgrading the Indy Node and Plenum CI/CD pipeline and upgrading Indy Node to run on Ubuntu 20.04. 

Current Plans

With the new CI/CD Indy Node and Plenum pipelines complete, and the Ubuntu 20.04 upgrade available, the core maintainers are focused on their downstream releases.

Maintainer Diversity

The bi-weekly Indy Contributors call continues to be the medium by which maintainers coordinate work, discuss critical issues to the Indy codebase, and agree on HIPEs. Topics and attendance has increased recently, with more and more interested parties showing up, and new contributors weighing in on the conversations.

Contributor Diversity

From the last report: The "Indy Contributors" course was presented in early 2022 and was extremely well received. The edX course about Indy, Aries and Ursa (here) was updated early in 2021 (this was missed in the last Quarterly report – even though the author of the quarterly report was the course creator...).

Additional Information

Reviewed by


  1. Stephen Curran Thank you for the report! A quick question: Do you plan on adding Ubuntu 22.04 (LTS) support anytime soon?

    The reason for my curiosity is selfish as usual: Cactus has the Indy CLI as a build dependency and we were looking into moving our dev containers to be Ubuntu 22 based (up from the current Ubuntu 20)

    1. The CLI is part of the indy-sdk and so likely – but not certain – works on 22.04 already.  I'll see what I can find out from the Maintainers.

    2. Looks like it is a follow on task to the Ubuntu 20.04 work for indy-node. This came up on Discord today, and the issue was support for libsodium18.  AFAIK, what we are using on Ubuntu 20.04 for indy-node is working, so I would assume the same update would work with the CLI.

      Discord Message: