RC 377

User-Facing Improvements

• Identity verification: Update spanish LQA translation on agreement step (#10558)
• Identity verification: Don't tell users to request a new verify by mail letter when they can't. (#10534)
• Selfie: Fix inline error text above selfie box (#10513)
• Identity Verification, A/B test to try out 10-digit OTP for Identity Verification (#10480)

Internal

• CI: Fix typo in .gitlab-ci.yml for pivcac address (#10547)
• Code Quality: Remove unused method (#10553)
• Code Quality: Fix typos in code naming (#10554)
• Code Quality: Remove unused code (#10544)
• Component Previews: Support localization for component previews (#10542)
• Database: Drop unused column (#10551)
• Dependencies: Update dependencies to latest versions (#10550)
• Logging: Adding dn uuid to logging dn configuration for easier cross pki logging (#10512)
• Translations: Update existing translations for French and Spanish (#10191)
• UspsAuthTokenRefreshJob: Rescue Faraday::ServerError (#10533)
• reCAPTCHA: Refactor reCAPTCHA validator as form model (#10540, #10549)
• reCAPTCHA: Configure reCAPTCHA score threshold for local development (#10543)
• reviewapps: Remove postgres creds to make latest version of (#10539)

RC 376

User-Facing Improvements

• Doc Auth: Camera permission messages. (#10379)
• MFA: Remove backup code pre-warning from setup flow (#10088)

Internal

• Continuous Integration: Fix Pinpoint Maintenance Script (#10532)
• Dependencies: Update dependencies to latest versions (#10535)
• Doc Auth: Analytics log for birth year (#10511)
• IdV: Rename letter_reminder and gpo_reminder (#10528)
• Identity verification: Remove biometric_comparison_required query param (#10526)
• Reporting: Add new columns to spreturnlogs (#10510)
• reviewapps: Update env to use new helm chart config format (#10525)

RC 375

Internal

• Doc Auth: Analytics event for selfie image taken. (#10497)
• IdV: Remove effective user (#10446)
• In-Person Proofing: Enabled opt-in IPP in development (#10490)
• Internationalization: Increase strictness and improve ability to keep internationalization tests up-to-date (#10508)
• LexisNexis TrueID Response Mixins: The LexisNexis TrueID client read_pii was refactored to improve readability by removing the map that mapped keys in the LexisNexis TrueID response to keys in the eventual pii_from_doc return value and replacing it with a StateID struct constructor call where the keys and values were mapped inline with the exception of the state_id_type value which needs to be independently computed to map it to the appropriate string based on the value in the LexisNexis TrueID response. (#10515)
• Logging: Log event for new device alert job emails sent (#10506)
• Source code: Use shared logic for accessing config data (#10476)
• Vector of trust work: Pulled mfa_expiration_interval over to RememberDeviceConcern (#10504)
• analytics and IdV: Improved handling and logging for ThreatMetrix requests. (#10452)
• Add partner billing helper for building report (#10493)

RC 374

User-Facing Improvements

• Document Capture: Make the field error part of the label so it's read by a screen reader (#10443)
• In-person proofing: Rename route for in person proofing address controller (#10435)
• In-person proofing: Preload selfie scripts to speed up selfie capture screen loading (#10363)
• Metadata: Remove SingleLogoutService from SAML metadata (#10453)
• Selfie: Change hint text update calls so user will have more relevant hint text (#10332)

Bug Fixes

• Code Revert: Revert changes introduced in 27b14e2 (#10363)
• Code Revert: Revert changes introduced in 31fc1d9 (#10417)
• Regenerate Backup Codes: Fix issues linking to confirm regenerating backup codes (#10464, #10468)

Internal

• Configuration: Allow configuration of available locales (#10472)
• Dependencies: Update dependencies to latest versions (#10477)
• Doc Auth: Analytics event for selfie retake. (#10469)
• Doc Auth: Analytics for selfieAttempts. (#10456)
• Routing: Remove temporary redirect route (#10467)
• Source code: Simplify user-updating code (#10479)
• Source code: Clean up nondeterministic migration code (#10473)
• Spam Mitigation: Remove reCAPTCHA checkbox fallback for failed invisible assessment (#10454)
• State id: Add controller version of page (#10457)

Upcoming Features

• Auth: Migration for password compromised check (#10392)

RC 373

User-Facing Improvements

• Please call email: Update translations (#10202)

Bug Fixes

• Components: Fix flash of accordion content during page load (#10458)
• Spam Mitigation: Allow form submission when reCAPTCHA fails to load (#10449)

Internal

• Database: Remove unused column from users table (#10429)
• Doc Auth: Update analytics event for selfie image clicked. (#10438)
• Doc Auth: Fix typo of portrait. (#10451)
• code cleanup: Renamed various selfie methods tobiometric_comparison, because that's what we really mean. (#10437)

Upcoming Features

• Auth: Migration for password compromised check (#10425)

RC 372

User-Facing Improvements

• Biometrics: Improved language on getting started page. (#10352)

Bug Fixes

• Forgot Password: Preserve service provider metadata through password reset unrecognized email (#10434)

Internal

• Analytics: Track the delivery method for phone OTP codes. (#10442)
• Configuration: Remove short_term_phone_otp_rate_limiter_enabled configuration key (#10432)
• Database: Remove unused column from users table (#10431)
• Dependencies: Update dependencies to resolve security advisories (#10430)
• Dependencies: Update Redis gems (#10426)
• Local Development: Remove "fast" versions of setup and test tasks (#10424)
• Optimization: Reduce size of common application stylesheet (#10394, #10418, #10419)
• Source code: Remove PostGIS references (#10410, #10413)
• Spam Mitigation: Remove exceptions for client-side reCAPTCHA execute (#10408)
• local development: Remove Docker for local development (#10422)

Upcoming Features

• Document Authentication: Add help center articles assisting user failing selfie match (#10415)
• Sign In: Send single aggregated email notification for new device sign-in (#10370, #10421, #10436)

RC 371

User-Facing Improvements

• Doc Auth: Page content changes for document and selfie capture. (#10348)
• Login Design System Component: Login-button embed styles for partner use (#10387)
• PIV/CAC: Add PIV interstitial page for gov emails (#10282)

Bug Fixes

• In-Person Proofing: Check all threatmetrix config values where necessary (#10391)
• Sign Up: Avoid prompting for Rules of Use on resent email confirmation (#10404)

Internal

• Code Quality: Remove unused session helper testing code (#10384)
• Doc Auth: Add analytics event for tracking unexpected sdk error (#10368)
• FSM: Add state id feature flag (#10409)
• File Structure: Consolidate raster images into email assets directory (#10389)
• Geocoder: Avoid initializing geocoder in test environments (#10398)
• Logging: Add logging of user camera resolution for document capture page (#10227)
• SAML: Bump to latest saml-idp version (#10396)
• Webauthn: Specify hints for webauthn security key enrollment (#10382)

Upcoming Features

• Document Authentication: Add alt text to selfie checkmark image for screenreaders (#10401)
• In-person-proofing: Add new value for idv_level on profile (#10371)

RC 370

User-Facing Improvements

• Accessibility: Add support for reduced motion for security key image animation (#10376)
• Authentication: Update security key setup form (#10323)

Internal

• AB Tests: Remove Doc Auth Fallbacks (#10356)
• Automated Testing: Check duplicate element IDs in accessibility tests (#10362)
• Automated Testing: Fix manifest cache for local JavaScript feature tests (#10365)
• Build Tooling: Fix Sass compilation rebuild after error (#10377)
• Configuration: Improve CSV parsing for configuration values (#10358)
• Database: Optimize event disavowal query to load single record into memory (#10372)
• Dependencies: Update dependencies to latest versions (#10374)
• Dependencies: Update dependencies to resolve security advisories (#10369)
• Documentation: Update component document to describe stylesheet auto-loading (#10375)
• Fraud Detection Prevention: Time interval worker for aggregation of new device emails (#10317)
• Logging: Update dependency (#10364)
• Performance: Freeze constants (#10340)
• Rate Limiting: Add short-term rate limit as delay between OTP sends (#10360)
• Testing: Consolidate identity verification accessibility tests to improve test speed (#10359)

Upcoming Features

• Sign In: Send single aggregated email notification for new device sign-in (#10314)

RC 369

User-Facing Improvements

• Dialog: Improve native browser compatibility and asset size of modal component (#10286)

Internal

• Automated Testing: Resolve flakey test failures for PIV CSP assertions (#10355)
• Configuration: Improve CSV parsing for configuration values (#10354)
• Dependencies: Upgrade dependencies to latest versions to resolve security advisories (#10350)
• Performance: Add frozen_string_literal Rubocop Rule (#10342)
• Session: Simplify session with trust check to only consider user (#10290)

RC 368

User-Facing Improvements

• Doc Auth: Add Acuant SDK v11.9.3 files + update docs (#10283)
• Doc Auth: Allow user select IPP if available from handoff page. (#10267)
• Messages: Use the American spelling of canceled consistently (#10320)
• PIV/CAC: Piv Migration for added check on user (#10315)
• how to verify page: Update content (#10289)

Bug Fixes

• In-Person Proofing: Fix spec failures related to changes to how to verify page (#10345)
• In-Person Proofing: Show the user the correct screen when they fail ipp with fraud review pending (#10333)
• Selfie: Show missing hint text for users on Android/Chrome (#10339)

Internal

• Analytics: Additional features for analytics log testing (#10334)
• Bug Fix: Remove Rack::ContentLength from being loaded outside of Rails (#10331)
• Data Reporting: Adds Workflow Complete - Total Pending to the Drop Off Report (#10312)
• Dependencies: Update dependencies to latest versions (#10313)
• Identity verification: Include profile metadata in analytics logs (#10270)
• Performance: Refactor component values into constant (#10336)
• Performance: Convert a few classes to be more thread-safe (#10337)

Upcoming Features

• Account reset: Dont let account reset fraud users (#10189)
• In-person proofing: Added Cancel link to the how to verify view that is currently turned off (#10330)