Releases: 18F/identity-idp
Releases · 18F/identity-idp
RC 442
User-Facing Improvements
- In-person Proofing: Add translations for temp copy about Jan 9 post office closure (#11709)
- In-person Proofing: Add in-person post office closed email for January 9th closures. (#11702)
- In-person proofing: Conditionally render Post Office Closed alert banner on Ready to Verify View and Email (#11707)
Bug Fixes
- Fraud prevention: Limit query for timeframe expired event (#11696)
- Logging: Include jurisdiction_in_maintenance_window in result when AAMVA raises exception (#11700)
Internal
- AAMVA Support: NH and OK were added to the list of AAMVA supported states (#11708)
- Attempts API: Implement ability to create and store Attempts API events (#11692)
- Face or Touch Unlock: Logging for users in FT unlock setup ab test (#11683)
- Face or Touch Unlock: Logging for users in FT unlock setup ab test (#11710)
- In-person proofing: Add submit_attempts property to try again and IPP fallback doc auth troubleshooting events (#11682)
- Maintenance: Update newrelic_rpm gem (#11699)
- Performance: Move condition check above potential database queries (#11706)
- Refactoring: Use more descriptive method last_sign_in_email_address (#11688)
- Sample apps: Include protocol in sample app friendly names (#11712)
Upcoming Features
- Anti-Fraud: Override CSP for ThreatMetrix based on feature-specific config (#11678)
RC 441
2024-12-31T163822
This tag was signed with the committer’s verified signature.
mitchellhenke
Mitchell Henke
RC 440
User-Facing Improvements
- Accessibility: skipnav container no longer blocks content at large zoom levels (#11676)
Bug Fixes
- Doc Auth: Fix "Try again" button opening up Selfie SDK (#11661)
- Partner agency: Prevent blank submission of preferred email form (#11568)
Internal
- Code Quality: Simplify code using newly-available JavaScript features (#11666)
- Dependencies: Drop dependencies in favor of Node.js native utilities (#11648)
- Document Authentication: Repeat webhooks for docv (#11633)
- Enable Chinese in staging: Delete production available_locales to use default which includes zh (#11668)
- IdV Analytics: Make IdV event enhancement opt-out (#11588)
- In-person proofing: Delete deprecated FSM state ID url (#11655)
- In-person proofing: Move STEP_INDICATOR_STEP constants out of InPersonFlow (#11607)
- Socure: Cleanup of error handling (#11595)
- Static Analysis: Fix custom linter for configurable mail delivery (#11642)
- Testing: Add rubocop-capybara (#11669)
Upcoming Features
RC 439
User-Facing Improvements
- Authentication with SP: Change link from add email to change email (#11594)
- In-Person proofing: Add translations for IPP Password Reset Email (#11645)
Internal
- Analytics: Add integration error event (#11615)
- Analytics: Remove support for allowed_extra_analytics (#11647)
- Analytics: Remove support for wildcard allowed_extra_analytics (#11643)
- Analytics: Document analytics events (#11634)
- CI: Update image source from dockerhub to AWS Public ECR (#11641) (#11641)
- Documentation: Fix documentation formatting (#11640)
- Linting: Fix dot position (#11631) (#11631)
- Maintenance: Update actionpack to address security vulnerability (#11630)
- Maintenance: Update to Ruby 3.3.6 and Node 22 (#11605)
- Maintenance: Update simpleidn and faker gems (#11646)
- OpenID Connect: Support two OIDC key-pairs (#11626)
- OpenID Connect: Simplify OIDC Logout validation (#11644)
- SP Configuration: Add the ability to specify a locale in a redirect URL (#11620)
RC 438
User-Facing Improvements
- Account screen: Add a new link to return to the service provider for verified users who have not connected their account yet. (#11606)
Internal
- Automated Testing: Improve test setup for enrolling profiles (#11315)
- Dcoumentation: Add Frontend documentation for Images best practices (#11613)
- Documentation: Expand on form pattern documentation validation, error handling (#11611)
- OpenID Connect: Validate identity provider public/private keys (#11612)
