RC 385

User-Facing Improvements

• Authentication: Translation updates from previous sprint (#10669)

Internal

• CI: Handle multiple kube contexts (#10715) (#10715)
• Code Quality: Remove unused analytics methods (#10718)
• OIDC: Remove gate allowing backward compatabilty for x509:presented attr value (#10701)
• Reporting: Refine Protocols report (#10699)
• Reporting: Key metrics count (#10710)
• Source code: Update RuboCop lint rules (#10716)
• Source code: Unify related classes (#10720)

RC 384

RC 384 is a redo of RC 383

• Without SAML name ID changes (#10629)
• With #10706 and #10696 added

Bug Fixes

• Code Revert: Revert changes introduced in fb74d7b (#10627)
• Code Revert: Revert changes introduced in 30cb0f3 (#10629)
• Code Revert: Revert changes introduced in 6c16f7a

Internal

• Analytics: Remove track_mfa_submit analytics pass-through method (#10679)
• Code Quality: Remove unused code (#10705, #10706)
• Code Quality: Remove unused feature flags (#10693)
• Dependencies: Update dependencies to latest versions (#10698)
• Document Authentication: Add zipcode to analytics events (#10696)
• FormObject normalization: Updates the HowToVerify flow (#10682)
• Performance: Reduce size of application stylesheet (#10703)
• Reporting: Key metrics count (#10691)

RC 383

Warning

This release was rolled back

User-Facing Improvements

• SAML: Validate requested NameID formats and return appropriate response (#10629)

Internal

• Analytics: Remove track_mfa_submit analytics pass-through method (#10679)
• Code Quality: Remove unused code (#10705)
• Code Quality: Remove unused feature flags (#10693)
• Dependencies: Update dependencies to latest versions (#10698)
• FormObject normalization: Updates the HowToVerify flow (#10682)
• Performance: Reduce size of application stylesheet (#10703)
• Reporting: Key metrics count (#10691)

RC 382

User-Facing Improvements

• Account Management: Prompt user to confirm setting up backup codes from account page (#10685)
• Authentication: Translations fixing for DOS (#10642)
• Authentication: Update translations (#10651)
• Doc Auth: Simpliefied Chinese translations (#10557)
• IdV: Update translations for agreement step screen (#10675)
• In-person proofing: Update translations for Opt-in IPP non-biometric (#10428)

Bug Fixes

• Code Revert: Revert changes introduced in 97e5c06 (#10689)
• Selfie: Fix problem with focus jumping for screenreader while capturing selfie (#10668)

Internal

• Code Quality: Remove unused Step Indicator component styles (#10661)
• Continuous Integration: Fix command for review app configuration in GitLab job (#10667)
• Design System: Use design system centered variant for banner (#10663)
• Doc Auth: Add tests for resubmit h1 and body copy (#10674)
• Document Authentication: TrueIDReponse successful if transaction status passes (#10427)
• FormObject: Fix usage in AgreementController (#10652)
• Identity verification: Send issue + expiry date to AAMVA (#10653)
• In-Person Proofing: Prevent get usps proofing results job spec to pass when enrollment status by email is enabled (#10671)
• Logging: Log whether the state ID issue/exp dates are present. (#10658)
• Performance: Verify and consume backup code in single database transaction (#10687)
• Performance: Optimize size of fonts to include only content character data (#10655)
• Performance: Reduce path size for static assets (#10677)
• Performance: Delete and regenerate backup codes in a single transaction (#10686)
• Performance: Avoid outputting font-face for unused light font weight (#10673)
• Reporting: Added new billing report fields (#10683)
• Source code: Remove unused scripts (#10579)
• in-person-proofing: Rename skip_doc_auth (#10672)

Upcoming Features

• Aggregated Sign-In Message: Fix aggregated new device sign-in for expired session (#10628, #10678)

RC 381

User-Facing Improvements

• Doc Auth: Fix error messaging for case of multiple errors (#10635)
• GPO verify: Improved letter enqueued language (#10611)
• IdV: Remove Get Help CTA from non fraud screens (#10639)
• Layout: Error message on IdV code entry now is full width. (#10643)

Internal

• Automated Testing: Remove unused spec user factory traits (#10645)
• Build Tooling: Use SHA256 for JavaScript subresource integrity (#10647)
• CI: Set env for reviewapp deployment (#10657) (#10657)
• Internationalization: Fix language picker when displaying in Chinese (Simplified) (#10656)
• Maintenance: Update rexml gem (#10641)
• Rate Limiting: Use configured locales when building path-based rate limits (#10636)
• Reporting: Fix the date range nil check for both billing reports (#10634)
• Security: Add subresource integrity for design system initializer script (#10648)
• Translations: Update translations for language pickers (#10640)

Upcoming Features

• Chinese Language: Fix content for Chinese verified text (#10654)

RC 380

Internal

• Authentication Funnel Report: Remove AAL2 lines from Auth Funnel report (#10622)
• Code Quality: Improve readability of view form code (#10610)
• Continuous Integration: Upgrade to Ruby 3.3.1 (#10609)
• Dropoff Report: Make Dropoff Report able to be sent automatically (#10399, #10630, #10631)

