Releases: 18F/identity-idp
Releases · 18F/identity-idp
RC 437
User-Facing Improvements
- Doc Auth: Update text on how to verify page for mobile non selfie flow (#11592)
- Integration Experience: Adding a better error for a testing scenario (#11609) (#11609)
- Verify-by-mail: A CTA was added to prompt users to return to the service provider after verify-by-mail (#11602)
Bug Fixes
- Face/Touch Recommendation: Fix edge case for duplicate submission in recommendation (#11608)
Internal
- Analytics: Update signature query to use more accurate event (#11570)
- Anti-Fraud: Omit policy_details_api from ThreatMetrix response body logging (#11601)
- In-person Proofing: Cancel in-person enrollments when profiles are deactivated due to encryption error. (#11585)
- RSpec Matchers: Adds match_xml matcher and cleans up gross fixture (#11599)
Upcoming Features
- socure: Socure analytics (#11581)
RC 436
Internal
- Analytics: Add additional logging details for partner email selection (#11550)
- Anti-Fraud: Associate user_id for reCAPTCHA result analytics of failed sign-in (#11580)
- Code Cleanup: Remove legacy favicon assets (#11582)
- Dependencies: Update dependency to resolve security advisory (#11589)
- Dependencies: Update dependencies to latest version (#11590)
- In-person proofing: Audit and update test mock data and helper functions for ipp (#11573)
- Reporting: Exclude old IAAs from Combined Invoice Supplement Report V2 (#11597)
- logging bugfix: Add logging event for connected accounts page visit (#11554)
- reCAPTCHA: Configure timeouts for reCAPTCHA requests
Upcoming Features
- Authentication: Threatmetrix API add local_attribute_1 for user when available (#11575)
- IdV Socure: Default users requiring facial match to LN (#11531)
- SAML: Update saml_idp gem to add support for AES-GCM encryption algorithms (#11593)
- Socure: Added nice error display for Socure failures (#11560)
- desktop f/t unlock: A/B setup for desktop f/t unlock (#11347)
RC 435
User-Facing Improvements
- Authentication: Service provider email selection max email limit (#11551)
- In-person Proofing: Add warning banner to password reset email when the user has an in-progress in-person enrollment (#11547)
Internal
- AAMVA DLDV: Send additional attributes to AAMVA (#11565)
- Analytics: Remove unused event parameter from RedirectController (#11576)
- Deploy: Fetch latest origin as part of deploy PR script (#11563)
- Document Authentication: Read additional document data from TrueID when configured to do so (#11559)
- Error Logging: Exempt additional WebAuthn error logging as expected (#11577)
- In-person proofing: Remove old skip_doc_auth variable from session (#11569)
- Reporting: Feature flag (#11556)
- Reporting: Optimize Query (#11574)
Upcoming Features
RC 434
Bug Fixes
- Code Revert: Revert changes introduced in 7621932 (#11510)
- Code Revert: Revert changes introduced in a419d8c (#11457)
- In-person proofing: Fixes redirect for put for state id routes renaming (#11545)
Internal
- A/B Tests: Fix logging for A/B test to recommend platform authenticator to SMS users (#11549)
- Analytics: Upgrade Digital Analytics Program to v8.4 release (#11539)
- Analytics: Add tracking for sha256 change (#11552)
- Analytics: Document analytics event parameters (#11536, #11537)
- Documentation: Document usage of Lookbook for ViewComponents (#11540)
- Facial Match: Clean up config post-GA (#11533)
- Logging: Log requesting signing and certificate serial in SAML Auth Request event (#11558)
- Performance: Add preload headers for all style, script assets (#11504)
- Reporting: Do not return User UUID in requesting_issuer_uuid when generating user report (#11553)
- Reporting: Update MKMR to split verified useres by facial matching (#11557)
- Scripts: Update DataRequest script to compute requesting issuer and have configurable depth (#11541)
RC 433
Bug Fixes
- Authentication Apps: Fix error code for invalid format mentioning code sent to phone (#11521)
Internal
RC 432
2024-11-19T184527
This tag was signed with the committer’s verified signature.
