RC 371

User-Facing Improvements

• Doc Auth: Page content changes for document and selfie capture. (#10348)
• Login Design System Component: Login-button embed styles for partner use (#10387)
• PIV/CAC: Add PIV interstitial page for gov emails (#10282)

Bug Fixes

• In-Person Proofing: Check all threatmetrix config values where necessary (#10391)
• Sign Up: Avoid prompting for Rules of Use on resent email confirmation (#10404)

Internal

• Code Quality: Remove unused session helper testing code (#10384)
• Doc Auth: Add analytics event for tracking unexpected sdk error (#10368)
• FSM: Add state id feature flag (#10409)
• File Structure: Consolidate raster images into email assets directory (#10389)
• Geocoder: Avoid initializing geocoder in test environments (#10398)
• Logging: Add logging of user camera resolution for document capture page (#10227)
• SAML: Bump to latest saml-idp version (#10396)
• Webauthn: Specify hints for webauthn security key enrollment (#10382)

Upcoming Features

• Document Authentication: Add alt text to selfie checkmark image for screenreaders (#10401)
• In-person-proofing: Add new value for idv_level on profile (#10371)

RC 370

User-Facing Improvements

• Accessibility: Add support for reduced motion for security key image animation (#10376)
• Authentication: Update security key setup form (#10323)

Internal

• AB Tests: Remove Doc Auth Fallbacks (#10356)
• Automated Testing: Check duplicate element IDs in accessibility tests (#10362)
• Automated Testing: Fix manifest cache for local JavaScript feature tests (#10365)
• Build Tooling: Fix Sass compilation rebuild after error (#10377)
• Configuration: Improve CSV parsing for configuration values (#10358)
• Database: Optimize event disavowal query to load single record into memory (#10372)
• Dependencies: Update dependencies to latest versions (#10374)
• Dependencies: Update dependencies to resolve security advisories (#10369)
• Documentation: Update component document to describe stylesheet auto-loading (#10375)
• Fraud Detection Prevention: Time interval worker for aggregation of new device emails (#10317)
• Logging: Update dependency (#10364)
• Performance: Freeze constants (#10340)
• Rate Limiting: Add short-term rate limit as delay between OTP sends (#10360)
• Testing: Consolidate identity verification accessibility tests to improve test speed (#10359)

Upcoming Features

• Sign In: Send single aggregated email notification for new device sign-in (#10314)

RC 369

User-Facing Improvements

• Dialog: Improve native browser compatibility and asset size of modal component (#10286)

Internal

• Automated Testing: Resolve flakey test failures for PIV CSP assertions (#10355)
• Configuration: Improve CSV parsing for configuration values (#10354)
• Dependencies: Upgrade dependencies to latest versions to resolve security advisories (#10350)
• Performance: Add frozen_string_literal Rubocop Rule (#10342)
• Session: Simplify session with trust check to only consider user (#10290)

RC 368

User-Facing Improvements

• Doc Auth: Add Acuant SDK v11.9.3 files + update docs (#10283)
• Doc Auth: Allow user select IPP if available from handoff page. (#10267)
• Messages: Use the American spelling of canceled consistently (#10320)
• PIV/CAC: Piv Migration for added check on user (#10315)
• how to verify page: Update content (#10289)

Bug Fixes

• In-Person Proofing: Fix spec failures related to changes to how to verify page (#10345)
• In-Person Proofing: Show the user the correct screen when they fail ipp with fraud review pending (#10333)
• Selfie: Show missing hint text for users on Android/Chrome (#10339)

Internal

• Analytics: Additional features for analytics log testing (#10334)
• Bug Fix: Remove Rack::ContentLength from being loaded outside of Rails (#10331)
• Data Reporting: Adds Workflow Complete - Total Pending to the Drop Off Report (#10312)
• Dependencies: Update dependencies to latest versions (#10313)
• Identity verification: Include profile metadata in analytics logs (#10270)
• Performance: Refactor component values into constant (#10336)
• Performance: Convert a few classes to be more thread-safe (#10337)

Upcoming Features

• Account reset: Dont let account reset fraud users (#10189)
• In-person proofing: Added Cancel link to the how to verify view that is currently turned off (#10330)

RC 367.1

Internal

• Rate Limiting: Add JSON-formatted phone carrier configuration (#10346)

RC 367

User-Facing Improvements

• Doc Auth: Selfie errors. (#10284)
• DocAuth: Update selfie face match fail translations (#10298)
• IdV: Update how verifying your identity works copy (#10306)
• Identity Verification: Step-indicator step descriptions have been revised. (#10280)
• Identity Verification: Improved welcome screen text (#10277)
• Identity verification: On personal key screen the step indicator shows all steps complete. (#10302)

