RC 409

User-Facing Improvements

• Partner account: Database migration for 10951 (#11131) (#11131)
• Reporting: IdV, Add in-person proofing completion count to the weekly report that lists IdV completion statistics (#11075)

Bug Fixes

• Document Authentication: Fix mock client metadata (#11150)
• In-person proofing: Addresses error that occurs when pii is nil in verify info controller (#11065)

Internal

• Fraud prevention: Include associated user_id in event disavowal (#11140)
• Maintenance: Update rexml gem (#11132)
• Performance: Remove unnecessary use of DOMContentLoaded (#11127)
• Reporting: Update APG Report with Current Month (#11128)
• Reporting: Further stagger the delay of reporting jobs so we don't overwhelm other systems (#11116)
• Source code: Update lint rules (#11144)
• accuant capture: Refactor variable name (#11133)

Upcoming Features

• Doc Auth: Add secret validation for socure webhook (#11118)

RC 408

User-Facing Improvements

• Completions: Use standardized logo image for consent screen (#11120)
• Marketing Site: Update links to marketing site (#11086)

Bug Fixes

• Reporting: Add handling for error seen first day of the month (#11121)

Internal

• A/B testing: Rework A/B testing system (#11026)
• Code Quality: Remove feature flag for baseline email functionality (#11107)
• Continuous Integration: Improve performance of install step in continuous integration images (#11110)
• Dependencies: Update dependency to resolve security advisory (#11123)
• Performance: Optimize loading of Digital Analytics Program script (#11097, #11126)
• Reporting: Reduce threading and increase time slice default values for LG-99 Report (#11115)
• Reporting: Add AAL3 usage to protocols report (#11119)

Upcoming Features

• Identity verification: Implement proofer for Socure KYC (#11093)

RC 407

User-Facing Improvements

• Consent Screen: Arrange email as first item in IdV consent screen (#11113)
• In-person Proofing: Ensure EIPP enrollments are expired (#11085)
• Performance: Use defer for non-critical scripts (#11096)

Internal

• Automated Testing: Enforce YAML normalization for application.yml.default (#11106)
• Automated Testing: Improve reliability of automated tests (#11109)
• Automated Testing: Add 50/50 state integration (#11090)
• CI: Adding labels to kubernetes resources for easier tracing (#11081)
• Code Quality: Refactor backup code verification to follow conventional form pattern (#11089)
• Code Quality: Changed variable name (#11102)
• Code Quality: Change name of class and references (#11098)
• Code Quality: Renamed DocumentsStep to DocumentsAndSelfieStep (#11092)
• Configuration: Do not write config file by default on boot (#11100)
• Dependencies: Update dependencies to latest versions (#11103)
• Documentation: Link consistently to default application configuration (#11111)
• Documentation: Remove reference to frontend interest group team in contributing guide (#11108)
• Documentation: Document analytics methods properties (#11099)
• In-Person Proofing: Fix bug where user gets locked out of account after in_person_enrollment expires (#11105)
• Rate Limiting: Enforce additional user IP rate-limiting on backup code submission (#11094)
• Reporting: Adds some DIVR content to MKMR (#11072)

Upcoming Features

• Adding Socure support: Created a webhook for Socure to invoke during IdV (#11101)
• Doc Auth: Create feature flag for future use (#11114)

RC 406

User-Facing Improvements

• Authentication: Update authentication method links (#11047)

Internal

• Automated Testing: Use faster default driver for feature tests not requiring JavaScript (#11077)
• Configuration: Add redundancy checks to YAML configuration file (#11082)
• Dependencies: Update aws-sns-sdk gem (#11084)
• Documentation: Remove pii_like_keypaths from documented analytics properties (#11078)
• Documentation: Document authentication analytics events properties (#11076)
• Logging: Log unused_identity_config_keys event as JSON (#11080)
• Marketing Site: Add metadata to redirect URLs (#10889)
• Proofing Metrics: Optimized proofing query (#11083)
• Reporting: Stagger Cloudwatch-heavy report jobs so they don't hit rate limits (#11030)

RC 405

User-Facing Improvements

• Enhanced In-person proofing: Added EIPP Expiration Date for Enrollments (#11068)

Bug Fixes

• Accessibility: Remove confusing and duplicate external link announcement (#11048)
• Accessibility: Improve content for email language preference hint (#11066)
• Accounts: Refactor presenter pending_ conditionals to account for cases of password-reset (#11054)
• SAML implementation: Fix validation namespace issues (#11064) (#11064)

Internal

• Analytics: Avoid sending nil values for analytics events (#10987)
• Analytics: Add internal documentation for analytics methods (#10966)
• Analytics: Use redirect logging controller for Privacy Act links (#11062)
• Automated Testing: Fix spec expectation of issue_year logging (#11058)
• Code Quality: Improve readability of automated test analytics assertions (#11012)
• Code Quality: Remove lingering code related to IRS reproofing (#11055)
• Continuous Integration: Improve Image Build Caching (#11063)
• Error Handling: Avoid duplicating ActiveJob's retry machinery (#11061)
• In-person Proofing: Ensure the USPS schedule (#11034)
• Maintenance: Update to Ruby 3.3.4 (#10998)
• Source code: Update dependencies (#11067)
• Suspension Metrics: Add suspension and reinstatement metrics to lg99 report (#11069)
• Tooling: Update uuid-convert script to handle deleted users (#11071)

