RC 439

User-Facing Improvements

• Authentication with SP: Change link from add email to change email (#11594)
• In-Person proofing: Add translations for IPP Password Reset Email (#11645)

Internal

• Analytics: Add integration error event (#11615)
• Analytics: Remove support for allowed_extra_analytics (#11647)
• Analytics: Remove support for wildcard allowed_extra_analytics (#11643)
• Analytics: Document analytics events (#11634)
• CI: Update image source from dockerhub to AWS Public ECR (#11641) (#11641)
• Documentation: Fix documentation formatting (#11640)
• Linting: Fix dot position (#11631) (#11631)
• Maintenance: Update actionpack to address security vulnerability (#11630)
• Maintenance: Update to Ruby 3.3.6 and Node 22 (#11605)
• Maintenance: Update simpleidn and faker gems (#11646)
• OpenID Connect: Support two OIDC key-pairs (#11626)
• OpenID Connect: Simplify OIDC Logout validation (#11644)
• SP Configuration: Add the ability to specify a locale in a redirect URL (#11620)

RC 438

User-Facing Improvements

• Account screen: Add a new link to return to the service provider for verified users who have not connected their account yet. (#11606)

Internal

• Automated Testing: Improve test setup for enrolling profiles (#11315)
• Dcoumentation: Add Frontend documentation for Images best practices (#11613)
• Documentation: Expand on form pattern documentation validation, error handling (#11611)
• OpenID Connect: Validate identity provider public/private keys (#11612)

Upcoming Features

• socure: Reuse socure valid urls (#11555)

RC 437.1

Bug Fixes

• SAML Integration: Adding condition to allow no certs if integration has block_encryption set to none

RC 437

User-Facing Improvements

• Doc Auth: Update text on how to verify page for mobile non selfie flow (#11592)
• Integration Experience: Adding a better error for a testing scenario (#11609) (#11609)
• Verify-by-mail: A CTA was added to prompt users to return to the service provider after verify-by-mail (#11602)

Bug Fixes

• Face/Touch Recommendation: Fix edge case for duplicate submission in recommendation (#11608)

Internal

• Analytics: Update signature query to use more accurate event (#11570)
• Anti-Fraud: Omit policy_details_api from ThreatMetrix response body logging (#11601)
• In-person Proofing: Cancel in-person enrollments when profiles are deactivated due to encryption error. (#11585)
• RSpec Matchers: Adds match_xml matcher and cleans up gross fixture (#11599)

Upcoming Features

• socure: Socure analytics (#11581)

RC 436

Internal

• Analytics: Add additional logging details for partner email selection (#11550)
• Anti-Fraud: Associate user_id for reCAPTCHA result analytics of failed sign-in (#11580)
• Code Cleanup: Remove legacy favicon assets (#11582)
• Dependencies: Update dependency to resolve security advisory (#11589)
• Dependencies: Update dependencies to latest version (#11590)
• In-person proofing: Audit and update test mock data and helper functions for ipp (#11573)
• Reporting: Exclude old IAAs from Combined Invoice Supplement Report V2 (#11597)
• logging bugfix: Add logging event for connected accounts page visit (#11554)
• reCAPTCHA: Configure timeouts for reCAPTCHA requests

Upcoming Features

• Authentication: Threatmetrix API add local_attribute_1 for user when available (#11575)
• IdV Socure: Default users requiring facial match to LN (#11531)
• SAML: Update saml_idp gem to add support for AES-GCM encryption algorithms (#11593)
• Socure: Added nice error display for Socure failures (#11560)
• desktop f/t unlock: A/B setup for desktop f/t unlock (#11347)

RC 435

User-Facing Improvements

• Authentication: Service provider email selection max email limit (#11551)
• In-person Proofing: Add warning banner to password reset email when the user has an in-progress in-person enrollment (#11547)

Internal

• AAMVA DLDV: Send additional attributes to AAMVA (#11565)
• Analytics: Remove unused event parameter from RedirectController (#11576)
• Deploy: Fetch latest origin as part of deploy PR script (#11563)
• Document Authentication: Read additional document data from TrueID when configured to do so (#11559)
• Error Logging: Exempt additional WebAuthn error logging as expected (#11577)
• In-person proofing: Remove old skip_doc_auth variable from session (#11569)
• Reporting: Feature flag (#11556)
• Reporting: Optimize Query (#11574)

