# Version 2.0.0.2 Released ### Version 2.0.0.2 Released **Date: 29th Mar 2026** **Feature Release: Crypto Trading (Delta Exchange), RMoney Broker, Broker-Exchange Separation, Security Hardening & Performance** This is a feature release featuring **158 commits** (excluding auto-builds) from **17 contributors**, focused on full crypto trading support via Delta Exchange (24/7 markets, fractional quantities, leverage), RMoney broker integration, dynamic broker-exchange separation across all 31 brokers, comprehensive WebSocket FD audit (Phase 2) across 8 more streaming adapters, a 5x startup performance improvement, AliceBlue V3 and Flattrade V2 API upgrades, Zebu OAuth 2.0 migration, event bus architecture, and deep security hardening. *** **Highlights** * **Crypto Trading (Delta Exchange)** - Full cryptocurrency trading support with 24/7 market calendar, fractional quantities, leverage configuration, perpetual/options contracts, and crypto-aware UI across TradingView, GoCharting, Token Search, and Playground pages * **RMoney Broker Integration** - Complete new broker integration including orders, WebSocket streaming, master contracts, funds, margins, multiquotes, and index symbol normalization * **Broker-Exchange Separation** - Dynamic exchange capabilities per broker via `plugin.json` metadata for all 31 brokers, with frontend auto-adapting UI elements (product types, holdings, leverage) for stock vs crypto brokers * **Security Dashboard** - New security dashboard with auto-ban toggle, table sorting, and IP management hardening * **Straddle PnL Simulator** - New options analytical tool for simulating straddle profit/loss scenarios * **WebSocket FD Audit (Phase 2)** - File descriptor leak fixes across 8 additional broker streaming adapters (Wisdom, iBulls, JainamXTS, IIFL, Compositedge, FivePaisaXTS, Mstock, Motilal) * **5x Startup Speedup** - Reduced application startup time from 7–9s to \~1.6s via lazy imports, saving \~180MB RAM * **AliceBlue V3 & Flattrade V2** - Major broker API version upgrades * **Zebu OAuth 2.0 Migration** - Migrated Zebu from TOTP login to OAuth 2.0 authentication * **Event Bus Architecture** - Decoupled order side-effects via new event bus system with eventlet compatibility * **Deep Security Audits** - 3 high-severity and 5 medium-severity findings patched, plus 6 CVE fixes *** **New Features** **Crypto Trading Support (Delta Exchange)** * Full cryptocurrency trading with fractional spot quantities on Delta Exchange * 24/7 market calendar system for crypto exchanges (no auto-logout) * Leverage configuration page for crypto brokers with validation * Broker capabilities API endpoint and frontend Zustand store * Dynamic exchange support via `supported_exchanges` in `plugin.json` for all 31 brokers * Wire `useSupportedExchanges` hook into all tools and WebSocket pages * Hide Holdings page and Product column for crypto brokers * Dynamic exchanges and product hiding for crypto on TradingView, GoCharting, and Token Search * Dynamic WebSocket presets for crypto in Playground * Crypto Bruno collection and broker-aware Playground loading * Subscribe to BTCUSDFUT for crypto option chain live underlying price * Conditionally show Leverage page for crypto brokers only * Add migration for `contract_value` column in symtoken table * Add CRYPTO to schema validations * Show combined spot+FNO wallet balance in INR for Delta Exchange **RMoney Broker Integration (New)** * Complete broker integration from scratch — auth, order APIs, WebSocket streaming * Master contract download and data REST APIs * Funds API, Margin API, Multiquotes * Common NSE/BSE index symbol normalization * Added to all broker lists across install scripts and documentation **Straddle PnL Simulator** * New Straddle PnL Simulator page (`/straddlepnl`) for options strategy analysis **Security Dashboard** * Security dashboard with auto-ban toggle, table sorting, and hardening **Event Bus Architecture** * Event bus for decoupled order side-effects (Telegram notifications, logging) * Resolve greenlet crash in event bus subscribers under eventlet **Infrastructure & Deployment** * Domain change script for existing server deployments * Update scripts for Linux and Windows * Add Delta Exchange broker to install scripts and documentation * Logout confirmation dialog warning about automated orders **Frontend Enhancements** * Toast notifications for CSV export across all trading pages * CSV export respects active filters in OrderBook and TradeBook * Add MCX/CDS default underlyings to `useSupportedExchanges` * Dynamic webhook URL based on TradingView alert mode *** **Broker-Specific Changes** **Delta Exchange (New Crypto Broker)** * Full crypto trading support with fractional quantities for spot and derivatives * 24/7 market calendar and auto-logout disabled * Leverage configuration with fractional rejection and retry on fetch error * Crypto perpetual symbol lookup and expiry support * Correct crypto exchange mapping, depth validation, and broker quotes * Source session P\&L from positions endpoint * Fix fractional spot quantity truncation in margin calculation * Safe-parse tradedQuantity and tradedPrice in tradebook transform * Filter orders and trades by current day * Cancel all orders includes GTC orders from prior days * Retry-on-transient-error for data API with read timeout support * Format Delta Exchange symbols to OpenAlgo convention * Resolve correct perpetual underlying for crypto options **RMoney (New Broker Integration)** * Complete implementation: auth, orders, WebSocket, funds, margins, multiquotes * Master contract download and data REST APIs * Common NSE/BSE index symbol normalization * Fix file descriptor leaks in XTS WebSocket streaming **Zebu** * Migrate from TOTP login to OAuth 2.0 authentication * Fix MARKET order price handling and WebSocket disconnect deadlock * Fix order status, positions, MPP tick\_size, and WebSocket stability * Resolve file descriptor leaks in WebSocket adapter **AliceBlue** * Upgraded to V3 API * Fix WebSocket resource leaks, index historical data, and Funds realised PNL **Flattrade** * Update to V2 API endpoints and WebSocket payload * Fix WebSocket auth ack type **Fyers** * Fix rate limiting for Funds API * Correct `reformat_symbol_detail` day/year swap (DDMMMYY → correct format) * Add order, trade, and position data mapping and transformation utilities **Angel** * Update base URL, add rate limit retry, and fix limit order price **Dhan** * Sandbox API updated and added mocked WebSockets * Lazy-connect 20-depth WebSocket to preserve connection limit **Shoonya** * Harden WebSocket streaming adapter (13-round FD audit) **Kotak** * Harden WebSocket streaming adapter (9-round FD audit) **Groww** * Make bulk insert atomic to prevent partial data on failure * Optimize master contract download and normalize streaming logs * Add common NSE/BSE index symbol mappings **Motilal** * Add comprehensive NSE/BSE index symbol mappings * Fix WebSocket file descriptor leaks **Mstock** * Fix WebSocket file descriptor leaks * Add common index symbol normalization **Compositedge** * Common index symbol normalization * FD audit for streaming — prevent socket/thread leaks **XTS Brokers (FivePaisaXTS, iBulls, IIFL, JainamXTS, Wisdom)** * Add index symbol normalization for all XTS brokers * FD audit for streaming adapters — prevent socket/thread leaks across all 5 brokers **Upstox** * Handle position fetch failure in margin calculation **Multiple Brokers** * Normalize tick\_size from paise to rupees for Dhan, Firstock, Kotak, Nubra, Shoonya * Coerce order quantity to int for non-crypto brokers *** **Bug Fixes** **WebSocket & Streaming** * FD audit for 6 XTS broker streaming adapters (Wisdom, iBulls, JainamXTS, IIFL, Compositedge, FivePaisaXTS) * Harden Shoonya WebSocket streaming adapter (13-round FD audit) * Harden Kotak WebSocket streaming adapter (9-round FD audit) * Fix WebSocket file descriptor leaks for Mstock and Motilal * Fix WebSocket disconnect deadlock in Zebu adapter * Snapshot `self.ws` before `on_open` callback in `_handle_auth_response` **Frontend & UI** * GoCharting page not showing API key on load * Handle invalid date in orderbook and tradebook for all brokers * Prevent strategy name overflow from hiding dropdown menu on Python Strategy page * Add optional chaining for holiday data in `useMarketStatus` * Stale data warning banner never auto-dismisses (closes #1095) * Preserve user exchange selection during async capability sync * Fallback exchanges, leverage route guard, and async state sync * Clear stale capabilities on no-broker session * Use `makeFormatCurrency` in WebSocketTest instead of hardcoded broker check * Ensure CSV export respects active filters in OrderBook and TradeBook **Orders & Positions** * Use futures symbol for MCX/CDS LTP in optionsmultiorder * Prioritize explicit `expiry_date` and use futures symbol for MCX/CDS LTP * Optimize multi option Greeks to batch API calls (84 → 2) * Inject symbol/exchange keys into failed Greeks responses * `get_first_available_api_key()` returns orphaned/revoked user keys * Coerce order quantity to int for non-crypto brokers **Backend & Server** * Pin gunicorn to 25.x and disable control socket * Replace bare except and silent exception handlers * Resolve greenlet crash in event bus subscribers under eventlet * Revert marshmallow to 3.x (4.x breaks schemas) * Revert llvmlite and pydantic-core to compatible versions * Make `/api/v1/telegram/notify` non-blocking by default * Prevent test-message endpoint from returning 500 on timeout * Fallback to plain text when Telegram Markdown parsing fails * Clean up `logs_session` in SecurityMiddleware for banned IP requests * Add graceful shutdown for strategy order processor queue * Guard ZMQ cleanup in `stop()` to prevent "not a socket" error on Ctrl+C * Force master contract re-download on broker change * Dynamic webhook URL based on TradingView alert mode * Correct 2026 market holiday calendar per official NSE/MCX circulars * Normalize tick\_size from paise to rupees for 5 brokers * Remove duplicate code block causing IndentationError in brlogin.py *** **Security** * Patch 3 high-severity security findings from deep audit * Patch 5 medium-severity security findings from deep security audit * Patch 3 security vulnerabilities (CVE Dependabot #105, #106, #107) * Upgrade PyJWT to 2.12.0 (security fix) * Update requests 2.32.5 → 2.33.0 (security patch) * Patch npm vulnerabilities (socket.io-parser, picomatch) * Bump svgo 4.0.0 → 4.0.1 (CVE-2026-29074) * Bump tornado 6.5.4 → 6.5.5 (CVE-2025-47287) * Replace bare except and silent exception handlers across codebase * Security dashboard with auto-ban toggle and IP management *** **Performance** * Reduce startup time from 7–9s to \~1.6s (5x speedup) * Lazy-load heavy imports to reduce startup RAM by \~180MB * Lazy-load python-telegram-bot library to reduce startup RAM * Move startup logs to debug level to reduce log noise * Optimize multi option Greeks to batch API calls (84 → 2 requests) *** **Refactoring & Code Quality** * Refactor code structure for improved readability and maintainability * Move Bruno collections to `IN_stock` subfolder * Add Google-style docstrings to utils module * Add type hints and docstrings to `security_middleware.py` * Correct `check_tmp_noexec` return type annotation * Move `test_orphaned_apikey.py` to `test/` directory * Add missing file header comments to broker `funds.py` files * Add aria-label attributes to icon-only buttons for screen reader accessibility * Remove `frontend/dist` from version control (CI/CD builds it) *** **Documentation** * Rewrite CONTRIBUTING.md for React 19 + uv stack * Add incremental contribution policy to CONTRIBUTING.md * Allow new broker integrations as single PR in contribution policy * Update README to enhance description of OpenAlgo and supported brokers * Update README YouTube video tutorial link * Broker-exchange separation audit for stock vs crypto UI * Crypto PR audit report for Delta Exchange integration *** **Dependencies** **Python** * Bump the python-minor group with 22 updates + 13 additional updates * requests 2.32.5 → 2.33.0 * PyJWT → 2.12.0 * pytz 2025.2 → 2026.1.post1 * bcrypt 4.1.3 → 5.0.0 * cachetools 5.3.3 → 7.0.4 * markdown-it-py 3.0.0 → 4.0.0 * limits 3.13.0 → 5.8.0 * flask-limiter 3.7.0 → 4.1.1 * pyarrow 22.0.0 → 23.0.1 * tornado 6.5.4 → 6.5.5 * openalgo 1.0.45 → 1.0.46 * gunicorn pinned to 25.x * marshmallow 4.2.2 reverted to 3.x (compatibility) **Frontend** * svgo 4.0.0 → 4.0.1 * socket.io-parser security patch * picomatch security patch *** **Contributors** Special thanks to all contributors who made this release possible: * @Kalaiviswa (kalaivani) — Crypto broker support, broker-exchange separation, WebSocket FD audits (Phase 2), security dashboard, leverage page, event bus * @rochronaldo (roch ronaldo) — RMoney broker integration * @BashabBhattacharjee (Bashab Bhattacharjee) — Delta Exchange crypto support, fractional quantities, Zebu OAuth 2.0 migration * @Sadhanandhann — Dhan sandbox API and mocked WebSockets * @GahanShetty (Gahan Shetty) — AliceBlue V3 upgrade * @sugatmankar — Groww index symbol mappings * @shubhamlodha21 — Flattrade WebSocket auth fix * @preet225 — Angel rate limiting and base URL fixes * @crypt0inf0 — Delta Exchange fixes * @Profesooor — Fyers symbol detail fix * @PratimaPrit — Accessibility improvements * @LuckyAnsari22 — Motilal index symbol mappings * @JaredW — Security middleware docstrings * @jagatsingh (Jagat Singh) — Dhan lazy WebSocket connect * @HirenThakore (Hiren Thakore) — RMoney XTS WebSocket FD fix * @DeepanshuGoyal (Deepanshu Goyal) — Aliceblue V3 Integration *** *** **Links** * **Repository**: * **Documentation**: * **Discord**: * **YouTube**: *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.openalgo.in/change-log/release/version-2.0.0.2-released.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.