payment-gateway.app Docs
Releases

Release 4.1.0

Stable release notes for Payment Gateway App 4.1.0.

Release 4.1.0

  • Channel: stable
  • Deployment target: production
  • Published: 2026-03-27T20:03:21Z
  • Release tag: v4.1.0

[4.1.0] - 2026-03-27

Customer-Facing Changes

Admin Panel

  • Tax preview support for invoices.
  • Subscription management toggle and portal settings.
  • Mollie payment provider integration with configuration fields and webhook support.
  • Global-admin licensing page and improved version check handling.
  • Bulk tax recalculation feature with confirmation and result summary.
  • Configurable rate limiting for the Admin Panel server.
  • Improved invoicing settings to use structured document number layouts.
  • Improved route access management and navigation filtering for licensed features.
  • Renamed 'Backend Domain' to 'Webhook Domain' across related settings.

APIs And Integrations

  • Index creation for invoice sequences to ensure uniqueness and improve performance.
  • Preview tax calculation endpoint for invoices.
  • Endpoint for creating direct-login magic links for customers.
  • Capacity limit checks for organizations and sites for licensed installations.
  • System template settings for managing email templates.
  • Bulk tax recalculation job controls and API endpoints.
  • Auto payment link expiry settings and related support.
  • Magic link authentication for portal access and session management.
  • /portal/status endpoint to check customer portal availability.
  • Capacity limits for organizations and sites in licensing.
  • Support for label and description translations in provider handling.
  • Improved document numbering system for invoices and credit notes.
  • Streamlined user role assignment and enhanced registration flow.
  • Improved tax rule matching to consider effective dates.
  • Improved invoice PDF generation with additional seller and buyer details and payment link QR codes.
  • Improved temporary PDF cache directory handling with fallback behavior.

Checkout And Customer Portal

  • Public portal for viewing invoices and credit notes with internationalization support.
  • Portuguese and Chinese localization for payment screens.
  • Subscription management features including list and detail views.
  • Support for Wise and Wire payment providers with corresponding forms and modals.
  • Improved billing address structure to include company names and localized country names.

Deployment And Operations

  • Licensing endpoint resolution and license checks for API access enforcement.
  • Internal health check endpoint and /api/* pass-through handling.
  • Updated invoice and credit note prefixes to include a hyphen for improved formatting.
  • Updated invoice sequence indexes to be organization-level.
  • Updated invoice number layout structure and allocation behavior for organization-level uniqueness.
  • Consolidated API and webhook handling into streamlined API routes.
  • ZeroSSL certificate issuer from reverse proxy configuration.

Security

  • Added cache invalidation for organization encryption settings.
  • Restricted access to internal health check endpoints.

Fixes

  • Enforced HTTPS for payment URLs in the checkout service.
  • Improved SMTP handling, including STARTTLS, base64-encoding, and proper client closure.
  • Rounded average tax rate calculations to prevent floating-point artifacts.
  • Amazon SES SMTP host updated to the correct EU region.
  • Release metadata URL updated to the production endpoint.
  • Enforced 4xx responses for invalid webhook signatures or payloads.
  • Disabled 'x-powered-by' header in the server for improved security.
  • Corrected trusted proxy configurations and CORS handling in reverse proxy configuration.

Deployment Notes

Use the updater from payment-gateway-deploy to install this release. Exact image references and digests are resolved from signed release metadata and deployment tooling instead of being duplicated in these notes.

Security Artifacts

This release was published before the current release security artifact contract was made customer-facing. Use Release Security Transparency for the current SBOM, vulnerability report, policy-result, checksum, and provenance evidence model.

On this page