RC 438

User-Facing Improvements

• Account screen: Add a new link to return to the service provider for verified users who have not connected their account yet. (#11606)

Internal

• Automated Testing: Improve test setup for enrolling profiles (#11315)
• Dcoumentation: Add Frontend documentation for Images best practices (#11613)
• Documentation: Expand on form pattern documentation validation, error handling (#11611)
• OpenID Connect: Validate identity provider public/private keys (#11612)

Upcoming Features

• socure: Reuse socure valid urls (#11555)

RC 437.1

Bug Fixes

• SAML Integration: Adding condition to allow no certs if integration has block_encryption set to none

RC 437

User-Facing Improvements

• Doc Auth: Update text on how to verify page for mobile non selfie flow (#11592)
• Integration Experience: Adding a better error for a testing scenario (#11609) (#11609)
• Verify-by-mail: A CTA was added to prompt users to return to the service provider after verify-by-mail (#11602)

Bug Fixes

• Face/Touch Recommendation: Fix edge case for duplicate submission in recommendation (#11608)

Internal

• Analytics: Update signature query to use more accurate event (#11570)
• Anti-Fraud: Omit policy_details_api from ThreatMetrix response body logging (#11601)
• In-person Proofing: Cancel in-person enrollments when profiles are deactivated due to encryption error. (#11585)
• RSpec Matchers: Adds match_xml matcher and cleans up gross fixture (#11599)

Upcoming Features

• socure: Socure analytics (#11581)

RC 436

Internal

• Analytics: Add additional logging details for partner email selection (#11550)
• Anti-Fraud: Associate user_id for reCAPTCHA result analytics of failed sign-in (#11580)
• Code Cleanup: Remove legacy favicon assets (#11582)
• Dependencies: Update dependency to resolve security advisory (#11589)
• Dependencies: Update dependencies to latest version (#11590)
• In-person proofing: Audit and update test mock data and helper functions for ipp (#11573)
• Reporting: Exclude old IAAs from Combined Invoice Supplement Report V2 (#11597)
• logging bugfix: Add logging event for connected accounts page visit (#11554)
• reCAPTCHA: Configure timeouts for reCAPTCHA requests

Upcoming Features

• Authentication: Threatmetrix API add local_attribute_1 for user when available (#11575)
• IdV Socure: Default users requiring facial match to LN (#11531)
• SAML: Update saml_idp gem to add support for AES-GCM encryption algorithms (#11593)
• Socure: Added nice error display for Socure failures (#11560)
• desktop f/t unlock: A/B setup for desktop f/t unlock (#11347)

RC 435

User-Facing Improvements

• Authentication: Service provider email selection max email limit (#11551)
• In-person Proofing: Add warning banner to password reset email when the user has an in-progress in-person enrollment (#11547)

Internal

• AAMVA DLDV: Send additional attributes to AAMVA (#11565)
• Analytics: Remove unused event parameter from RedirectController (#11576)
• Deploy: Fetch latest origin as part of deploy PR script (#11563)
• Document Authentication: Read additional document data from TrueID when configured to do so (#11559)
• Error Logging: Exempt additional WebAuthn error logging as expected (#11577)
• In-person proofing: Remove old skip_doc_auth variable from session (#11569)
• Reporting: Feature flag (#11556)
• Reporting: Optimize Query (#11574)

Upcoming Features

• Socure: Model Socure shadow mode as an A/B test (#11544)
• socure: Socure analytics logging (#11509)

RC 434

Bug Fixes

• Code Revert: Revert changes introduced in 7621932 (#11510)
• Code Revert: Revert changes introduced in a419d8c (#11457)
• In-person proofing: Fixes redirect for put for state id routes renaming (#11545)

Internal

• A/B Tests: Fix logging for A/B test to recommend platform authenticator to SMS users (#11549)
• Analytics: Upgrade Digital Analytics Program to v8.4 release (#11539)
• Analytics: Add tracking for sha256 change (#11552)
• Analytics: Document analytics event parameters (#11536, #11537)
• Documentation: Document usage of Lookbook for ViewComponents (#11540)
• Facial Match: Clean up config post-GA (#11533)
• Logging: Log requesting signing and certificate serial in SAML Auth Request event (#11558)
• Performance: Add preload headers for all style, script assets (#11504)
• Reporting: Do not return User UUID in requesting_issuer_uuid when generating user report (#11553)
• Reporting: Update MKMR to split verified useres by facial matching (#11557)
• Scripts: Update DataRequest script to compute requesting issuer and have configurable depth (#11541)

