Skip to content

Releases: 18F/identity-idp

RC 440

19 Dec 23:16
56ea064
Compare
Choose a tag to compare

User-Facing Improvements

  • Accessibility: skipnav container no longer blocks content at large zoom levels (#11676)

Bug Fixes

  • Doc Auth: Fix "Try again" button opening up Selfie SDK (#11661)
  • Partner agency: Prevent blank submission of preferred email form (#11568)

Internal

  • Code Quality: Simplify code using newly-available JavaScript features (#11666)
  • Dependencies: Drop dependencies in favor of Node.js native utilities (#11648)
  • Document Authentication: Repeat webhooks for docv (#11633)
  • Enable Chinese in staging: Delete production available_locales to use default which includes zh (#11668)
  • IdV Analytics: Make IdV event enhancement opt-out (#11588)
  • In-person proofing: Delete deprecated FSM state ID url (#11655)
  • In-person proofing: Move STEP_INDICATOR_STEP constants out of InPersonFlow (#11607)
  • Socure: Cleanup of error handling (#11595)
  • Static Analysis: Fix custom linter for configurable mail delivery (#11642)
  • Testing: Add rubocop-capybara (#11669)

Upcoming Features

  • Select email workflow: Select email supports single email (#11656) (#11656)
  • Doc Auth: Add feature test to ensure Socure rate limit count appears correctly (#11671) (#11671)

RC 439

17 Dec 19:11
f95f7ab
Compare
Choose a tag to compare

User-Facing Improvements

  • Authentication with SP: Change link from add email to change email (#11594)
  • In-Person proofing: Add translations for IPP Password Reset Email (#11645)

Internal

  • Analytics: Add integration error event (#11615)
  • Analytics: Remove support for allowed_extra_analytics (#11647)
  • Analytics: Remove support for wildcard allowed_extra_analytics (#11643)
  • Analytics: Document analytics events (#11634)
  • CI: Update image source from dockerhub to AWS Public ECR (#11641) (#11641)
  • Documentation: Fix documentation formatting (#11640)
  • Linting: Fix dot position (#11631) (#11631)
  • Maintenance: Update actionpack to address security vulnerability (#11630)
  • Maintenance: Update to Ruby 3.3.6 and Node 22 (#11605)
  • Maintenance: Update simpleidn and faker gems (#11646)
  • OpenID Connect: Support two OIDC key-pairs (#11626)
  • OpenID Connect: Simplify OIDC Logout validation (#11644)
  • SP Configuration: Add the ability to specify a locale in a redirect URL (#11620)

RC 438

12 Dec 16:52
276fb50
Compare
Choose a tag to compare

User-Facing Improvements

  • Account screen: Add a new link to return to the service provider for verified users who have not connected their account yet. (#11606)

Internal

  • Automated Testing: Improve test setup for enrolling profiles (#11315)
  • Dcoumentation: Add Frontend documentation for Images best practices (#11613)
  • Documentation: Expand on form pattern documentation validation, error handling (#11611)
  • OpenID Connect: Validate identity provider public/private keys (#11612)

Upcoming Features

  • socure: Reuse socure valid urls (#11555)

RC 437.1

10 Dec 22:09
8d3e4b0
Compare
Choose a tag to compare

Bug Fixes

  • SAML Integration: Adding condition to allow no certs if integration has block_encryption set to none

RC 437

10 Dec 18:38
9398ee2
Compare
Choose a tag to compare

User-Facing Improvements

  • Doc Auth: Update text on how to verify page for mobile non selfie flow (#11592)
  • Integration Experience: Adding a better error for a testing scenario (#11609) (#11609)
  • Verify-by-mail: A CTA was added to prompt users to return to the service provider after verify-by-mail (#11602)

Bug Fixes

  • Face/Touch Recommendation: Fix edge case for duplicate submission in recommendation (#11608)

Internal

  • Analytics: Update signature query to use more accurate event (#11570)
  • Anti-Fraud: Omit policy_details_api from ThreatMetrix response body logging (#11601)
  • In-person Proofing: Cancel in-person enrollments when profiles are deactivated due to encryption error. (#11585)
  • RSpec Matchers: Adds match_xml matcher and cleans up gross fixture (#11599)

Upcoming Features

  • socure: Socure analytics (#11581)