aduth
Andrew Duthie
User-Facing Improvements
- F/T Unlock passkeys: Prefer residentKey for webauthn platform authenticators (#11489)
Bug Fixes
- Socure: Redirect to the capture complete page on success. (#11522)
Internal
- Dependencies: Update NPM dependencies to resolve security advisories (#11517)
- In-person proofing: Remove IPP+GPO scenario from step indicator concern (#11519)
- In-person proofing: Small cleanup related to removing dav_flag (#11508)
- Maintenance: Update postgres versions used in CI (#11518)
- Maintenance: Update knapsack testing report (#11505)
Upcoming Features
- Identity Verification: Handle Socure handoff. (#11473)
RC 431
User-Facing Improvements
- In-Person Proofing: Update the translations for the IPP option on the doc auth error page. (#11483)
- In-person proofing: Add optional results section heading pro for FullAddressSearch component (#11424)
- Localization: Improve Spanish translation for reCAPTCHA disclosure (#11493)
Bug Fixes
- Accessibility: Avoid focus loss on submit button when submitting form (#11482)
- Data Warehouse: Only export stats for tables with integer id columns (#11502)
Internal
- A/B Tests: Log A/B test buckets for Face/Touch recommend visited (#11496)
- Analytics: Add identifier for explicit frontend error logging (#11481)
- Anti-Fraud: Avoid setting reCAPTCHA token on failed execute (#11503)
- Automated Tooling: Exclude telephony strings from font glyph scraper (#11487)
- Containerization: Adding nginx image for k8s deployment (#11480)
- Dependencies: Replace Webpack dev server with zero-dependency alternative (#11485)
- Doc Auth Socure: Configure upload_disabled for socure (#11464)
- Documentation: Update port forwarding instructions for Android (#11495)
- IdV resolution: Error routing for vendor API exceptions (#11459)
- In-person Proofing: Adding graceful error handling and analytics in public usps locations controller (#11470)
- Maintenance: Remove review-app image build (#11501)
- Maintenance: Update identity-hostdata and redis-session-store to support Rails 8 (#11497)
- reCAPTCHA: Improve race condition handling for slow reCAPTCHA load (#11451)
Upcoming Features
- Document Authentication: Socure webhook event attribute updates (#11490)
- Partner Email Selection: Reset selected email session value on email deletion (#11492)
- Partner Email Selection: Fix HTML escaping for partner email sharing (#11491)
- socure: Reset socure docv url (#11498)
- socure: Remove customerUserID from document request to socure (#11486)
RC 430
User-Facing Improvements
- In-person proofing: Fix barcode page due date format for spanish, french, and chinese translations; Improve spanish translation for information alert. (#11398)
- Partner account: Confirm link leads to partner sign-in (#11439)
- Translations: Fix errant piv/cac capitalization (#11478)
Bug Fixes
- Code Revert: Revert changes introduced in 4e8a421 (#11430)
- Threatmetrix Account creation: Fixes issue with resubmission with TMX enabled for Account creation (#11471)
- Translations: Updates Simplified Chinese strings (#11461)
Internal
- Analytics: Fix duplicate logging for successful email confirmation (#11466)
- Automated Testing: Fail static analysis linting when warning messages emitted (#11458)
- Form Validation: Alias FormResponse#to_hash to #to_h (#11476)
- Performance: Remove unused email styles (#11484)
- Performance: Extract shared email confirmation behavior as needed (#11467)
- Upcoming Features: Ensure user can't switch IdV vendors while capturing. (#11425)
Upcoming Features
- Account creation: Threat metrix addiition (#11340)
- Email Sharing: Update email sharing content to be clearer to users (#11468)
- Fraud Mitigation: Add UI to simulate ThreatMetrix result in authentication (#11469)
- Identity Verification: Handle Socure handoff. (#11463)
- socure: Implement handle_connection_error for socure requests (#11430, #11477)
- socure vendor: Setting socure capture app url in document sessions table (#11475)
RC 429
User-Facing Improvements
- Automated Reports: Add color class to the recently added HRs (#11465)
Internal
- Analytics: Include FormResponse error details for reCAPTCHA at sign-in (#11456)
- CI: Testing out using the same image as everything else (#11452) (#11452)
- Identity Proofing: Send state ID type to AAMVA (#11428)
- In-person proofing: Update address search interface to remove obsolete is_pilot field (#11440)
- Reporting: S3 Bucket Name change (#11462)
- reCAPTCHA: Add error handling for failed reCAPTCHA execute (#11449)
Upcoming Features
- Email Selection feature: Add new message for email confirmation (#11443)
RC 428
User-Facing Improvements
- Email Reports: Add Login.gov colors to resport tables (LG-14431) (#11410)
- Facial Match: Configuration for releasing GA (#11418)
- In-person proofing: Update mobile layout for how to verify (#11431)
- Localization: Improve Spanish for reCAPTCHA disclosure and partner selected email (#11448)
- Reports: Add Login.gov branding to automated email reports (#11444)
Bug Fixes
- Doc Auth: Fix screenreader saying No File Chosen on inputs (#11422)
Internal
- AAMVA: Update Montana's maintenance window (#11426)
- Analytics: Track visits from "You verified your identity" email (#11413)
- Analytics: Add logging property for unchanged password reset of verified account (#11423)
- Analytics: Fix bug in protocols report (#11447) (#11447)
- Automated Testing: Use shared examples for mailer preview specs (#11446)
- Dependencies: Update Login.gov Design System from v9.3.0 to v9.4.0 (#11435)
- Dependencies: Integrate and remove dependency on Airbnb ESLint rules (#11445)
- Doc Auth: Add feature flag to enable standard socure doc capture in lower environments (#11438)
- Documentation: Clarify usage of kubernetes configurations and files (#11450)
- Fraud review: Attribute fraud review analytics events to SPs. (#11390)
- Maintenance: Update premailer and zxcvbn (#11437, #11442)
- Reporting: Add new daily sensitive job (#11405)
- Reporting: Naming improvements for table stats export (#11419)
- Upcoming Features: Create A/B test to recommend platform authenticator to SMS users (#11402)