RC 448

User-Facing Improvements

• Multi-Factor Authentication: Convert Security Key to Face or Touch Unlock when detected as platform authenticator (#11788)
• account management: No change available if partner shares all emails (#11701)

Bug Fixes

• Identity Verification: Allow users designated for Socure to opt-in to In Person Proofing (#11804)
• In-person proofing: Add selected_location to IdV in person proofing location submitted analytic event when flow path is hybrid (#11806)

Internal

• Automated Testing: Raise error when analytics test hash_including is exactly equal (#11802)
• Code Quality: Extract mixin for common MFA deletion behaviors (#11796)
• Doc Auth: Add a socure user to the socure user redis set (#11816)
• Documentation: Add build tooling sections to frontend documentation (#11812)
• Documentation: Add introductory high-level overview for frontend documentation (#11807)
• IdV Doc Auth: Allow timed out user to retry docv (#11792)
• Reporting: Create MFA Report script (#11740)

Upcoming Features

• Email Selection: Adding email in select flow links back to select page (#11805)
• Socure: Log Pii validation (#11813)
• socure: Enforce socure max user limit (#11808)

!!! Invalid Changelog Entries !!!
update end of day bug (#11809)

RC 447

User-Facing Improvements

• Backup Codes: Show backup code reminder for partner-initiated requests (#11744)
• Translations: Update translations from LQA (#11763)

Bug Fixes

• socure: User who reached capture complete page should not be able to recapture (#11782)

Internal

• Alerting: Reduce RiscDeliveryJob exception noise (#11794)
• Analytics: Omit empty FormResponse errors from analytics logging (#11799)
• Analytics: Avoid logging empty hash default values (#11800)
• Doc Auth Socure: Create a Redis set to track Socure users (#11773)
• JavaScript Helper: Avoid printing preload_links_header attribute for scripts (#11790)
• Maintenance: Upgrade to Rails 8 (#11793)
• Performance: Avoid queries for ServiceProvider with blank issuer (#11798)
• Scripts: Warn when data-pull is used locally (#11784)
• Source code: Remove gem dependency from mailer previews (#11791)

Upcoming Features

• Multi-Factor Authentication: Convert Security Key to Face or Touch Unlock when detected as platform authenticator (#11795)
• Socure: Add Idv::DocPiiForm check to Socure flow. (#11747)

RC 446

Bug Fixes

• Data Warehouse: Skip S3 upload if bucket name is blank (#11777)
• SAML: Return error when SAML year is invalid (#11766)

Internal

• In-person proofing: Cleaning up unused FSM code (#11578)
• Localization: Improve reliability of JavaScript string extraction (#11776)
• SAML: Adding SAML2025 files/refs (gitlab/TeamRadia#270) (#11780)
• SMS support: Update parsing of supported countries for SMS (#11774)

Upcoming Features

• Multi-Factor Authentication: Update alternative content for Face/Touch recommended test (#11769)
• socure: Try again if socure url not found (#11770)

RC 445

User-Facing Improvements

• Accessibility: Improve step indicator legibility at high text zoom levels (#11758)

Internal

• AAMVA: Hardens AAMVA maintenance window definitions and test coverage (#11753)
• CI: Fix job that checks pinpoint config (#11772)
• Dependencies: Update dependencies to latest versions (#11761)
• Doc Auth Socure: Add config variable for maximum allowed socure users (#11755)
• Email: Create client pool and retry instance profile credentials when sending emails via SES (#11765)
• Error Reporting: Do not report LexisNexis or AAMVA exceptions to NewRelic (#11760)
• Feature Flags: Fix feature flag checks so that they allow subdomains of identitysandbox.gov. (#11767)
• IdV flow: Simplify creation of Idv::ProofingComponents (#11742)
• In-person Proofing: Remove in_person_full_address_entry_enabled feature flag usage. (#11746) (#11746)
• Localization: Improve reliability of JavaScript string extraction (#11775)
• Maintenance: Move Faker gem from all environments to test (#11757)

