• RDAP server bug fix for events (date) disclosure issue on RDAP port 43.
  • Improved port 43 performance.
  • ROOT.war sha256 : a5d49d6346f9e540625d1018b1b4054c161bf42b1fb1e824fefbb13af8d5a27d
    Note: The port 43 reponse on the RDAP server does not incldue the "Reregistrataion" or "Transfer" date reponses that are part of the RDAP specifications but not the legacy WHOIS specification.


sha256sum - f61b20f5d2faca25183ca9c55f3f66bda8526f6d0e2d08edbf5222cf25a0834b

  • EPP Fees Extension (rfc8748). Improved validation of both the currency and fee, registration and renewal of non-premium domains using fee extension is now supported.
  • EPP contact case sensitivity resolved.
  • Check a domain authcode in the portal, authcodes are one-way hash. It is not possible to see them in the portal, users can only update to a known value. This new feature allows users to check to see if the authcode they have on file is correct using the portal.
  • Logging of Authcode "last updated by IP" bug fixed
  • WHOIS status monitor in the header fixed
  • Client autorenew prefferences now include a Disable option.
  • Zone life cycle settings now include separate zone-wide autorenew prefferecnes for Expiry, Transfer and Restore ( previous versions just had a global Expiry prefference).
  • Escrow configuration updated to store sftp private key in the file system.
  • SSH libary changed from jsch to apache mina sshd, bouncy castle dependancy removed.
  • SSH test button added to escrow and BRDA config page.
  • DPS payment gateway token issue resolved.
  • Credit Settings and Bank Payment/Adjustments pages split to two pages.
  • Premium rules case sensitivity issue resolved.
  • Premium domian restore bug resolved.
  • Statements and Proforma downloads available as XLS
  • WHOIS IP and port congfiguration moved from Site Config to WHOIS Config page.
  • dB cleanup and maintenance tools remvoed from web portal and added to a jar app.
  • Bulk Update all pricing by a specified %
  • Pre-Expiry email configuration and automation improved.
  • Added domain search filter for Final Delete date.
  • History results chronological order fixed
  • Top Up menu in header hidden from registars if all payment gateways are disabled.
  • IPv6 and IPv4 validation library updated
  • UI fixes to allow display of more digits when setting or updating pricing.
  • Option to repalce "@" with "AT" in RDAP / WHOIS email address results removed.
  • Admins can access the Credit Settings and Payments Adjustments page from the Top Up menu.
  • LoginID linked to Paymetns / Adjustments saved in transaction ledger.
  • Duplicates in deleted domains CSV issue resolved
  • Improved RDAP module with support for port 43 WHOIS (for backwards compatability as the WHOIS standard is depreciated).
  • Updated jar app to ensure database has been updated correctly.
  • New jar app to re-calcualte historical taxes stored in the ledger.
  • Updated jar app to re-hash domain and contact authcodes.


  • Improved conformance with fees extension (rfc8748 )
  • Improved detailed monthly and custom proforma invoices.
  • SMTP TLS and SSL configuration fix.
  • Escrow page configuration fix.
  • New RDAP and Blocking App monitoring.


  • Critical: This is a critical security patch for all users, it fixes fixes several attack vulnerabilities.
  • Various libraries updated


  • Critical: Removes exploitable unsanitized code reported by https://hellomouse.net. This is a critical patch for all users. ( this was resolved in build 4935, accessible instances have been patched and other users notified )
  • EPP and portal response codes now display more information regarding why a name is not available
  • Deleted domains CSV expanded to include more contact information
  • Search ledger for add-on merchant fees only ("CC Fees") bug fixed
  • CC Fees no longer included in proforma CSV
  • Failed register/renew/transfer/restore for insufficient credit transactions no longer included in proforma CSV
  • Start / End Balance removed from proforma pdf
  • Home page transaction receipts display client custom gateway billing details if configured
  • Administrator and Client monthly and custom pdf report formatting improved
  • Tax % now displayed on transaction pdfs where applicable.
  • Blocking app API monitoring improved
  • EPP and portal availability check speeds improved when the registry is connected to the blocking app API
  • Various libraries updated


v20230607 - Release Candidate (RC)

Hosted instances have already been patched to the RC.
Users with support may request access to the RC war file.
  • Updated, mobile freindly web portal (v.9)
  • SMTP server configuration.
  • Support for STRIPE and 4CS payment gateways.
  • Improved payment gateway reconcilliation.
  • Improved statistics collection.
  • WHMCS module upgraded to suport 8.7.2 and DS record management.
  • RDAP module updated for improved conformance.


  • All domain and contact authcodes are hashed, the client preference to not hash them has been removed. Admins and registrars may reset authcodes via EPP or the http portal, but it is no longer possible to see authcodes in the portal or db.
  • DUM Report includes new column "recovered" for domains that were admin restored from the archives and previously included in the create column. This fix should ensure that the DUM report counts and the ledger transaction counts can be reconciled.


Errors Resolved
  • Changes to logic related to client auto-renew preferences. Patch resolves edge case of auto-renewals on transfer despite a combination of client and/or zone policy that should prevent it.


Errors Resolved
  • Domains Under Management (DUM Report) improved. Registry automation will take care of the stats regeneration. To be safe assume regeneration will take 12-24 hours from the time of patching


Errors Resolved
  • Export CSV from trasnactions ledger page (bug was introduced in v20230202)


Errors Resolved
  • Transaction (ledger) End Date filter. Previous release ( v20230201 ) introduced the bug, v20230201 was using 00:00:01 as the end time, corrected to use 23:59:59.
  • Single domain transaction filter - date range and transaction types fixed.


Errors Resolved
  • Monthly Domains Under Managemnt ( DUM ) report calculations.
  • Save of Credit Limit and multi-gateway settings.
  • Premium renewal fees issue (when "Addon Only" option is selected).
  • Mastercard REST Gateway conectivity.
  • MTN Momo gateway error page.

v20230116 #4293

sha256 - de210ff8e3028502890884079ca5c49b6fa513029671a2de38b06508403e1139

  • The default green theme restored and updated.
  • Cross-registrar admin bulk delete feature restored (expired domains only).
  • Client option to save un-encrypted domain authcodes removed.
Errors Resolved
  • Clone pricing error fixed.
  • Column alignment/order on ledger pages fixed.


Errors Resolved
  • Adjustment / Bank Payment ( Credit / Debit ) save issue fixed


Two (2) critical exploits fixed - update asap

  • Differentiate between adjustments and account payement (top-ups) when making manual credit adjustments.
  • Apply inbound bank payments (credits) on the date they were actually received by the bank (today or in the past).
  • Public Authcode and WHOIS pages can be configured independently.
  • Quick link to account balance on top menu.
  • Support for DNSSEC Types 15 and 16.
  • Premium name enhancements ( disregard base fee in calculation ).
  • Statistics improved.
  • Housekeeping on public WHOIS and Authcode pages.
  • Navigation menus rationalised as step 1 of a multi-step portal upgrade.
Removed Features
  • Domain Application.
  • Support for Trademark Clearinghouse.
  • Activation and Contact Proxy Extensions.
  • Portal based theme configuration.


  • Escrow file metadata updated for compliance with rfc8908
  • DNS propagation, DNSSEC and and serial number checks improved - with a status monitor and link in the header for any admin role. Previously it was just available to sys admins via the automation menu.
  • Registrars are now able to see the premium rules and query the fees associated with premium domains, this is especially helpful where the premium rule is a java regular expression or wildcard.
  • DNS checks and status monitor disabled for zones that are not published.
  • Unicode / IDN domain enhancements.
  • Updated css for the "Custom" theme template.
  • EPP Status - improved logging in portal when Clients modify a domain via EPP.
Errors Resolved
  • Rwanda payment gateway issue.
  • Windcave (DPS) payment gateway logging.