RC 433

Bug Fixes

• Authentication Apps: Fix error code for invalid format mentioning code sent to phone (#11521)

Internal

• Analytics: Store correct vendor name in ProofingComponents (#11499)
• Analytics: Exclude stale sessions in IAL2 usage query (#11528)
• In-person proofing: Remove old skip_doc_auth variable (#11455)
• Reporting: Remove system tbale and updatesentitive missed tags (#11514)

RC 432

User-Facing Improvements

• F/T Unlock passkeys: Prefer residentKey for webauthn platform authenticators (#11489)

Bug Fixes

• Socure: Redirect to the capture complete page on success. (#11522)

Internal

• Dependencies: Update NPM dependencies to resolve security advisories (#11517)
• In-person proofing: Remove IPP+GPO scenario from step indicator concern (#11519)
• In-person proofing: Small cleanup related to removing dav_flag (#11508)
• Maintenance: Update postgres versions used in CI (#11518)
• Maintenance: Update knapsack testing report (#11505)

Upcoming Features

• Identity Verification: Handle Socure handoff. (#11473)

RC 431

User-Facing Improvements

• In-Person Proofing: Update the translations for the IPP option on the doc auth error page. (#11483)
• In-person proofing: Add optional results section heading pro for FullAddressSearch component (#11424)
• Localization: Improve Spanish translation for reCAPTCHA disclosure (#11493)

Bug Fixes

• Accessibility: Avoid focus loss on submit button when submitting form (#11482)
• Data Warehouse: Only export stats for tables with integer id columns (#11502)

Internal

• A/B Tests: Log A/B test buckets for Face/Touch recommend visited (#11496)
• Analytics: Add identifier for explicit frontend error logging (#11481)
• Anti-Fraud: Avoid setting reCAPTCHA token on failed execute (#11503)
• Automated Tooling: Exclude telephony strings from font glyph scraper (#11487)
• Containerization: Adding nginx image for k8s deployment (#11480)
• Dependencies: Replace Webpack dev server with zero-dependency alternative (#11485)
• Doc Auth Socure: Configure upload_disabled for socure (#11464)
• Documentation: Update port forwarding instructions for Android (#11495)
• IdV resolution: Error routing for vendor API exceptions (#11459)
• In-person Proofing: Adding graceful error handling and analytics in public usps locations controller (#11470)
• Maintenance: Remove review-app image build (#11501)
• Maintenance: Update identity-hostdata and redis-session-store to support Rails 8 (#11497)
• reCAPTCHA: Improve race condition handling for slow reCAPTCHA load (#11451)

Upcoming Features

• Document Authentication: Socure webhook event attribute updates (#11490)
• Partner Email Selection: Reset selected email session value on email deletion (#11492)
• Partner Email Selection: Fix HTML escaping for partner email sharing (#11491)
• socure: Reset socure docv url (#11498)
• socure: Remove customerUserID from document request to socure (#11486)

RC 430

User-Facing Improvements

• In-person proofing: Fix barcode page due date format for spanish, french, and chinese translations; Improve spanish translation for information alert. (#11398)
• Partner account: Confirm link leads to partner sign-in (#11439)
• Translations: Fix errant piv/cac capitalization (#11478)

Bug Fixes

• Code Revert: Revert changes introduced in 4e8a421 (#11430)
• Threatmetrix Account creation: Fixes issue with resubmission with TMX enabled for Account creation (#11471)
• Translations: Updates Simplified Chinese strings (#11461)

Internal

• Analytics: Fix duplicate logging for successful email confirmation (#11466)
• Automated Testing: Fail static analysis linting when warning messages emitted (#11458)
• Form Validation: Alias FormResponse#to_hash to #to_h (#11476)
• Performance: Remove unused email styles (#11484)
• Performance: Extract shared email confirmation behavior as needed (#11467)
• Upcoming Features: Ensure user can't switch IdV vendors while capturing. (#11425)

Upcoming Features

• Account creation: Threat metrix addiition (#11340)
• Email Sharing: Update email sharing content to be clearer to users (#11468)
• Fraud Mitigation: Add UI to simulate ThreatMetrix result in authentication (#11469)
• Identity Verification: Handle Socure handoff. (#11463)
• socure: Implement handle_connection_error for socure requests (#11430, #11477)
• socure vendor: Setting socure capture app url in document sessions table (#11475)