RC 430

User-Facing Improvements

• In-person proofing: Fix barcode page due date format for spanish, french, and chinese translations; Improve spanish translation for information alert. (#11398)
• Partner account: Confirm link leads to partner sign-in (#11439)
• Translations: Fix errant piv/cac capitalization (#11478)

Bug Fixes

• Code Revert: Revert changes introduced in 4e8a421 (#11430)
• Threatmetrix Account creation: Fixes issue with resubmission with TMX enabled for Account creation (#11471)
• Translations: Updates Simplified Chinese strings (#11461)

Internal

• Analytics: Fix duplicate logging for successful email confirmation (#11466)
• Automated Testing: Fail static analysis linting when warning messages emitted (#11458)
• Form Validation: Alias FormResponse#to_hash to #to_h (#11476)
• Performance: Remove unused email styles (#11484)
• Performance: Extract shared email confirmation behavior as needed (#11467)
• Upcoming Features: Ensure user can't switch IdV vendors while capturing. (#11425)

Upcoming Features

• Account creation: Threat metrix addiition (#11340)
• Email Sharing: Update email sharing content to be clearer to users (#11468)
• Fraud Mitigation: Add UI to simulate ThreatMetrix result in authentication (#11469)
• Identity Verification: Handle Socure handoff. (#11463)
• socure: Implement handle_connection_error for socure requests (#11430, #11477)
• socure vendor: Setting socure capture app url in document sessions table (#11475)

RC 429

User-Facing Improvements

• Automated Reports: Add color class to the recently added HRs (#11465)

Internal

• Analytics: Include FormResponse error details for reCAPTCHA at sign-in (#11456)
• CI: Testing out using the same image as everything else (#11452) (#11452)
• Identity Proofing: Send state ID type to AAMVA (#11428)
• In-person proofing: Update address search interface to remove obsolete is_pilot field (#11440)
• Reporting: S3 Bucket Name change (#11462)
• reCAPTCHA: Add error handling for failed reCAPTCHA execute (#11449)

Upcoming Features

• Email Selection feature: Add new message for email confirmation (#11443)

RC 428

User-Facing Improvements

• Email Reports: Add Login.gov colors to resport tables (LG-14431) (#11410)
• Facial Match: Configuration for releasing GA (#11418)
• In-person proofing: Update mobile layout for how to verify (#11431)
• Localization: Improve Spanish for reCAPTCHA disclosure and partner selected email (#11448)
• Reports: Add Login.gov branding to automated email reports (#11444)

Bug Fixes

• Doc Auth: Fix screenreader saying No File Chosen on inputs (#11422)

Internal

• AAMVA: Update Montana's maintenance window (#11426)
• Analytics: Track visits from "You verified your identity" email (#11413)
• Analytics: Add logging property for unchanged password reset of verified account (#11423)
• Analytics: Fix bug in protocols report (#11447) (#11447)
• Automated Testing: Use shared examples for mailer preview specs (#11446)
• Dependencies: Update Login.gov Design System from v9.3.0 to v9.4.0 (#11435)
• Dependencies: Integrate and remove dependency on Airbnb ESLint rules (#11445)
• Doc Auth: Add feature flag to enable standard socure doc capture in lower environments (#11438)
• Documentation: Clarify usage of kubernetes configurations and files (#11450)
• Fraud review: Attribute fraud review analytics events to SPs. (#11390)
• Maintenance: Update premailer and zxcvbn (#11437, #11442)
• Reporting: Add new daily sensitive job (#11405)
• Reporting: Naming improvements for table stats export (#11419)
• Upcoming Features: Create A/B test to recommend platform authenticator to SMS users (#11402)

Upcoming Features

• Doc Auth: Add an interstitial page for socure (#11429)
• Partner Email Selection: Display flash message on successful update (#11432)

RC 427

Bug Fixes

• In-person proofing: Fix missing success banner on phone page (#11412)

Internal

• Analytics: Fix weekly protocols report (#11406)
• Automated Testing: Improve documentation (#11417)
• Automated Testing: Improve error message when asserting logged event without stubbing analytics (#11414)
• Dependencies: Update dependencies to resolve security advisory (#11409)
• Documentation: Update local development documentation for working with PKI (#11408)

Upcoming Features

• Identity Verification: Fetch document capture results from Socure (#11394)
• Identity Verification: Incrementing rate limiter during webhook (#11411)
• Identity Verification: Index Socure transaction token column (#11421)

RC 426

User-Facing Improvements

• GPO flow: UI tweaks (#11346)
• IdV notifications: Redesign verify-by-mail 'letter requested' email notification (#11351)
• Integration Experience: Allowing and ignoring unknown authn_context values (#11362)