Bug Fixes

• Identity verification: Fix log attribute issue associated with hybrid handoff. (#10293)
• Layout: Use design system asset for government banner lock icon (#10275)
• Robots: Improve consistency of robots.txt crawling directives (#10292)
• Selfie: Rework the selfie hint text display (#10274)

Internal

• Assets: Remove unused and redundant alert icons (#10278)
• Code Quality: Remove unused script helper method (#10300)
• Data Reporting: Adds the IdV: USPS address letter enqueued event to the drop-off report (#10288)
• Dependencies: Update cbor gem (#10281)
• Dependencies: Update dependencies to latest versions (#10299)
• Doc Auth: Download files needed for selfie capture in script (#10273)
• Doc Auth: Log image file name. (#10295)
• IdV: Active non biometric user sign in to non biometric sp SAML (#10276)
• Logging: Includes the authn context in IdV events (#10265)
• Metrics: Add prometheus metrics export (#10287)
• Metrics: Remove prometheus_exporter from Procfile (#10296)
• Performance: Reduce size of common application stylesheet (#10285)
• Performance: Optimize check for two-factor enabled account (#10310)
• Performance: Refactor AssetSources class to be thread-safe (#10301)

RC 366

User-Facing Improvements

• Multi-Factor Authentication: Sort setup options to recommend PIV for .gov/.mil email addresses (#10252)

Bug Fixes

• SAML metadata: Reorders metadata so that it validates against SAML metadata schema (#10272)

Internal

• Analytics: Add additional data to IdV analytics events by default. (#10263)
• Configuration: Add ability to configure file destinations for Puma logs (#10271)
• Doc Auth: Add acuant_version to selfie events (#10266)

Upcoming Features

• Vector of Trust: Updated getting started text (#10237)
• DocAuth: Hint text styling should overwrite FullScreen styling (#10269)
• DocAuth: Attempt to fix blackscreen bug in selfie by removing a piece of code that resets the hint text. (#10257)

RC 365

User-Facing Improvements

• Authentication: Align language for security key (#10249)
• Phishing-resistant MFAs: Improve security key error messaging (#10256)

Bug Fixes

• IPP: Mark fraudulent profiles as not pending IPP (#10222)
• In Person Proofing: Add a missing log method to analytics (#10244)
• OIDC protocol: Returns correct x509:presented attribute type (#10239)
• PIV/CAC: Consistently clear PIV session detail after deletion (#10238)

Upcoming Features

• Doc Auth: Updated UI on hybrid handoff page when selfie capture is required. (#10251)
• Doc Auth: When selfie capture is enabled, only allow images through SDK (#10232)
• DocAuth: Make selfie hint text styling match id capture hint text styling (#10253)

Internal

• Dependencies: Update dependencies to latest versions (#10261)
• Documentation: Add documentation for missing piv_cac_login arguments (#10246)
• IdV biometrics: Allow active user to sign into non biometric sp (#10211)
• In-Person Proofing: Update a comment about the acuant globals (#10247)
• In-Person Proofing: Fix selfie screen reader problem by adding FullScreen component (#10228)
• Reporting: Bug fix LG-99 unique user report (#10255)
• ThreatMetrix: Tests (#10231)

RC 364

User-Facing Improvements

• MFA: Remove backup code pre-warning from setup flow (#10014)

Bug Fixes

• Account Page: Fix border on MFA when editing with multiple (#10242)

Internal

• Analytics: Remove no-JavaScript tracking from Sign In page (#10240)
• Dependencies: Update rack-cors to 2.0.2 and unlock version (#10241)
• Dependencies: Update dependencies to latest versions (#10236)
• Reporting: Add LG-99 unique user report (#10229)
• Platform: Dockerfile updates for EKS environments (#9948)

Upcoming Features

• Document Authentication: Selfie capture hints are voice accessible (#10223)

RC 363

User-Facing Improvements

• Doc Auth: Update selfie hint text translations. (#10213)

Bug Fixes

• Accessibility: Safari use of VoiceOver reading alt=null images (#10200)
• PIV/CAC: Consistently clear PIV session detail after deletion (#10220)

Internal

• Automated Testing: Improve reliability of automated tests (#10221)
• Code Quality: Remove legacy MFA management route code (#10218, #10219)
• Code Quality: Remove unnecessary background styles from language picker (#10217)
• Dependencies: Update dependencies to latest versions (#10210)
• In-Person Proofing: Add FE logging for liveness_check_required (#10156)
• SAML: VTR support was added to SAML Response (#10224)

Upcoming Features

• VoT: Added Vot to oidc user info (#10215)
• biometrics: Getting started screen for step-up selfies (#10207)