RC 436

05 Dec 20:38
964774b
Compare
Choose a tag to compare

Internal

  • Analytics: Add additional logging details for partner email selection (#11550)
  • Anti-Fraud: Associate user_id for reCAPTCHA result analytics of failed sign-in (#11580)
  • Code Cleanup: Remove legacy favicon assets (#11582)
  • Dependencies: Update dependency to resolve security advisory (#11589)
  • Dependencies: Update dependencies to latest version (#11590)
  • In-person proofing: Audit and update test mock data and helper functions for ipp (#11573)
  • Reporting: Exclude old IAAs from Combined Invoice Supplement Report V2 (#11597)
  • logging bugfix: Add logging event for connected accounts page visit (#11554)
  • reCAPTCHA: Configure timeouts for reCAPTCHA requests

Upcoming Features

  • Authentication: Threatmetrix API add local_attribute_1 for user when available (#11575)
  • IdV Socure: Default users requiring facial match to LN (#11531)
  • SAML: Update saml_idp gem to add support for AES-GCM encryption algorithms (#11593)
  • Socure: Added nice error display for Socure failures (#11560)
  • desktop f/t unlock: A/B setup for desktop f/t unlock (#11347)

RC 435

03 Dec 21:09
b5dba56
Compare
Choose a tag to compare

User-Facing Improvements

  • Authentication: Service provider email selection max email limit (#11551)
  • In-person Proofing: Add warning banner to password reset email when the user has an in-progress in-person enrollment (#11547)

Internal

  • AAMVA DLDV: Send additional attributes to AAMVA (#11565)
  • Analytics: Remove unused event parameter from RedirectController (#11576)
  • Deploy: Fetch latest origin as part of deploy PR script (#11563)
  • Document Authentication: Read additional document data from TrueID when configured to do so (#11559)
  • Error Logging: Exempt additional WebAuthn error logging as expected (#11577)
  • In-person proofing: Remove old skip_doc_auth variable from session (#11569)
  • Reporting: Feature flag (#11556)
  • Reporting: Optimize Query (#11574)

Upcoming Features

  • Socure: Model Socure shadow mode as an A/B test (#11544)
  • socure: Socure analytics logging (#11509)

RC 434

03 Dec 20:04
d654ec4
Compare
Choose a tag to compare

Bug Fixes

  • Code Revert: Revert changes introduced in 7621932 (#11510)
  • Code Revert: Revert changes introduced in a419d8c (#11457)
  • In-person proofing: Fixes redirect for put for state id routes renaming (#11545)

Internal

  • A/B Tests: Fix logging for A/B test to recommend platform authenticator to SMS users (#11549)
  • Analytics: Upgrade Digital Analytics Program to v8.4 release (#11539)
  • Analytics: Add tracking for sha256 change (#11552)
  • Analytics: Document analytics event parameters (#11536, #11537)
  • Documentation: Document usage of Lookbook for ViewComponents (#11540)
  • Facial Match: Clean up config post-GA (#11533)
  • Logging: Log requesting signing and certificate serial in SAML Auth Request event (#11558)
  • Performance: Add preload headers for all style, script assets (#11504)
  • Reporting: Do not return User UUID in requesting_issuer_uuid when generating user report (#11553)
  • Reporting: Update MKMR to split verified useres by facial matching (#11557)
  • Scripts: Update DataRequest script to compute requesting issuer and have configurable depth (#11541)

RC 433

21 Nov 22:29
ab4568c
Compare
Choose a tag to compare

Bug Fixes

  • Authentication Apps: Fix error code for invalid format mentioning code sent to phone (#11521)

Internal

  • Analytics: Store correct vendor name in ProofingComponents (#11499)
  • Analytics: Exclude stale sessions in IAL2 usage query (#11528)
  • In-person proofing: Remove old skip_doc_auth variable (#11455)
  • Reporting: Remove system tbale and updatesentitive missed tags (#11514)

RC 432

19 Nov 18:46
2024-11-19T184527
e558656
Compare
Choose a tag to compare

User-Facing Improvements

  • F/T Unlock passkeys: Prefer residentKey for webauthn platform authenticators (#11489)

Bug Fixes

  • Socure: Redirect to the capture complete page on success. (#11522)

Internal

  • Dependencies: Update NPM dependencies to resolve security advisories (#11517)
  • In-person proofing: Remove IPP+GPO scenario from step indicator concern (#11519)
  • In-person proofing: Small cleanup related to removing dav_flag (#11508)
  • Maintenance: Update postgres versions used in CI (#11518)
  • Maintenance: Update knapsack testing report (#11505)

Upcoming Features

  • Identity Verification: Handle Socure handoff. (#11473)