RC 450

User-Facing Improvements

• Account History: Improve history label when adding or removing Face or Touch Unlock (#11823)

Bug Fixes

• Account History: Avoid showing label for unknown event type (#11834)
• Identity verification: Fix rare issue where user may get stuck on "Verify your information" (#11820)
• rate limit: Allow succeful submission for last attempt in hybrid flow (#11837)

Internal

• Analytics: Add tracking for response AAL fix (#11817)
• IDV: Update ProofingComponents to only take an idv_session (#11771)
• In-person Proofing: Remove old single field address search from both the address-search package and step components that use it (#11829) (#11829)
• Maintenance: Update css_parser gem (#11847)
• Performance: Reduce object allocations in identity verification (#11841)
• Performance: Reduce repeated decoding in AesEncryptor (#11844)
• Source code: Update source documentation (#11843)

Upcoming Features

• Partner Email Selection: Only redirect to select email screen if feature enabled (#11845)
• Recaptcha: Annotate sign-in reCAPTCHA from 2-factor attempts (#11801)

RC 449

User-Facing Improvements

• In-person Proofing: Allow users to perform a password reset on pending in-person profiles without losing progress if the user supplies their personal key. (#11762)

Bug Fixes

• socure: Changing is_defined to defined method (#11828)
• socure: Socure user set uuid nil issue fix (#11827) (#11827)

Internal

• Analytics: Omit errors from analytics when error_details available (#11810)
• Dependencies: Update dependencies to latest versions (#11825)

Upcoming Features

• Account History: Improve history label when adding or removing Face or Touch Unlock (#11833)
• Authentication: Allow all_emails and email to return last sign in email (#11717)

RC 448

User-Facing Improvements

• Multi-Factor Authentication: Convert Security Key to Face or Touch Unlock when detected as platform authenticator (#11788)
• account management: No change available if partner shares all emails (#11701)

Bug Fixes

• Identity Verification: Allow users designated for Socure to opt-in to In Person Proofing (#11804)
• In-person proofing: Add selected_location to IdV in person proofing location submitted analytic event when flow path is hybrid (#11806)

Internal

• Automated Testing: Raise error when analytics test hash_including is exactly equal (#11802)
• Code Quality: Extract mixin for common MFA deletion behaviors (#11796)
• Doc Auth: Add a socure user to the socure user redis set (#11816)
• Documentation: Add build tooling sections to frontend documentation (#11812)
• Documentation: Add introductory high-level overview for frontend documentation (#11807)
• IdV Doc Auth: Allow timed out user to retry docv (#11792)
• Reporting: Create MFA Report script (#11740)

Upcoming Features

• Email Selection: Adding email in select flow links back to select page (#11805)
• Socure: Log Pii validation (#11813)
• socure: Enforce socure max user limit (#11808)

!!! Invalid Changelog Entries !!!
update end of day bug (#11809)

RC 447

User-Facing Improvements

• Backup Codes: Show backup code reminder for partner-initiated requests (#11744)
• Translations: Update translations from LQA (#11763)

Bug Fixes

• socure: User who reached capture complete page should not be able to recapture (#11782)

Internal

• Alerting: Reduce RiscDeliveryJob exception noise (#11794)
• Analytics: Omit empty FormResponse errors from analytics logging (#11799)
• Analytics: Avoid logging empty hash default values (#11800)
• Doc Auth Socure: Create a Redis set to track Socure users (#11773)
• JavaScript Helper: Avoid printing preload_links_header attribute for scripts (#11790)
• Maintenance: Upgrade to Rails 8 (#11793)
• Performance: Avoid queries for ServiceProvider with blank issuer (#11798)
• Scripts: Warn when data-pull is used locally (#11784)
• Source code: Remove gem dependency from mailer previews (#11791)

Upcoming Features

• Multi-Factor Authentication: Convert Security Key to Face or Touch Unlock when detected as platform authenticator (#11795)
• Socure: Add Idv::DocPiiForm check to Socure flow. (#11747)

RC 446

Bug Fixes

• Data Warehouse: Skip S3 upload if bucket name is blank (#11777)
• SAML: Return error when SAML year is invalid (#11766)

Internal

• In-person proofing: Cleaning up unused FSM code (#11578)
• Localization: Improve reliability of JavaScript string extraction (#11776)
• SAML: Adding SAML2025 files/refs (gitlab/TeamRadia#270) (#11780)
• SMS support: Update parsing of supported countries for SMS (#11774)

Upcoming Features

• Multi-Factor Authentication: Update alternative content for Face/Touch recommended test (#11769)
• socure: Try again if socure url not found (#11770)

RC 445

User-Facing Improvements

• Accessibility: Improve step indicator legibility at high text zoom levels (#11758)

Internal

• AAMVA: Hardens AAMVA maintenance window definitions and test coverage (#11753)
• CI: Fix job that checks pinpoint config (#11772)
• Dependencies: Update dependencies to latest versions (#11761)
• Doc Auth Socure: Add config variable for maximum allowed socure users (#11755)
• Email: Create client pool and retry instance profile credentials when sending emails via SES (#11765)
• Error Reporting: Do not report LexisNexis or AAMVA exceptions to NewRelic (#11760)
• Feature Flags: Fix feature flag checks so that they allow subdomains of identitysandbox.gov. (#11767)
• IdV flow: Simplify creation of Idv::ProofingComponents (#11742)
• In-person Proofing: Remove in_person_full_address_entry_enabled feature flag usage. (#11746) (#11746)
• Localization: Improve reliability of JavaScript string extraction (#11775)
• Maintenance: Move Faker gem from all environments to test (#11757)

Upcoming Features

• Document Authentication: AB vendor buckteing should default to configured default doc auth vendor (#11764)
• Identity Verification: Socure timeout provides hybrid users with options. (#11734)
• Requestable attributes: A claim that will allows SPs to request the user's UI locale was added (#11756)

RC 444

User-Facing Improvements

• In-person proofing: Removes post office closure alerts from barcode page and email (#11733)

Bug Fixes

• screen reader: Changing aria label for selfie capture (#11739) (#11739)

Internal

• AAMVA: Feature flags for conditionally sending attributes to AAMVA were removed (#11724)
• Analytics: Log analytics events for backup code reminder (#11738)

RC 443.1

Internal

• Dependencies: Update dependency to latest version (#11743)
• Performance: Reduce size of application stylesheet (#11745)

RC 443

User-Facing Improvements

• In-person proofing: Content and translation changes to Ready to Verify View and Email (#11687)
• Select email: Update content to be clearer for users in french and simplified chinese (#11729) (#11729)
• document capture upload: Disable drag and drop functionality if selfie required (#11728) (#11728)

Bug Fixes

• Code Revert: Revert changes introduced in 0d65152 (#11699)
• SAML Gem: Validates signature algorithm correctly (#11741) (#11741)
• Sign in: Bug fix for recaptcha failure not incrementing failed sign-in rate limiter (#11703)

Internal

• Analytics: Initiating SP issuer is logged on verify-by-mail code entry (#11713)
• CI: Pin Alpine image to 3.20 (#11723) (#11723)
• Dependencies: Update outdated package version pinning (#11722)
• Dependencies: Update dependencies to latest versions (#11720, #11721)
• Developer Experience: Don't require obsolete openssl-1.1 (#11731)
• Documentation: Fix documentation formatting (#11727)
• Identity Verification: Update maintenance windows for states (#11705)
• TrueID: Regex to parse the height from documents was adjusted (#11737)

Upcoming Features

• Doc Escrow: Add encryption and storage pieces (#11714)

RC 442.1

Reverts Previous Changes

• Attempts API: Implement ability to create and store Attempts API events (#11692)
• Maintenance: Update newrelic_rpm gem (#11699)
• Refactoring: Use more descriptive method last_sign_in_email_address (#11688)