Upcoming Features
- socure: Reuse socure valid urls (#11555)
RC 437.1
Bug Fixes
- SAML Integration: Adding condition to allow no certs if integration has block_encryption set to none
RC 437
User-Facing Improvements
- Doc Auth: Update text on how to verify page for mobile non selfie flow (#11592)
- Integration Experience: Adding a better error for a testing scenario (#11609) (#11609)
- Verify-by-mail: A CTA was added to prompt users to return to the service provider after verify-by-mail (#11602)
Bug Fixes
- Face/Touch Recommendation: Fix edge case for duplicate submission in recommendation (#11608)
Internal
- Analytics: Update signature query to use more accurate event (#11570)
- Anti-Fraud: Omit policy_details_api from ThreatMetrix response body logging (#11601)
- In-person Proofing: Cancel in-person enrollments when profiles are deactivated due to encryption error. (#11585)
- RSpec Matchers: Adds match_xml matcher and cleans up gross fixture (#11599)
Upcoming Features
- socure: Socure analytics (#11581)
RC 436
Internal
- Analytics: Add additional logging details for partner email selection (#11550)
- Anti-Fraud: Associate user_id for reCAPTCHA result analytics of failed sign-in (#11580)
- Code Cleanup: Remove legacy favicon assets (#11582)
- Dependencies: Update dependency to resolve security advisory (#11589)
- Dependencies: Update dependencies to latest version (#11590)
- In-person proofing: Audit and update test mock data and helper functions for ipp (#11573)
- Reporting: Exclude old IAAs from Combined Invoice Supplement Report V2 (#11597)
- logging bugfix: Add logging event for connected accounts page visit (#11554)
- reCAPTCHA: Configure timeouts for reCAPTCHA requests
Upcoming Features
- Authentication: Threatmetrix API add local_attribute_1 for user when available (#11575)
- IdV Socure: Default users requiring facial match to LN (#11531)
- SAML: Update saml_idp gem to add support for AES-GCM encryption algorithms (#11593)
- Socure: Added nice error display for Socure failures (#11560)
- desktop f/t unlock: A/B setup for desktop f/t unlock (#11347)
RC 435
User-Facing Improvements
- Authentication: Service provider email selection max email limit (#11551)
- In-person Proofing: Add warning banner to password reset email when the user has an in-progress in-person enrollment (#11547)
Internal
- AAMVA DLDV: Send additional attributes to AAMVA (#11565)
- Analytics: Remove unused event parameter from RedirectController (#11576)
- Deploy: Fetch latest origin as part of deploy PR script (#11563)
- Document Authentication: Read additional document data from TrueID when configured to do so (#11559)
- Error Logging: Exempt additional WebAuthn error logging as expected (#11577)
- In-person proofing: Remove old skip_doc_auth variable from session (#11569)
- Reporting: Feature flag (#11556)
- Reporting: Optimize Query (#11574)
Upcoming Features
RC 434
Bug Fixes
- Code Revert: Revert changes introduced in 7621932 (#11510)
- Code Revert: Revert changes introduced in a419d8c (#11457)
- In-person proofing: Fixes redirect for put for state id routes renaming (#11545)
Internal
- A/B Tests: Fix logging for A/B test to recommend platform authenticator to SMS users (#11549)
- Analytics: Upgrade Digital Analytics Program to v8.4 release (#11539)
- Analytics: Add tracking for sha256 change (#11552)
- Analytics: Document analytics event parameters (#11536, #11537)
- Documentation: Document usage of Lookbook for ViewComponents (#11540)
- Facial Match: Clean up config post-GA (#11533)
- Logging: Log requesting signing and certificate serial in SAML Auth Request event (#11558)
- Performance: Add preload headers for all style, script assets (#11504)
- Reporting: Do not return User UUID in requesting_issuer_uuid when generating user report (#11553)
- Reporting: Update MKMR to split verified useres by facial matching (#11557)
- Scripts: Update DataRequest script to compute requesting issuer and have configurable depth (#11541)