RC 419

Internal

• Facial Match: Update more language (#11301)
• Identity Proofing: Update code to reflect program language (#11296)
• Logging: Add liveness flag to all relevant events. (#11292)
• Tooling: Add SQLite support to query-cloudwatch command (#11291)

Upcoming Features

• split doc auth: Adding feature tests for more code coverage in prep for split doc auth FF enabling (#11263)

RC 418

User-Facing Improvements

• Identity verification: Verify license expiration dates with AAMVA. (#11283)
• Account verified email: Prompt user to return to SP (#11295)

Bug Fixes

• Sign up: Add request id (#11286)

Internal

• Analytics: Add app_differentiator field to events (#11262)

Upcoming Features

• Identity verification: Send phone number to Socure (#11272)

RC 417

Bug Fixes

• In-person proofing: Update USPS Proofing Results Job exclude overwriting profile deactivation reason (#11261)

Internal

• Deploy: Deploy to EKS (#11231)
• In-person proofing: Accept String when scrubbing sponsor id with ipp helper (#11269)
• Reporting: Fix database query timeout in report (#11284)
• Reporting: Add Idv legacy to biometric conversion (#11276)

RC 416

User-Facing Improvements

• Identity verification: Added new selfie capture heading to selfie step in for split doc auth (#11241) (#11241)

Bug Fixes

• In-person Proofing: Add validation for PO search that matches other address field validations (#11224) (#11224)

Internal

• Account Management: Include identity-verified status in account reset delete event (#11236)
• Code Quality: Remove unused variant for phone input component (#11260)
• Dependencies: Update google-protobuf (#11273)
• Dependencies: Update dependency to latest version (#11257)
• Dependencies: Update Puma (#11271)
• Identity verification: Prevent errors during verify info step due to missing session id. (#11254)
• Protocols: Update saml_idp gem version (#11270)
• Webauthn Setup: Move aaguid call in webauthn setup form (#11248)

Upcoming Features

• reCAPTCHA: Add reCAPTCHA disclaimer text to sign-in page (#11253)

RC 415

User-Facing Improvements

• Reports: Verified (event) field in Drop Off report description and calculation updated for accuracy (#11234)

Bug Fixes

• Personal Keys: Fix double personal key generation when using personal key as second factor (#11227)

Internal

• In-person proofing: Set state id controller feature flag to true in test (#11217)

Upcoming Features

• doc auth: Seperate selfie and doc capture into seperate form pages (steps) based on FF (#11194)

RC 414

Internal

• Analytics: Document analytics properties (#11220, #11226)
• Dependencies: Update ruby-saml (#11228)
• Mock Proofer: Improve accuracy of mocker proofer analytics (#11223)
• Performance: Remove unused CSS styles (#11221)
• Reporting: Remove older report for invoices (#11216)
• Spec improvements: Consolidated some feature specs for speed and reduced duplication. (#11165)

Upcoming Features

• Authentication Context: Adds new values for service mapping migration (#11208)

RC 413

User-Facing Improvements

• Backup Codes: Add client-side pattern validation for backup codes (#11175)
• In-person proofing: State ID form workaround to improve user experience around aggressive browser autofill behavior (#11184)

Internal

• Analytics: Remove unused analytics events (#11215)
• Analytics: Remove redundant analytics compacting (#11213)
• Automated Testing: Run automated accessibility tests for account pages (#11191)
• Code Quality: Simplify and standardize card styling (#11177)
• Data Normalization: Add a backfill script to (#11180)
• DocAuth: Log receipt of Socure webhooks (#11183)
• Forms: Support changing error strings after ValidatedFieldElement connected (#11207)
• In-person proofing: The "Exit Login.gov" button on (#11211)
• In-person proofing: Scrub sponsor id from logs (#11135)
• SAML: Update saml_idp version to 0.22.0 (#11192)
• doc auth: Adding selfie attempts to doc auth image upload vendor submitted event log (#11163)
• i18n: Look for "invalid" characters in our i18n strings (#11185)
• reporting: Fix flaky test failures (#11214)

Upcoming Features

• Fraud Prevention: Assign reCAPTCHA A/B test bucket for missing user (#11210)
• Fraud Prevention: Add CSP allowlisting for reCAPTCHA at sign in (#11201)
• Partner Email Select: Improve accessibility labeling for email selection fields (#11212)

!!! Invalid Changelog Entries !!!
LG-14196 | idv_consent_given -> idv_consent_given_at (#11168)

RC 412

Internal

• Accessibility Tests: Run Axe scan against all WCAG 2.0-2.2 A & AA (#11189)
• Logging: Log more context of contextless KMS (#11199)
• Logging: Don't log "[REDACTED]" fields in TMX response since they are useless (#11158)
• Performance: Reduce size of application stylesheet (#11176)
• Performance: Use picture element to avoid unnecessary image load (#11182)
• Performance: Optimize code conditions to avoid unnecessary database queries (#11197)
• Refactoring: Refactor saml_request.requested_ial_authn_context calls to single place (#11160)

Upcoming Features

• Partner Email Selection: Update layout arrangement for connected accounts (#11181)
• Partner Shared Email: Add option to change selected email shared with partner (#11196)
• Partner account: Select email to share with partner (#11172)

RC 411

User-Facing Improvements

• Connected Accounts: Return user to connected accounts when cancelling revocation (#11178)

Internal

• Dependencies: Update dependency to resolve security advisory (#11173)
• Logging: Log the context of contextless KMS (#11174)
• Reporting: Update LG-99 Report Layout (#11166)
• Webauthn Setup: Add aaguid for webauthn configuration (#11138)

Upcoming Features

• Fraud Prevention: Implement configurable percent tested reCAPTCHA at sign-in (#11148)
• Identity verification: Add background job for Socure KYC proofing (#11139)

RC 410.1

Merge pull request #11171 from 18F/stages/rc-2024-08-29-patch-1

Deploy RC 410.1 to production