Upcoming Features

• Document Authentication: AB vendor buckteing should default to configured default doc auth vendor (#11764)
• Identity Verification: Socure timeout provides hybrid users with options. (#11734)
• Requestable attributes: A claim that will allows SPs to request the user's UI locale was added (#11756)

RC 444

User-Facing Improvements

• In-person proofing: Removes post office closure alerts from barcode page and email (#11733)

Bug Fixes

• screen reader: Changing aria label for selfie capture (#11739) (#11739)

Internal

• AAMVA: Feature flags for conditionally sending attributes to AAMVA were removed (#11724)
• Analytics: Log analytics events for backup code reminder (#11738)

RC 443.1

Internal

• Dependencies: Update dependency to latest version (#11743)
• Performance: Reduce size of application stylesheet (#11745)

RC 443

User-Facing Improvements

• In-person proofing: Content and translation changes to Ready to Verify View and Email (#11687)
• Select email: Update content to be clearer for users in french and simplified chinese (#11729) (#11729)
• document capture upload: Disable drag and drop functionality if selfie required (#11728) (#11728)

Bug Fixes

• Code Revert: Revert changes introduced in 0d65152 (#11699)
• SAML Gem: Validates signature algorithm correctly (#11741) (#11741)
• Sign in: Bug fix for recaptcha failure not incrementing failed sign-in rate limiter (#11703)

Internal

• Analytics: Initiating SP issuer is logged on verify-by-mail code entry (#11713)
• CI: Pin Alpine image to 3.20 (#11723) (#11723)
• Dependencies: Update outdated package version pinning (#11722)
• Dependencies: Update dependencies to latest versions (#11720, #11721)
• Developer Experience: Don't require obsolete openssl-1.1 (#11731)
• Documentation: Fix documentation formatting (#11727)
• Identity Verification: Update maintenance windows for states (#11705)
• TrueID: Regex to parse the height from documents was adjusted (#11737)

Upcoming Features

• Doc Escrow: Add encryption and storage pieces (#11714)

RC 442.1

Reverts Previous Changes

• Attempts API: Implement ability to create and store Attempts API events (#11692)
• Maintenance: Update newrelic_rpm gem (#11699)
• Refactoring: Use more descriptive method last_sign_in_email_address (#11688)

RC 442

User-Facing Improvements

• In-person Proofing: Add translations for temp copy about Jan 9 post office closure (#11709)
• In-person Proofing: Add in-person post office closed email for January 9th closures. (#11702)
• In-person proofing: Conditionally render Post Office Closed alert banner on Ready to Verify View and Email (#11707)

Bug Fixes

• Fraud prevention: Limit query for timeframe expired event (#11696)
• Logging: Include jurisdiction_in_maintenance_window in result when AAMVA raises exception (#11700)

Internal

• AAMVA Support: NH and OK were added to the list of AAMVA supported states (#11708)
• Attempts API: Implement ability to create and store Attempts API events (#11692)
• Face or Touch Unlock: Logging for users in FT unlock setup ab test (#11683)
• Face or Touch Unlock: Logging for users in FT unlock setup ab test (#11710)
• In-person proofing: Add submit_attempts property to try again and IPP fallback doc auth troubleshooting events (#11682)
• Maintenance: Update newrelic_rpm gem (#11699)
• Performance: Move condition check above potential database queries (#11706)
• Refactoring: Use more descriptive method last_sign_in_email_address (#11688)
• Sample apps: Include protocol in sample app friendly names (#11712)

Upcoming Features

• Anti-Fraud: Override CSP for ThreatMetrix based on feature-specific config (#11678)

RC 441

User-Facing Improvements

• Accessibility: Skipnav container no longer blocks content at large zoom levels (#11676)
• Account screen: Show Service Provider name in return-to-service provider call to action (#11686)

Internal

• Code Quality: Remove unused code (#11679)

Upcoming Features

• Authentication: Move ThreatMetrix to multi-factor authentication setup page (#11654)
• Identity Verification: Socure timeout provides users with options. (#11572)
• Partner account: Select email to share with partner (#11667)