RC 427

Bug Fixes

• In-person proofing: Fix missing success banner on phone page (#11412)

Internal

• Analytics: Fix weekly protocols report (#11406)
• Automated Testing: Improve documentation (#11417)
• Automated Testing: Improve error message when asserting logged event without stubbing analytics (#11414)
• Dependencies: Update dependencies to resolve security advisory (#11409)
• Documentation: Update local development documentation for working with PKI (#11408)

Upcoming Features

• Identity Verification: Fetch document capture results from Socure (#11394)
• Identity Verification: Incrementing rate limiter during webhook (#11411)
• Identity Verification: Index Socure transaction token column (#11421)

RC 426

User-Facing Improvements

• GPO flow: UI tweaks (#11346)
• IdV notifications: Redesign verify-by-mail 'letter requested' email notification (#11351)
• Integration Experience: Allowing and ignoring unknown authn_context values (#11362)

Internal

• Analytics: Add id_token_hint usage tracking (#11404)
• Analytics: Log action name with reCAPTCHA assessment result received (#11407)
• Automated Testing: Refactor 2FA setup controller specs (#11399)
• CI: Changing LOGIN_ENV to match review app environment (#11401)
• In-person Proofing: Remove same_address_as_id from analytics (#11400)
• In-person proofing: Remove old skip_doc_auth variable (#11338)
• In-person proofing: Rename state id controller routes (#11379)
• In-person proofing: Cancel enrollments with deactivated profiles during the proofing job (#11363)
• In-person proofing: Remove deprecated method that is no longer needed for backwards compatibility (#11403)
• Maintenance: Upgrade to good_job v4 (#11377)
• Performance: Enable rubocop rule to disallow OpenStruct usage (#11397)
• Reporting: Set up DataWarehouse Stale Data Check (#11386)
• Tech debt: Rename session key (#11395)

RC 425

User-Facing Improvements

• PIV/CAC: Add PIV/CAC replacement workflow for mismatched PIV authentication (#11368)

Bug Fixes

• Database: Fix migration check method call arguments (#11388)

Internal

• Browser Support: Update browserslist database (#11387)
• Dependencies: Update to Rails 7.2 (#11357)
• In-person Proofing: Remove in_person_public_address_search_endabled variable usage (#11370) (#11370)
• In-person proofing: Delete state id FSM step files (#11324)
• MFA setup: Add attempt count to MFA setup analytics event (#11293)
• add db column: Adding socure capture app url to db (#11389)

RC 424

User-Facing Improvements

• Content: Improve text spacing for some content in Simplified Chinese (#11356)
• F/T Unlock passkeys: Move userVerification to discouraged (#11354) (#11354)
• In-person Proofing: Fix ipp emails to distinguish between selected and visited location name (#11353)
• In-person proofing: Update signout link text (#11325)
• Split document capture: Added helpful explanation to the selfie page. (#11367)

Bug Fixes

• Login Button Component: Update hover state (#11366)

Internal

• Analytics: Add feature usage table to Protocols Report (#11369) (#11369)
• Automated Testing: Restructure PIV/CAC setup spec for consistency (#11355)
• Automated Testing: Extract common spec helpers for decoding OIDC tokens (#11371)
• CI: Fixing service name reference, adding additional env vars to review-apps (#11372) (#11372)
• Code Quality: Remove unused view code (#11342)
• Code Quality: Consolidate phishing-resistant MFA checks to protocol controllers (#11375)
• Configuration: Add test to require all config defined in application.yml.default (#11365)
• Dependencies: Update dependencies to resolve security advisories (#11358)
• Identity Proofing: Log state_id_type on doc auth verify proofing results event (#11328)
• Linting: Update rspec-rails to lint deprecated enum keywords (#11364)
• Logging: Add cpu_time and idle_time to job logs (#11376)
• Maintenance: Update good_job in preparation for 4.0 upgrade (#11374)
• Maintenance: Remove compose-components JavaScript package (#11373)
• Socure: Download and store reason codes weekly (#11350)
• Tests: Updating some tests to be easier to read (#11352) (#11352)
• event tracking: Remove out dated doc auth event tracker (#11361)
• split doc auth: Remove past code and refrences to single page doc auth and split conditionals (#11343)

Upcoming Features

• reCAPTCHA: Enable reCAPTCHA in log-only mode (#11349)

RC 423

User-Facing Improvements

• In-person proofing: Update Chinese translation on How to Verify view for selfie (#11344)
• Partner account: Cancel adding email (#11303)

Internal

• Test Coverage: Making acr_values the default test case (#11345)

RC 422

Bug Fixes

• Document Capture: Extend session when moving between document capture steps (#11333)

Internal

• Analytics: Adding facial match issuers query to report (#11339)
• Analytics: Log edit distance for SSNs (#11331, #11336)
• CI: Adding label to ArgoCD application manifest (#11332)
• Tests: Updating to default to acr_values (#11335)

RC 421

User-Facing Improvements

• Doc Auth: Change alt text to selfie green checkmark (#11310)
• Camera capture: Update french text during camera capture (#11330)

Bug Fixes

• Account Reset: Fix race condition where concurrent requests to cancel could result in an exception (#11329)
• In-person Proofing: Fix 404 Error on PO Search Page (#11287)

Internal

• Analytics: Streamlining inclusion of resolved ACR names (#11307)
• Configuration: Remove configuration not needed any longer (#11326)
• In-person proofing: Increased @18f/identity-address-search version number to next major version (#11322)
• Reporting: Sensitive tag to all columns (#11316)
• Deploying: Cuts over review app deployment to kustomize overlay/base instead of helm chart (#11125)

Upcoming Features

• Partner Email Selection: Add analytics for consent screen email selection (#11321)
• Identity verification: socure in hybrid handoff (#11289)

RC 420

User-Facing Improvements

• Identity verification: Updates to French and Simplified Chinese translations (#11305)
• In-person proofing: Add step indicator to how to verify view (#11298)
• Document authentication: Updating attempts messages (#11308)

Internal

• Facial Match: Update language (#11304)
• In-person proofing: Fix specs (#11314) (#11314)
• Refactoring: Move constant to appropriate owner (#11306)

Upcoming Features

• Account creation: Threat metrix addiition (#11278)
• Partner Email Selection: Add translations for email not yet selected (#11320)
• Document authentication: Visual and content changes for split doc auth capture pages (#11285)

RC 419

Internal

• Facial Match: Update more language (#11301)
• Identity Proofing: Update code to reflect program language (#11296)
• Logging: Add liveness flag to all relevant events. (#11292)
• Tooling: Add SQLite support to query-cloudwatch command (#11291)

Upcoming Features

• split doc auth: Adding feature tests for more code coverage in prep for split doc auth FF enabling (#11263)

RC 418

User-Facing Improvements

• Identity verification: Verify license expiration dates with AAMVA. (#11283)
• Account verified email: Prompt user to return to SP (#11295)

Bug Fixes

• Sign up: Add request id (#11286)

Internal

• Analytics: Add app_differentiator field to events (#11262)

Upcoming Features

• Identity verification: Send phone number to Socure (#11272)