RC 433

Bug Fixes

• Authentication Apps: Fix error code for invalid format mentioning code sent to phone (#11521)

Internal

• Analytics: Store correct vendor name in ProofingComponents (#11499)
• Analytics: Exclude stale sessions in IAL2 usage query (#11528)
• In-person proofing: Remove old skip_doc_auth variable (#11455)
• Reporting: Remove system tbale and updatesentitive missed tags (#11514)

RC 432

User-Facing Improvements

• F/T Unlock passkeys: Prefer residentKey for webauthn platform authenticators (#11489)

Bug Fixes

• Socure: Redirect to the capture complete page on success. (#11522)

Internal

• Dependencies: Update NPM dependencies to resolve security advisories (#11517)
• In-person proofing: Remove IPP+GPO scenario from step indicator concern (#11519)
• In-person proofing: Small cleanup related to removing dav_flag (#11508)
• Maintenance: Update postgres versions used in CI (#11518)
• Maintenance: Update knapsack testing report (#11505)

Upcoming Features

• Identity Verification: Handle Socure handoff. (#11473)

RC 431

User-Facing Improvements

• In-Person Proofing: Update the translations for the IPP option on the doc auth error page. (#11483)
• In-person proofing: Add optional results section heading pro for FullAddressSearch component (#11424)
• Localization: Improve Spanish translation for reCAPTCHA disclosure (#11493)

Bug Fixes

• Accessibility: Avoid focus loss on submit button when submitting form (#11482)
• Data Warehouse: Only export stats for tables with integer id columns (#11502)

Internal

• A/B Tests: Log A/B test buckets for Face/Touch recommend visited (#11496)
• Analytics: Add identifier for explicit frontend error logging (#11481)
• Anti-Fraud: Avoid setting reCAPTCHA token on failed execute (#11503)
• Automated Tooling: Exclude telephony strings from font glyph scraper (#11487)
• Containerization: Adding nginx image for k8s deployment (#11480)
• Dependencies: Replace Webpack dev server with zero-dependency alternative (#11485)
• Doc Auth Socure: Configure upload_disabled for socure (#11464)
• Documentation: Update port forwarding instructions for Android (#11495)
• IdV resolution: Error routing for vendor API exceptions (#11459)
• In-person Proofing: Adding graceful error handling and analytics in public usps locations controller (#11470)
• Maintenance: Remove review-app image build (#11501)
• Maintenance: Update identity-hostdata and redis-session-store to support Rails 8 (#11497)
• reCAPTCHA: Improve race condition handling for slow reCAPTCHA load (#11451)

Upcoming Features

• Document Authentication: Socure webhook event attribute updates (#11490)
• Partner Email Selection: Reset selected email session value on email deletion (#11492)
• Partner Email Selection: Fix HTML escaping for partner email sharing (#11491)
• socure: Reset socure docv url (#11498)
• socure: Remove customerUserID from document request to socure (#11486)

RC 430

User-Facing Improvements

• In-person proofing: Fix barcode page due date format for spanish, french, and chinese translations; Improve spanish translation for information alert. (#11398)
• Partner account: Confirm link leads to partner sign-in (#11439)
• Translations: Fix errant piv/cac capitalization (#11478)

Bug Fixes

• Code Revert: Revert changes introduced in 4e8a421 (#11430)
• Threatmetrix Account creation: Fixes issue with resubmission with TMX enabled for Account creation (#11471)
• Translations: Updates Simplified Chinese strings (#11461)

Internal

• Analytics: Fix duplicate logging for successful email confirmation (#11466)
• Automated Testing: Fail static analysis linting when warning messages emitted (#11458)
• Form Validation: Alias FormResponse#to_hash to #to_h (#11476)
• Performance: Remove unused email styles (#11484)
• Performance: Extract shared email confirmation behavior as needed (#11467)
• Upcoming Features: Ensure user can't switch IdV vendors while capturing. (#11425)

Upcoming Features

• Account creation: Threat metrix addiition (#11340)
• Email Sharing: Update email sharing content to be clearer to users (#11468)
• Fraud Mitigation: Add UI to simulate ThreatMetrix result in authentication (#11469)
• Identity Verification: Handle Socure handoff. (#11463)
• socure: Implement handle_connection_error for socure requests (#11430, #11477)
• socure vendor: Setting socure capture app url in document sessions table (#11475)

RC 429

User-Facing Improvements

• Automated Reports: Add color class to the recently added HRs (#11465)

Internal

• Analytics: Include FormResponse error details for reCAPTCHA at sign-in (#11456)
• CI: Testing out using the same image as everything else (#11452) (#11452)
• Identity Proofing: Send state ID type to AAMVA (#11428)
• In-person proofing: Update address search interface to remove obsolete is_pilot field (#11440)
• Reporting: S3 Bucket Name change (#11462)
• reCAPTCHA: Add error handling for failed reCAPTCHA execute (#11449)

Upcoming Features

• Email Selection feature: Add new message for email confirmation (#11443)

RC 428

User-Facing Improvements

• Email Reports: Add Login.gov colors to resport tables (LG-14431) (#11410)
• Facial Match: Configuration for releasing GA (#11418)
• In-person proofing: Update mobile layout for how to verify (#11431)
• Localization: Improve Spanish for reCAPTCHA disclosure and partner selected email (#11448)
• Reports: Add Login.gov branding to automated email reports (#11444)

Bug Fixes

• Doc Auth: Fix screenreader saying No File Chosen on inputs (#11422)

