Releases: getyoti/yoti-python-sdk
Release list
v2.14.6
Release 2.14.6 — What's New
New Features
Share Code Resources & Tasks
Adds support for parsing and retrieving share code resources and verify share code tasks from IDV session responses.
- New
ShareCodeResourceResponseclass exposingsource,media,profile, and task data - New
ShareCodeMediaResponseandVerifyShareCodeTaskResponseclasses ResourceContainer.share_codesproperty for list accessVERIFY_SHARE_CODE_TASKconstant added toconstants.py
capture_type on Static Liveness Resources (#460)
StaticLivenessResourceResponse now exposes a capture_type property (e.g. "PHOTOGRAPH"). Defaults to None when the field is absent.
extraction_image_ids on IDV Page Responses (#461, #452)
PageResponse now exposes an extraction_image_ids property — the list of media IDs used for automated extraction. Defaults to an empty list when the field is absent or null.
process on Breakdown Response (#453)
BreakdownResponse now exposes a process property indicating the breakdown process type (AUTOMATED / EXPERT_REVIEW). Defaults to None when absent.
brand_id in Session Config (#458)
SdkConfigBuilder.with_brand_id(brand_id) allows a brand identifier to be set on the IDV session config for iframe theming. The field is omitted from the JSON payload when not set.
Suppressed Screens (IDV Shortened Flow) (#459)
SdkConfigBuilder.with_suppressed_screens([...]) / with_suppressed_screen(...) allow specific screens to be omitted from the IDV journey.
Seven new constants added:
| Constant |
|---|
ID_DOCUMENT_EDUCATION |
ID_DOCUMENT_REQUIREMENTS |
SUPPLEMENTARY_DOCUMENT_EDUCATION |
ZOOM_LIVENESS_EDUCATION |
STATIC_LIVENESS_EDUCATION |
FACE_CAPTURE_EDUCATION |
FLOW_COMPLETION |
Security & Dependency Upgrades
CVE Remediation
Core SDK (install_requires)
| Package | Before | After | Reason |
|---|---|---|---|
cryptography |
>=42.0.0 |
>=44.0.1 |
CVE-2024-12797 |
protobuf |
>=4.21.12 |
>=4.25.8,<6 |
CVE-2025-4565, CVE-2026-0994 |
requests |
>=2.31.0 |
>=2.32.4 |
CVE-2024-47081 |
urllib3 |
>=2.2.1 |
>=2.6.3 |
Decompression / redirect CVEs |
pyopenssl |
>=24.0.0 |
>=26.0.0 |
High severity CVEs |
All 10 *_pb2.py files regenerated using the _builder API required by protobuf 4.x/5.x runtimes.
Example Apps
| App | Key Changes |
|---|---|
| Django | 4.0.1 → 4.2 LTS (critical SQLi CVEs closed) |
| Flask | 1.x → 3.0.6 (CVE-2023-30861) |
| Werkzeug | 1.x → 3.0.6 (request smuggling, debugger RCE, path traversal) |
| Jinja2 | → 3.1.6 (5 CVEs) |
v2.14.5
Static Liveness Check Implementation
Overview
This implementation adds support for Static Liveness Check to the Yoti Python SDK, enabling identity verification using a single static image instead of the ZOOM liveness method which requires multiple frames and facemap data.