  • Updated DS validation to avoid bad DS records over EPP (EPP Domain Update/ EPP Domain Create) and in the web portal. (This validation will check DS Digest, Key tag, DS alg, and query the domain NS to check if it matches the DNSKEY details, bad DS records will cause EPP domain update for DS record fails, but Domain Create will allow the registrar to add domain - but without associated bad DS records).
  • Update zone automation code to avoid empty DS records.
  • AuthCode Edit in the portal (and auth codes auto-generated by system) will not allow any characters that can break the XML parser.
  • Removed "include DNSKEY with DS" record code in the portal.
  • New SQL patch to remove any empty DS digest from DB and add a constraint to avoid any empty values in DB.
  • DS records included by default in Escrow files.
Errors Resolved
  • Fixed the Contact Info elements order in the EPP response to match the XML schema mentioned in rfc5733.
  • Fixed the missing registrant contact details in the Escrow files for stub zone domains.
  • Fixed the portal EPP status display when viewed by registrar logins/ client view.


  • New columns display Portfolio/ Zone counts on Client and Zone page load.
  • Bulk Delete for registrar improvements. Note: Only domains with no Server or Client delete locks can be bulk deleted, also if zone policy does not allow registrars to delete, bulk delete functionality is not available. Admins must act on behalf of the owner - client to bulk delete.
Errors Resolved
  • Fixed Advanced (bulk) search for deleted domains.


  • Escrow files now downable from the portal.
  • Moved stats JSON files to /stats/tld/*json from /status. Stats folder and access IP's now configurable on Site -> Config page.
  • Enhanced DNS trace delegation display.
  • Enhanced the Show Me the Money report by adding ROID, and ClientID to portal output.
  • Improved history details for failed transactions due to lack of credit.
  • Removed custom stats and application JSP (ke) from the build.
  • Added Statements tab for registrars (top menu).
  • Added the required QR code library for ke invoices.
  • Inacitve gateways and gateways with no transactions are now redacted on the transaction search page.
  • Improved logging in WHOIS-DR module
Errors Resolved
  • Fixed EPP renew "command failed" error in edge case where there was a premium pricing / policy conflict.
  • Fixed display of the application/database software name/version on the overview page.
  • Fixed the missing "Refund Invoice Date" in the refund transaction csv for tld viewer role.


  • Admins now able to enforce a policy where premium names can only be registered and renewed in the portal. If a registrar tries to register via EPP they will recieve an error and the message "Data management policy violation; (11) Registry policy, Premium domain (domain.tld) registration available in portal only." This is for envronments where registrars do not support RFC 8748, but the TLD manager wishes to offer premium names.
  • Cookies and delete of browser cookies on logout.
  • Client cart, highlight premium domains and show available credit.
  • Show me the money CSV export (add client id, and client roid)
  • Enhancements to DUM reports and CSV exports.
  • NA payment gateway payment filter issue.
  • Logging to stdout no longer has a full stack trace for failed epp logins. Note: Failed login history with IP and the cause of the failed logins is also available in the portal.
Errors Resolved
  • Bug fix for restore command fee if a redemption policy is not set.


  • Monthly transaction "dum/count" report.
  • icu4j library used for unicode conversions updated.
  • Removed the Status tab and moved registry statistics menu to the report menu.
  • Made the default transaction search in the TLD statements to one day - instead of 7 days.
  • Enhanced TLD statements page, hide total/subreport when not all of the transactions are listed.
Errors Resolved
  • Registry stats empty JSON file issue resolved.
  • Fixed duplicate column for Export Transactions.
  • Fixed the TLD statements order (ASC or DESC) issue.
  • Fixed the NullPointerException error seen after deleting TLD from the database.


  • Preference to enable system-wide time zone override (enforce UTC for all portal logins). This ensures that the results to queries are the same for all users. Without this enabled, query results may differ depending on the login time zone prefference. Note: All EPP transactions are allways logged in UTC in the database, regardless of the server time zone or login prefference.
  • Index added to speed up audit table queries.
  • The CoCCA EPP Balance check extension can be enabled or disabled with other extensions on the bottom of the EPP configuration page.
  • EPP status "pendingRestore" error messages improved - see FAQ for details on pendingRestore status.
Errors Resolved
  • EPP Balance check error for multi-tld registry instances fixed - see FAQ for information on balance check options.


Errors Resolved
  • Flutterwave and Windcave ( https://www.windcave.com/ ) payment gateway fixes
  • Registrar configured auto-renew preference fixes


  • Support for flutterwave payment gateway ( https://flutterwave.com/ng/ )
  • Support for Standard Bank payment gateway ( Namibia, South Africa )
  • Registrar / Registry Access Fees moved from registry to TLD level
  • Additional zone flatten mis-configuration checks
  • Access to popular links at the top of Account menu
  • Traversal checks improved


  • Filter deleted domains search to exclude names that have been re-registered from results
  • Restrictions - export lists CSV (Unicode and Punycode)
  • Beta version of Sales Reports stats/charts
  • Registry Transaction Statistics (API and portal)
  • Support for digest 4 and alg 14 ( SHA-384 ) DS https://www.rfc-editor.org/rfc/rfc6605.html
  • Zone generation pause time calculations
  • ICANN MosAPI session enhancements
  • Replication Monitoring improved
Errors Resolved
  • Monthly stats for RGP deletes calculation fixed
  • Authcode case sensitivity removed
  • WHOIS-DR tool auto-delete of backups at secondary site fixed
  • Traversal checks for IDN domains issue fixed


  • Support for multi-site (>2) replication monitoring.
  • Zone and domain (DNS traversal) lookups.
  • Transfer option added to top menu.
  • Search deleted names registered between X and Y dates.
  • Zone file generation times.
  • Registrars now able to renew their annual fees prior to expiry.
  • Registrar membership fees can be exempted from tax.
  • Improvments to KRA Sales and Refunds Reports.
Errors Resolved
  • M-pesa payment display on ledger summary.
  • High frequency zone generation serial number issue.


  • ICANN MoSAPI monitoring API integration.
  • Read Only WHOIS and Distaster Recovery Module.
  • postgresql streaming replication monitoring
  • Configure dual WHOIS (local and remote) - http and port 43
Errors Resolved
  • Unicode & ASCII contact edit issue.
  • On-demand backup issue.
  • EPP TLS monitor host name save issue.


Errors Resolved
  • zone Viewer read-only admin user type permissions issue.
  • recovery of deleted (purged) domains in a few edge cases.
  • approver user login after 2FA permissions issue.
  • top of contact create menu overlaps (appears behind) header menu.


  • "Zone Policy" menu to let registrars see detailed policy configuration (lifecycle, prohibited strings, transfer policy).
  • allow registrars to see EPP login activity (failed / success) in the portal.
  • enable / disable registrar "domain push" functionality.
  • enbable / disable a specific payment gateway for all registars.
  • support for TLS 1.3 over EPP, ability to enable/disable depreciaed TLS versions.
  • web portal housekeeping, CSS/Fonts/JavaScript Libs files re-organised making the portal code simpler to maintain.
  • vue.js, jquery, bootstrap and prototype versions updated.
  • domain summary page, additional domain information displayed.
  • consolidated maintenance pages.
  • removed legacy maintenance menu.
  • new activation pages, change the for-activation code length, add extra activate urls, change activation date format to UTC format.
  • removed (sunrise and land-rush) from zone setting.
  • stoped strictly enforceing ASCII for auth code policy.
  • disabled functionality that allowed users to multiple contacts records of the same type but in different scripts for the same contact ROID
  • removed the authcode settings and Contact Int / Loc requirements (no more validation for Loc type contacts over EPP and create one contact type in the web portal.
  • improved the login lock date format, and display right format for NID.
  • removed global pay automation tasks.
  • display both balance and available credit in registrar Account Balance Details "quick link".
  • domain create via web portal prevents registrars from adding domains to cart if insufficient funds for 1 year registration.
  • cleaned automation run times display and date format.
  • hide / disable the escrow config on the stub zones.
  • added domain status delete prohibited EPP flags if zone policy not allow delete current /expired domains (set the domain status according to the zone policy setting).
  • zone file automation page delay settings.
  • logging and audit trail in object history.
  • portal transfer errors more informative.
  • TLD admin edit of client automation settings allowed even if disabled for client.
Errors Resolved
  • "Zone Viewer" user type permissions issue.
  • "LockedUntil" time for locked logins display resolved.
  • premium domain list upload/save issue resolved.
  • escrow zones automation task deleted / old escrow files for stub zones using SQL function.
  • enforce client auto-renew on transfer policy over EPP.