Upcoming Features

• Socure: Model Socure shadow mode as an A/B test (#11544)
• socure: Socure analytics logging (#11509)

RC 434

Bug Fixes

• Code Revert: Revert changes introduced in 7621932 (#11510)
• Code Revert: Revert changes introduced in a419d8c (#11457)
• In-person proofing: Fixes redirect for put for state id routes renaming (#11545)

Internal

• A/B Tests: Fix logging for A/B test to recommend platform authenticator to SMS users (#11549)
• Analytics: Upgrade Digital Analytics Program to v8.4 release (#11539)
• Analytics: Add tracking for sha256 change (#11552)
• Analytics: Document analytics event parameters (#11536, #11537)
• Documentation: Document usage of Lookbook for ViewComponents (#11540)
• Facial Match: Clean up config post-GA (#11533)
• Logging: Log requesting signing and certificate serial in SAML Auth Request event (#11558)
• Performance: Add preload headers for all style, script assets (#11504)
• Reporting: Do not return User UUID in requesting_issuer_uuid when generating user report (#11553)
• Reporting: Update MKMR to split verified useres by facial matching (#11557)
• Scripts: Update DataRequest script to compute requesting issuer and have configurable depth (#11541)

RC 433

Bug Fixes

• Authentication Apps: Fix error code for invalid format mentioning code sent to phone (#11521)

Internal

• Analytics: Store correct vendor name in ProofingComponents (#11499)
• Analytics: Exclude stale sessions in IAL2 usage query (#11528)
• In-person proofing: Remove old skip_doc_auth variable (#11455)
• Reporting: Remove system tbale and updatesentitive missed tags (#11514)

RC 432

User-Facing Improvements

• F/T Unlock passkeys: Prefer residentKey for webauthn platform authenticators (#11489)

Bug Fixes

• Socure: Redirect to the capture complete page on success. (#11522)

Internal

• Dependencies: Update NPM dependencies to resolve security advisories (#11517)
• In-person proofing: Remove IPP+GPO scenario from step indicator concern (#11519)
• In-person proofing: Small cleanup related to removing dav_flag (#11508)
• Maintenance: Update postgres versions used in CI (#11518)
• Maintenance: Update knapsack testing report (#11505)

Upcoming Features

• Identity Verification: Handle Socure handoff. (#11473)

RC 431

User-Facing Improvements

• In-Person Proofing: Update the translations for the IPP option on the doc auth error page. (#11483)
• In-person proofing: Add optional results section heading pro for FullAddressSearch component (#11424)
• Localization: Improve Spanish translation for reCAPTCHA disclosure (#11493)

Bug Fixes

• Accessibility: Avoid focus loss on submit button when submitting form (#11482)
• Data Warehouse: Only export stats for tables with integer id columns (#11502)

Internal

• A/B Tests: Log A/B test buckets for Face/Touch recommend visited (#11496)
• Analytics: Add identifier for explicit frontend error logging (#11481)
• Anti-Fraud: Avoid setting reCAPTCHA token on failed execute (#11503)
• Automated Tooling: Exclude telephony strings from font glyph scraper (#11487)
• Containerization: Adding nginx image for k8s deployment (#11480)
• Dependencies: Replace Webpack dev server with zero-dependency alternative (#11485)
• Doc Auth Socure: Configure upload_disabled for socure (#11464)
• Documentation: Update port forwarding instructions for Android (#11495)
• IdV resolution: Error routing for vendor API exceptions (#11459)
• In-person Proofing: Adding graceful error handling and analytics in public usps locations controller (#11470)
• Maintenance: Remove review-app image build (#11501)
• Maintenance: Update identity-hostdata and redis-session-store to support Rails 8 (#11497)
• reCAPTCHA: Improve race condition handling for slow reCAPTCHA load (#11451)

Upcoming Features

• Document Authentication: Socure webhook event attribute updates (#11490)
• Partner Email Selection: Reset selected email session value on email deletion (#11492)
• Partner Email Selection: Fix HTML escaping for partner email sharing (#11491)
• socure: Reset socure docv url (#11498)
• socure: Remove customerUserID from document request to socure (#11486)