Internal

• AAMVA: Update Montana's maintenance window (#11426)
• Analytics: Track visits from "You verified your identity" email (#11413)
• Analytics: Add logging property for unchanged password reset of verified account (#11423)
• Analytics: Fix bug in protocols report (#11447) (#11447)
• Automated Testing: Use shared examples for mailer preview specs (#11446)
• Dependencies: Update Login.gov Design System from v9.3.0 to v9.4.0 (#11435)
• Dependencies: Integrate and remove dependency on Airbnb ESLint rules (#11445)
• Doc Auth: Add feature flag to enable standard socure doc capture in lower environments (#11438)
• Documentation: Clarify usage of kubernetes configurations and files (#11450)
• Fraud review: Attribute fraud review analytics events to SPs. (#11390)
• Maintenance: Update premailer and zxcvbn (#11437, #11442)
• Reporting: Add new daily sensitive job (#11405)
• Reporting: Naming improvements for table stats export (#11419)
• Upcoming Features: Create A/B test to recommend platform authenticator to SMS users (#11402)

Upcoming Features

• Doc Auth: Add an interstitial page for socure (#11429)
• Partner Email Selection: Display flash message on successful update (#11432)

RC 427

Bug Fixes

• In-person proofing: Fix missing success banner on phone page (#11412)

Internal

• Analytics: Fix weekly protocols report (#11406)
• Automated Testing: Improve documentation (#11417)
• Automated Testing: Improve error message when asserting logged event without stubbing analytics (#11414)
• Dependencies: Update dependencies to resolve security advisory (#11409)
• Documentation: Update local development documentation for working with PKI (#11408)

Upcoming Features

• Identity Verification: Fetch document capture results from Socure (#11394)
• Identity Verification: Incrementing rate limiter during webhook (#11411)
• Identity Verification: Index Socure transaction token column (#11421)

RC 426

User-Facing Improvements

• GPO flow: UI tweaks (#11346)
• IdV notifications: Redesign verify-by-mail 'letter requested' email notification (#11351)
• Integration Experience: Allowing and ignoring unknown authn_context values (#11362)

Internal

• Analytics: Add id_token_hint usage tracking (#11404)
• Analytics: Log action name with reCAPTCHA assessment result received (#11407)
• Automated Testing: Refactor 2FA setup controller specs (#11399)
• CI: Changing LOGIN_ENV to match review app environment (#11401)
• In-person Proofing: Remove same_address_as_id from analytics (#11400)
• In-person proofing: Remove old skip_doc_auth variable (#11338)
• In-person proofing: Rename state id controller routes (#11379)
• In-person proofing: Cancel enrollments with deactivated profiles during the proofing job (#11363)
• In-person proofing: Remove deprecated method that is no longer needed for backwards compatibility (#11403)
• Maintenance: Upgrade to good_job v4 (#11377)
• Performance: Enable rubocop rule to disallow OpenStruct usage (#11397)
• Reporting: Set up DataWarehouse Stale Data Check (#11386)
• Tech debt: Rename session key (#11395)

RC 425

User-Facing Improvements

• PIV/CAC: Add PIV/CAC replacement workflow for mismatched PIV authentication (#11368)

Bug Fixes

• Database: Fix migration check method call arguments (#11388)

Internal

• Browser Support: Update browserslist database (#11387)
• Dependencies: Update to Rails 7.2 (#11357)
• In-person Proofing: Remove in_person_public_address_search_endabled variable usage (#11370) (#11370)
• In-person proofing: Delete state id FSM step files (#11324)
• MFA setup: Add attempt count to MFA setup analytics event (#11293)
• add db column: Adding socure capture app url to db (#11389)

RC 424

User-Facing Improvements

• Content: Improve text spacing for some content in Simplified Chinese (#11356)
• F/T Unlock passkeys: Move userVerification to discouraged (#11354) (#11354)
• In-person Proofing: Fix ipp emails to distinguish between selected and visited location name (#11353)
• In-person proofing: Update signout link text (#11325)
• Split document capture: Added helpful explanation to the selfie page. (#11367)

Bug Fixes

• Login Button Component: Update hover state (#11366)

Internal

• Analytics: Add feature usage table to Protocols Report (#11369) (#11369)
• Automated Testing: Restructure PIV/CAC setup spec for consistency (#11355)
• Automated Testing: Extract common spec helpers for decoding OIDC tokens (#11371)
• CI: Fixing service name reference, adding additional env vars to review-apps (#11372) (#11372)
• Code Quality: Remove unused view code (#11342)
• Code Quality: Consolidate phishing-resistant MFA checks to protocol controllers (#11375)
• Configuration: Add test to require all config defined in application.yml.default (#11365)
• Dependencies: Update dependencies to resolve security advisories (#11358)
• Identity Proofing: Log state_id_type on doc auth verify proofing results event (#11328)
• Linting: Update rspec-rails to lint deprecated enum keywords (#11364)
• Logging: Add cpu_time and idle_time to job logs (#11376)
• Maintenance: Update good_job in preparation for 4.0 upgrade (#11374)
• Maintenance: Remove compose-components JavaScript package (#11373)
• Socure: Download and store reason codes weekly (#11350)
• Tests: Updating some tests to be easier to read (#11352) (#11352)
• event tracking: Remove out dated doc auth event tracker (#11361)
• split doc auth: Remove past code and refrences to single page doc auth and split conditionals (#11343)

Upcoming Features

• reCAPTCHA: Enable reCAPTCHA in log-only mode (#11349)