RC 404

User-Facing Improvements

• Authentication: Auth setup 2nd mfa lists all options regardless of SP (#11029)
• IdV: Remove inaccurate text about being able to verify phone numbers from US territories (#11036)
• In-person Proofing: Fix usps proofer bug (#11042)
• Mailers: Update alerts in mailers to align to match design system (#11039)
• Accessibility: Add h1 header to account reset pending screen (#11040)

Bug Fixes

• WebAuthn: Fix WebAuthn hints to pass on public key credential options (#11050)

Internal

• Analytics: Add support for Privacy Act brochure site redirect logging (#11031)
• Code Quality: Align MfaPolicy spec filename to described class (#11046)
• Code Quality: Remove asset tag helper patch assigning empty image alt (#11044)
• IdV logging: Added issue_year of ID (#11024)
• SAML implementation: Adding tests to ensure understanding around responses (#11035)
• Testing: Add test coverage for expected reCAPTCHA sign-in logging (#11037)

RC 403

User-Facing Improvements

• 508 compliance: Updated Acuant SDK for better selfie capture experience with screen readers. (#11011)
• Account Deletion: User Mailer changed to be clearer (#11033)
• Document Authentication: Vaidate state ID expiration date (#10995)
• PIV/CAC: Standardize PIV/CAC language (#10969)

Bug Fixes

• Page Layout: Fix spacing on PIV/CAC login screen (#11032)

Internal

• Analytics: Limit analytics CSP revisions to necessary entries (#11021)
• Automated Testing: Remove OIDC form-action CSP assertions from account creation specs (#11025)
• CI: Update formatting for messages to Slack (#11022)
• Dependencies: Update dependency to resolve security advisory (#11020)
• In-person proofing: Make sponser_id on in_person_enrollments non-nullable (#11015) (#11015)
• In-person proofing: Remove deprecated address routes (#11016)
• Maintenance: Update knapsack report (#10997)
• Rate Limiting: Enforce additional user IP rate-limiting on sign-in (#10982)
• SAML: Updates to saml_idp version that reduces complexity (#11017)
• kubernetes support: Update RDS CA bundle to support new encryption policy (#11023)

Upcoming Features

• Enhanced In-person Proofing: Update Ready to Verify View and Email template to include Tag and Real ID Content (#10996)
• IdV with Biometric Comparison: Supporting biometric acr in SAML (#11013)

RC 402

User-Facing Improvements

• Backup Codes: Deemphasize backup codes (#10970)
• In-person Proofing: Display newer survey in English-language completion emails (#10994)
• In-person proofing: Barcode page updates to add alert and remove a line (#11005)

Internal

• Automated Testing: Assert logged events using have_logged_event (#11001, #11010)
• Biometric Comparison: Clean up old, unused methods (#11007)
• Continuous Integration: Use ECR for Redis and Postgres images (#11009)
• Doc Auth: Remove code from outdated Acuant versions (#11006)
• In-person proofing: Standardize logging for opted in ipp true/false values (#10983)
• Maintenance: Update Ruby dependencies (#10999)

Upcoming Features

• Aggregated Sign-in Emails: Avoid new device email for reauthentication from new account (#10978)

RC 401

User-Facing Improvements

• Doc Auth: Failed doc auth offers IPP offramp (#10903)

Bug Fixes

• Accessibility: Use aria-hidden for decorative SVG images (#10986)

Internal

• Automated Testing: Improve performance of PIV IdV sign-in spec (#10967)
• Automated Testing: Fix flakey IAA Agreements spec (#10989)
• CI: Change DNS zone for review apps to reviewapps (#10961)
• Code Quality: Sort keys in application.yml.default (#10981)
• Components: Use ActiveModel validations for components (#10971)
• In-person proofing: Set the sponsor_id field on (#10984)
• In-person proofing: Add enhanced_ipp property to (#10962)
• Maintenance: Remove unused methods (#11000)
• Source code: Add and fix predicate naming lint (#10990)

Upcoming Features

• Authentication: Recaptcha Sign in (#10944)
• Authentication: Let users who's passwords are compromised to change their password (#10861)
• Enhanced In-Person Proofing: Content Updates For Ready to Verify View and Email for EIPP (#10974)
• IdV with Biometric Comparison: Adding acr_values (#10993)
• In-person proofing: Backfill sponsor id again (#10988)

RC 400

Bug Fixes

• Help Links: Fixed a broken link on the document capture page (#10968)
• PIV Enrollment: Fix reprompt when reauthenticating to add PIV after sign-in (#10918)

Internal

• Analytics: Log new_device with email and password authentication event (#10965)
• IdV: Add doc_auth_result to in_person enrollments table (#10950)
• Performance: Avoid unnecessary seconds conversion before to_i (#10979)
• Reporting: Ensure parameter correctness (#10973)
• doc-capture: Refactored step code in doc capture (#10933)

Upcoming Features

• Enhanced In-person proofing: Bypass secondary id check for EIPP (#10934)