Features Added
1. Session Creation (Request Side)
Create STATIC Liveness Check
from yoti_python_sdk.doc_scan import RequestedLivenessCheckBuilder
# Build a STATIC liveness check
liveness_check = (
RequestedLivenessCheckBuilder()
.for_static_liveness()
.with_max_retries(3)
.with_manual_check_never()
.build()
)Generated JSON:
{
"type": "LIVENESS",
"config": {
"liveness_type": "STATIC",
"manual_check": "NEVER",
"max_retries": 3
}
}2. Session Retrieval (Response Side)
Access STATIC Liveness Resources
from yoti_python_sdk.doc_scan import DocScanClient
client = DocScanClient(sdk_id, key_file_path)
session_result = client.get_session(session_id)
# Get all STATIC liveness resources
static_resources = session_result.resources.static_liveness_resources
for resource in static_resources:
print(f"Resource ID: {resource.id}")
print(f"Liveness Type: {resource.liveness_type}")
# Access the image and media
if resource.image and resource.image.media:
media_id = resource.image.media.id
media_type = resource.image.media.type
created = resource.image.media.created
print(f"Media ID: {media_id}")
print(f"Media Type: {media_type}")3. Media Content Retrieval
Download STATIC Liveness Image
# Get the first STATIC liveness resource
static_liveness = session_result.resources.static_liveness_resources[0]
# Extract media ID
media_id = static_liveness.image.media.id
# Retrieve the actual image content
media_content = client.get_media_content(session_id, media_id)
# Access the image bytes and MIME type
image_bytes = media_content.content
mime_type = media_content.mime_type # e.g., "image/jpeg" or "image/png"
# Save to file
with open(f"liveness_image.{mime_type.split('/')[-1]}", "wb") as f:
f.write(image_bytes)Example Application
The Flask example application (examples/doc_scan/) now displays Static Liveness resources on the success page:
- Shows resource ID and liveness type
- Displays the static liveness image
- Provides media ID for reference
- Uses collapsible accordion UI similar to ZOOM liveness
Backward Compatibility
✅ Fully backward compatible - All existing code using ZOOM liveness continues to work without any changes:
# Existing ZOOM liveness code still works
zoom_check = RequestedLivenessCheckBuilder().for_zoom_liveness().build()
zoom_resources = session_result.resources.zoom_liveness_resources
# New STATIC liveness code
static_check = RequestedLivenessCheckBuilder().for_static_liveness().build()
static_resources = session_result.resources.static_liveness_resourcesFor Existing Implementations
No changes required! Your existing ZOOM liveness code will continue to work. You can optionally add STATIC liveness support:
# Add STATIC liveness alongside existing ZOOM liveness
session_spec = (
SessionSpecBuilder()
.with_requested_check(
RequestedLivenessCheckBuilder()
.for_zoom_liveness() # Existing
.with_max_retries(1)
.build()
)
.with_requested_check(
RequestedLivenessCheckBuilder()
.for_static_liveness() # New
.with_max_retries(3)
.with_manual_check_never()
.build()
)
# ... other configuration
.build()
)v2.14.4
Updated
** Updated protobuf dependency from 3.20.3 to >=4.21.12 for improved compatibility and security
** Reorganized protobuf modules to original API structure
** Dependency Updates:** All relevant libraries have been updated to ensure compatibility with Python 3.12.
** Updated GitHub Actions workflows for faster CI execution
** Enhanced example applications with updated dependency requirements
** Improved backward compatibility while supporting modern protobuf versions
v2.14.3
Added
Python 3.12 Support: The project supports Python 3.12.
Dependency Updates: All relevant libraries have been updated to ensure compatibility with Python 3.12.
v2.14.2
Changed
- Update to
protobuf==4.21.12 - Set
protobuf==3.20.1in setup.py
v2.14.1
v2.14.0
Added
- Supplementary document support (Doc Scan)
DynamicPolicyBuilder().with_document_images()accept_self_assertedoption can now be passed toDynamicPolicyBuildermethods
Fixed
DocScanClient.get_media_content()will now returnNonefor204no content responses (Doc Scan)
v2.13.0
Doc Scan
Added
- Support for ID document comparison checks
- Ability to block the collection of biometric consent
- Allow the configuration of the
manual_checkvalue for requested Document Authenticity checks - Add support for chip data
RequestedTextExtractionTaskBuilder().with_chip_data_desired()RequestedTextExtractionTaskBuilder().with_chip_data_ignore()IdDocumentResourceResponseproperty:document_id_photo
- Add support for document page frames
Fixed
RequestedDocumentAuthenticityCheckBuilder.build()is no longer static. Python 2 implementations must change this toRequestedDocumentAuthenticityCheckBuilder().build()