Upcoming Features

• Biometrics: Modified UX/Content on How to Verify view conditionally for biometrics (#10524)

RC 379

User-Facing Improvements

• Authentication: Update language to DoS standards (#10461)
• Please call email: Add zh translation (#10588)

Bug Fixes

• Forms: Disable autocomplete consistently for all forms (#10604)
• New Device Detection: Extend duration of permanent device cookie on every user event (#10606)
• Security: Support POST for OIDC RP-Initiated Logout 1.0 (#10573)
• Sign In: Fix typo for error message on exceeded sign-in attempts (#10590)
• State id: Check ssn so view is not changed to update erroneously (#10567)

Internal

• Analytics: Adds property to SP redirect initiated event (#10560)
• Analytics: Include user_id in piv_cac_login event (#10584)
• Automated Testing: Fail build on unnecessary allowed_extra_analytics (#10571, #10617)
• Continuous Integration: Upgrade to Ruby 3.3.1 (#10609)
• Doc Auth: Clean up exit survey (#10572)
• DocAuth: Remove outdated Acuant SDK version (#10582)
• IdV: Fix error Identity report job with empty email array (#10577)
• Internationalization: Add consistency checks for whitespace in internationalization (#10583)
• OpenID Connect: Respect openid_connect_content_security_form_action_enabled configuration on client-side redirects (#10603)
• Performance: Optimize preload response headers to prioritize critical assets (#10612)
• Post office search spec: Remove unused arcgis test (#10607)
• Reporting: New billing_report_v2 with partner (#10613)
• Reporting: Update specs and unique partner helper (#10556)
• Reporting: Create protocols report (#10537)
• Reporting: Create LOA ACR requests report (#10562)
• Security Tooling: Configure Dependabot for security updates, major Stylelint releases (#10576, #10585, #10589, #10601)
• Source code: Reformat i18n files to simplify merges (#10503)
• Source code: Update internationalization specs (#10580)
• Spam Mitigation: Add resource hints to improve load speed for reCAPTCHA (#10616)
• Tech Debt: Renames CaptureDocStatusController to LinkSentPollController (#10615)
• Tests: Improve test message for unused allowed untranslated keys (#10574)
• in-person-proofing: Add new skip_doc_auth name (#10586) (#10586)
• in-person-proofing: Add new skip_doc_auth name (#10605)

RC 378

User-Facing Improvements

• Identity Verification: Updates the step indicator on all IdV paths. (#10353)
• redirect: Redirect user when canceling after first method setup (#10405)

Internal

• Build Tooling: Resolve nested selectors with Stylelint selector-class-pattern configuration (#10563)
• Build Tools: Replace stylelint-config-recommended-scss with stylelint-config-standard-scss (#10564)
• Dependencies: Update dependencies to latest versions (#10559, #10569, #10570)
• Document Authentication: Remove implementation of document escrow (#10561)
• Documentation: Document additional analytics events properties (#10548)
• IdV: Add Proofing Rate Metrics to IdentityVerificationReport and rename metrics names (#10566)
• In-Person Proofing: Remove hardcoded prod block for selfie feature (#10516)
• Spam Mitigation: Annotate reCAPTCHA assessments with MFA results (#10522)
• State id: Update route for controller version (#10507)
• Vector of Trust: Removed use of sp_session[:biometric_comparison_required] (#10531)

RC 377

User-Facing Improvements

• Identity verification: Update spanish LQA translation on agreement step (#10558)
• Identity verification: Don't tell users to request a new verify by mail letter when they can't. (#10534)
• Selfie: Fix inline error text above selfie box (#10513)
• Identity Verification, A/B test to try out 10-digit OTP for Identity Verification (#10480)

Internal

• CI: Fix typo in .gitlab-ci.yml for pivcac address (#10547)
• Code Quality: Remove unused method (#10553)
• Code Quality: Fix typos in code naming (#10554)
• Code Quality: Remove unused code (#10544)
• Component Previews: Support localization for component previews (#10542)
• Database: Drop unused column (#10551)
• Dependencies: Update dependencies to latest versions (#10550)
• Logging: Adding dn uuid to logging dn configuration for easier cross pki logging (#10512)
• Translations: Update existing translations for French and Spanish (#10191)
• UspsAuthTokenRefreshJob: Rescue Faraday::ServerError (#10533)
• reCAPTCHA: Refactor reCAPTCHA validator as form model (#10540, #10549)
• reCAPTCHA: Configure reCAPTCHA score threshold for local development (#10543)
• reviewapps: Remove postgres creds to make latest version of (#10539)

RC 376

User-Facing Improvements

• Doc Auth: Camera permission messages. (#10379)
• MFA: Remove backup code pre-warning from setup flow (#10088)

Internal

• Continuous Integration: Fix Pinpoint Maintenance Script (#10532)
• Dependencies: Update dependencies to latest versions (#10535)
• Doc Auth: Analytics log for birth year (#10511)
• IdV: Rename letter_reminder and gpo_reminder (#10528)
• Identity verification: Remove biometric_comparison_required query param (#10526)
• Reporting: Add new columns to spreturnlogs (#10510)
• reviewapps: Update env to use new helm chart config format (#10525)