Version 3.1.3 of rippled, the reference server implementation of the XRP Ledger protocol, is now available. This release introduced the fixCleanup3_1_3 amendment, which contained a collection of fixes for NFTs, Permissioned Domains, Vaults, the Lending Protocol, and MPTs.
Due to the severity of the bugs, development took place in both the public rippled repo and a private repo to keep the details of the issues confidential and prevent malicious actors from exploiting them before fixes shipped. To address all of the issues quickly, they were bundled under a single fixCleanup3_1_3 amendment, and UNL validators were contacted to update immediately. The amendment shipped with a default vote of Yes, so validators upgrading their software automatically cast a yes vote to speed up applying the fixes.
In addition to the fix amendment, this release also added a verify_endpoints parameter to the rippled configuration file for local peer network development, less-severe bug fixes, and refactors.
If you run an XRP Ledger server, upgrade to version 3.1.3 as soon as possible to ensure service continuity.
On supported platforms, see the instructions on installing or updating rippled.
| Package | SHA-256 |
|---|---|
| RPM for Red Hat / CentOS (x86-64) | 85549e28750a29bb817bc271996f721fcc80d85ae15fc6a97beeb094260bc4e2 |
| DEB for Ubuntu / Debian (x86-64) | 2d7bcca6c8148c395d827681870a5e033521719c2d2c34b64d2cf923af3aa07c |
For other platforms, please build from source. The most recent commit in the git log should be the change setting the version:
commit 46b241ace8b30d9c9775d60ffba7d24b21903896
Author: Ed Hennis <[email protected]>
Date: Wed May 6 15:37:35 2026 -0400
Set version to 3.1.3fixCleanup3_1_3: This amendment introduced a collection of fixes for NFTs, Permissioned Domains, Vaults, the Lending Protocol, MPTs, and miscellaneous issues:
- NFTs
- Fixed an issue with expired
NFTokenOfferentries remaining on the ledger. TheNFTokenAcceptOffertransaction now deletes expired offers as part of transaction processing. (#5707)
- Fixed an issue with expired
- Permissioned Domains
- Single Asset Vaults
- Clamped
VaultClawbacktoassetsAvailablefor zero-amount ("all") clawbacks, fixing a bug that allowed clawing back more assets than were available on outstanding loans. (#6646) - Fixed a trust line token limit check that was skipped when withdrawing vault assets.
VaultWithdrawtransactions that specify either vault shares or vault assets now respect the trust line token limit of the destination address. (#6645)
- Clamped
- Lending Protocol
- Fixed a fee calculation issue by capping the base fee for
LoanPay. (#6969) - Fixed an inaccurate assertion in
LoanPaytransactions by improving IOU rounding accuracy. (#6231) - Added several Lending Protocol fixes. (#6678)
- Fixed loan accounting information not updating in its associated
Loan,LoanBroker, andVaultentries when the loan was defaulted, impaired, or unimpaired. - Changed a
LoanPayerror to returntecNO_PERMISSIONinstead oftemINVALID_FLAGwhen attempting to overpay on a loan that doesn't permit overpayments. - Added an additional check for
LoanBrokerinvariants to ensure the listedCoverAvailableexactly matches the assets held in the associated pseudo-account.
- Fixed loan accounting information not updating in its associated
- Fixed a fee calculation issue by capping the base fee for
- MPTs
- Miscellaneous Issues
- Added a
verify_endpointsparameter to therippledconfig file. The default value is1, which configures the server to validate endpoint addresses received from peers. If set to0, the server skips validation, allowing addresses that are not publicly routable or have a port of0. This is useful for local peer network development, but should never be disabled when on Mainnet. (f511eeb)
- Updated the
portfield in the Peer Crawler API to consistently return an integer for both inbound and outbound peers. Previously, outbound peers returnedportas a string while inbound peers returned it as an integer. (#6318)
- Improved loan invariant message. (#6668)
- Fixed
account_txlimit parameter validation for malformed values. (#5891) - Fixed array size check. (#6030)
- Corrected index for limit in
book_offersCLI. (#6043) - Fixed nullptr resolving when there is no DB config. (#6029)
- Truncated thread name on Linux. (#5758)
- Limited reply size on
TMGetObjectByHashqueries. (#6110) - Fixed tautological assert. (#6393)
- Fixed gateway balance with MPT. (#6143)
- Made assorted NFT fixes. (#6566)
- Made assorted Oracle fixes. (#6570)
- Made assorted Vault fixes. (#6607)
- Made assorted Permissioned Domain fixes. (#6587)
- Removed fatal assertion on Linux thread name truncation. (#6690)
- Changed
Tuning::bookOffersminimum limit to 1. (#6812) - Added rounding to Vault invariants. (#6217)
- Capped the base fee for
LoanPay. (#6969) - Checked network ID in
transactionSignFor. (2ddef8c) - Improved JSON parsing of currency issuers. (#7110)
- Updated
PermissionedDomainDeleteto use keylet for SLE access. (#6063) - Enforced 15-char limit and simplified thread naming labels. (#6212)
- Improved RPC variable naming and handling. (
56a9d69) - Removed erroneous
base_uintconstructor from container. (5aa3d5e) - Limited JSON array size. (#7112)
- Filled
txJsonbased onapiVersion. (#7109) - Used named constant for leaf item size. (#7130)
- Improved
Forwardedheader field parsing. (#7126) - Moved unhex lookup table out of function. (#7104)
- Prevented dry-run transactions from being queued. (#7131)
- Only uploaded artifacts in the
XRPLF/rippledrepository. (#6523) - Used latest version of publish-docs workflow. (#6824)
- Made pre-commit line ending conversions work on Windows. (#6832)
- Shortened job names to stay within Linux 15-char thread limit. (#6669)
The following RippleX teams and GitHub users contributed to this release:
- RippleX Engineering
- RippleX Docs
- RippleX Product
- @Kassaking7
- @janibakin
- @tequdev
We welcome reviews of the rippled code and urge researchers to responsibly disclose any issues they may find.
For more information, see: