4.0.0

• BREAKING: Removed deprecated TransactionReport.Builder(InetAddress, Tag)
  constructor. Use Builder(Tag) and ipAddress(InetAddress) instead.
• BREAKING: Removed deprecated getUrl() methods from HttpException and
  InvalidRequestException. Use uri() instead.
• BREAKING: Removed deprecated constructors from FactorsResponse,
  InsightsResponse, and Phone classes.
• BREAKING: Removed deprecated Subscores class and
  FactorsResponse.getSubscores() method. Use getRiskScoreReasons()
  instead.
• BREAKING: Java 17 is now required (previously Java 11).
• BREAKING: Updated geoip2 dependency to 5.0.0-SNAPSHOT. This introduces
  several breaking changes due to changes in the geoip2 library:
  • The IpAddress class no longer extends InsightsResponse from geoip2.
    It now uses composition instead. All public methods remain the same, but
    code relying on IpAddress being an InsightsResponse will need to be
    updated.
  • The GeoIp2Location class no longer extends Location from geoip2. It
    now stores location data directly. All public methods remain the same, but
    code relying on GeoIp2Location being a Location will need to be
    updated.
  • Removed the getMaxMind() method from the IpAddress class as this data
    is not populated in minFraud responses.
• BREAKING: Converted all response classes to Java records. This change makes
  these classes more concise and provides better immutability guarantees.
  • All get*() accessor methods in response classes are now deprecated and
    will be removed in 5.0.0. Use the automatically generated record accessor
    methods instead (e.g., use riskScore() instead of getRiskScore()).
  • The response class hierarchy has been flattened. InsightsResponse no
    longer extends ScoreResponse, and FactorsResponse no longer extends
    InsightsResponse. Instead, InsightsResponse and FactorsResponse now
    include all fields from their former parent classes directly.
  • All response classes now implement JsonSerializable instead of extending
    AbstractModel. The toJson() method remains available for serialization.
  • Removed the AbstractAddress interface.
• BREAKING: Updated all request classes to use record-style method naming. The
  get prefix has been removed from all accessor methods (e.g., use userId()
  instead of getUserId()). This applies to all request classes including
  Account, Billing, CreditCard, CustomInputs, Device, Email,
  Event, Order, Payment, Shipping, ShoppingCartItem, Transaction,
  and TransactionReport. Unlike response classes, no deprecated helper methods
  were added as these methods are primarily used for serialization.
• BREAKING: Updated exception classes to use record-style method naming. The
  get prefix has been removed from all accessor methods. For HttpException,
  use httpStatus() and uri() instead of getHttpStatus() and getUri().
  For InvalidRequestException, use code(), httpStatus(), and uri()
  instead of getCode(), getHttpStatus(), and getUri(). No deprecated
  helper methods were added.
• Added CREDIT_APPLICATION, FUND_TRANSFER, and SIM_SWAP to the
  Event.Type enum.
• Added the input /event/party. This is the party submitting the
  transaction. You may provide this using the party method on
  Event.Builder.
• Added the input /payment/method. This is the payment method associated
  with the transaction. You may provide this using the method method on
  Payment.Builder.
• Added new email domain fields to the EmailDomain response model:
  • classification - A classification of the email domain. Possible values
    are BUSINESS, EDUCATION, GOVERNMENT, and ISP_EMAIL.
  • risk - A risk score associated with the email domain, ranging from 0.01
    to 99. Higher scores indicate higher risk.
  • volume - The activity on the email domain across the minFraud network,
    expressed in sightings per million. This value ranges from 0.001 to
    1,000,000.
  • visit - An EmailDomainVisit object containing information about an
    automated visit to the email domain, including:
    • status - The status of the domain based on the automated visit.
      Possible values are LIVE, DNS_ERROR, NETWORK_ERROR, HTTP_ERROR,
      PARKED, and PRE_DEVELOPMENT.
    • lastVisitedOn - The date when the automated visit was last completed.
    • hasRedirect - Whether the domain redirects to another URL.
• Added support for forward-compatible enum deserialization. Enums in response
  models will now return null for unknown values instead of throwing an
  exception. This allows the client to handle new enum values added by the
  server without requiring an immediate client update. This required adding
  READ_ENUMS_USING_TO_STRING and READ_UNKNOWN_ENUM_VALUES_AS_NULL to the
  Jackson ObjectMapper configuration.
• Added SECUREPAY to the Payment.Processor enum.
• WebServiceClient.Builder now has an httpClient() method to allow
  passing in a custom HttpClient.

3.8.0

• commons-validator has been removed as a dependency. This module now does
  its own email and domain name validation. This was done to reduce the number
  of dependencies and any security vulnerabilities in them. The new email
  validation of the local part is somewhat more lax than the previous
  validation.

3.7.2

• First release using Central Portal instead of Legacy OSSRH.
• Update geoip2 dependency.

3.7.1

• Updated pom.xml to fix issue with javadoc generation during the release
  process.

3.7.0

• Added support for the /billing_phone/matches_postal and
  /shipping_phone/matches_postal outputs. These are available as the
  matchesPostal method on com.maxmind.minfraud.response.Phone.
• Added CRYPTOMUS to the Payment.Processor enum.

3.6.0

• The minFraud Factors subscores have been deprecated. They will be removed
  in March 2025. Please see our release notes
  for more information.
• Added EPAYCO to the Payment.Processor enum.

3.6.0-beta.1

• Added support for the new risk reasons outputs in minFraud Factors. The risk
  reasons output codes and reasons are currently in beta and are subject to
  change. We recommend that you use these beta outputs with caution and avoid
  relying on them for critical applications.

3.5.0

• Updated TransactionReport to make the ipAddress parameter optional. Now
  the tag and at least one of the following parameters must be supplied:
  ipAddress, maxmindId, minfraudId, transactionId.
• The TransactionReport.Builder(INetAddress, Tag) constructor has been
  deprecated in favor of the new TransactionReport.Builder(Tag) constructor.
• Added getBillingPhone and getShippingPhone methods to the minFraud
  Insights and Factors response models. These contain objects with information
  about the respective phone numbers. Please see our developer
  site for
  more information.
• Added PAYCONEX to the Payment.Processor enum.

3.4.0

• Added PXP_FINANCIAL and TRUSTPAY to the Payment.Processor enum.
• Equivalent domain names are now normalized when hashAddress is used.
  For example, googlemail.com will become gmail.com.
• Periods are now removed from gmail.com email address local parts when
  hashAddress is used. For example, [email protected] will become
  [email protected].
• Fastmail alias subdomain email addresses are now normalized when
  hashAddress is used. For example, [email protected] will become
  [email protected].
• Additional yahoo.com email addresses now have aliases removed from
  their local part when hashAddress is used. For example,
  [email protected] will become [email protected] for additional
  yahoo.com domains.
• Duplicate .coms are now removed from email domain names when
  hashAddress is used. For example, example.com.com will become
  example.com.
• Certain TLD typos are now normalized when hashAddress is used. For
  example, example.comcom will become example.com.
• Additional gmail.com domain names with leading digits are now
  normalized when hashAddress is used. For example, 100gmail.com will
  become gmail.com.
• Additional gmail.com typos are now normalized when hashAddress is
  used. For example, gmali.com will become gmail.com.
• When hashAddress is used, all trailing periods are now removed from an
  email address domain. Previously only a single period was removed.
• When hashAddress is used, the local part of an email address is now
  normalized to NFC.

3.3.0

• Updated geoip2 dependency to version that includes the isAnycast method
  on com.maxmind.geoip2.record.Traits. This returns true if the IP
  address belongs to an anycast network.
  This is available in minFraud Insights and Factors.