Internal

• Analytics: Add id_token_hint usage tracking (#11404)
• Analytics: Log action name with reCAPTCHA assessment result received (#11407)
• Automated Testing: Refactor 2FA setup controller specs (#11399)
• CI: Changing LOGIN_ENV to match review app environment (#11401)
• In-person Proofing: Remove same_address_as_id from analytics (#11400)
• In-person proofing: Remove old skip_doc_auth variable (#11338)
• In-person proofing: Rename state id controller routes (#11379)
• In-person proofing: Cancel enrollments with deactivated profiles during the proofing job (#11363)
• In-person proofing: Remove deprecated method that is no longer needed for backwards compatibility (#11403)
• Maintenance: Upgrade to good_job v4 (#11377)
• Performance: Enable rubocop rule to disallow OpenStruct usage (#11397)
• Reporting: Set up DataWarehouse Stale Data Check (#11386)
• Tech debt: Rename session key (#11395)

RC 425

User-Facing Improvements

• PIV/CAC: Add PIV/CAC replacement workflow for mismatched PIV authentication (#11368)

Bug Fixes

• Database: Fix migration check method call arguments (#11388)

Internal

• Browser Support: Update browserslist database (#11387)
• Dependencies: Update to Rails 7.2 (#11357)
• In-person Proofing: Remove in_person_public_address_search_endabled variable usage (#11370) (#11370)
• In-person proofing: Delete state id FSM step files (#11324)
• MFA setup: Add attempt count to MFA setup analytics event (#11293)
• add db column: Adding socure capture app url to db (#11389)

RC 424

User-Facing Improvements

• Content: Improve text spacing for some content in Simplified Chinese (#11356)
• F/T Unlock passkeys: Move userVerification to discouraged (#11354) (#11354)
• In-person Proofing: Fix ipp emails to distinguish between selected and visited location name (#11353)
• In-person proofing: Update signout link text (#11325)
• Split document capture: Added helpful explanation to the selfie page. (#11367)

Bug Fixes

• Login Button Component: Update hover state (#11366)

Internal

• Analytics: Add feature usage table to Protocols Report (#11369) (#11369)
• Automated Testing: Restructure PIV/CAC setup spec for consistency (#11355)
• Automated Testing: Extract common spec helpers for decoding OIDC tokens (#11371)
• CI: Fixing service name reference, adding additional env vars to review-apps (#11372) (#11372)
• Code Quality: Remove unused view code (#11342)
• Code Quality: Consolidate phishing-resistant MFA checks to protocol controllers (#11375)
• Configuration: Add test to require all config defined in application.yml.default (#11365)
• Dependencies: Update dependencies to resolve security advisories (#11358)
• Identity Proofing: Log state_id_type on doc auth verify proofing results event (#11328)
• Linting: Update rspec-rails to lint deprecated enum keywords (#11364)
• Logging: Add cpu_time and idle_time to job logs (#11376)
• Maintenance: Update good_job in preparation for 4.0 upgrade (#11374)
• Maintenance: Remove compose-components JavaScript package (#11373)
• Socure: Download and store reason codes weekly (#11350)
• Tests: Updating some tests to be easier to read (#11352) (#11352)
• event tracking: Remove out dated doc auth event tracker (#11361)
• split doc auth: Remove past code and refrences to single page doc auth and split conditionals (#11343)

Upcoming Features

• reCAPTCHA: Enable reCAPTCHA in log-only mode (#11349)

RC 423

User-Facing Improvements

• In-person proofing: Update Chinese translation on How to Verify view for selfie (#11344)
• Partner account: Cancel adding email (#11303)

Internal

• Test Coverage: Making acr_values the default test case (#11345)

RC 422

Bug Fixes

• Document Capture: Extend session when moving between document capture steps (#11333)

Internal

• Analytics: Adding facial match issuers query to report (#11339)
• Analytics: Log edit distance for SSNs (#11331, #11336)
• CI: Adding label to ArgoCD application manifest (#11332)
• Tests: Updating to default to acr_values (#11335)

RC 421

User-Facing Improvements

• Doc Auth: Change alt text to selfie green checkmark (#11310)
• Camera capture: Update french text during camera capture (#11330)

Bug Fixes

• Account Reset: Fix race condition where concurrent requests to cancel could result in an exception (#11329)
• In-person Proofing: Fix 404 Error on PO Search Page (#11287)

Internal

• Analytics: Streamlining inclusion of resolved ACR names (#11307)
• Configuration: Remove configuration not needed any longer (#11326)
• In-person proofing: Increased @18f/identity-address-search version number to next major version (#11322)
• Reporting: Sensitive tag to all columns (#11316)
• Deploying: Cuts over review app deployment to kustomize overlay/base instead of helm chart (#11125)

Upcoming Features

• Partner Email Selection: Add analytics for consent screen email selection (#11321)
• Identity verification: socure in hybrid handoff (#11289)