RC 413

User-Facing Improvements

• Backup Codes: Add client-side pattern validation for backup codes (#11175)
• In-person proofing: State ID form workaround to improve user experience around aggressive browser autofill behavior (#11184)

Internal

• Analytics: Remove unused analytics events (#11215)
• Analytics: Remove redundant analytics compacting (#11213)
• Automated Testing: Run automated accessibility tests for account pages (#11191)
• Code Quality: Simplify and standardize card styling (#11177)
• Data Normalization: Add a backfill script to (#11180)
• DocAuth: Log receipt of Socure webhooks (#11183)
• Forms: Support changing error strings after ValidatedFieldElement connected (#11207)
• In-person proofing: The "Exit Login.gov" button on (#11211)
• In-person proofing: Scrub sponsor id from logs (#11135)
• SAML: Update saml_idp version to 0.22.0 (#11192)
• doc auth: Adding selfie attempts to doc auth image upload vendor submitted event log (#11163)
• i18n: Look for "invalid" characters in our i18n strings (#11185)
• reporting: Fix flaky test failures (#11214)

Upcoming Features

• Fraud Prevention: Assign reCAPTCHA A/B test bucket for missing user (#11210)
• Fraud Prevention: Add CSP allowlisting for reCAPTCHA at sign in (#11201)
• Partner Email Select: Improve accessibility labeling for email selection fields (#11212)

!!! Invalid Changelog Entries !!!
LG-14196 | idv_consent_given -> idv_consent_given_at (#11168)

RC 412

Internal

• Accessibility Tests: Run Axe scan against all WCAG 2.0-2.2 A & AA (#11189)
• Logging: Log more context of contextless KMS (#11199)
• Logging: Don't log "[REDACTED]" fields in TMX response since they are useless (#11158)
• Performance: Reduce size of application stylesheet (#11176)
• Performance: Use picture element to avoid unnecessary image load (#11182)
• Performance: Optimize code conditions to avoid unnecessary database queries (#11197)
• Refactoring: Refactor saml_request.requested_ial_authn_context calls to single place (#11160)

Upcoming Features

• Partner Email Selection: Update layout arrangement for connected accounts (#11181)
• Partner Shared Email: Add option to change selected email shared with partner (#11196)
• Partner account: Select email to share with partner (#11172)

RC 411

User-Facing Improvements

• Connected Accounts: Return user to connected accounts when cancelling revocation (#11178)

Internal

• Dependencies: Update dependency to resolve security advisory (#11173)
• Logging: Log the context of contextless KMS (#11174)
• Reporting: Update LG-99 Report Layout (#11166)
• Webauthn Setup: Add aaguid for webauthn configuration (#11138)

Upcoming Features

• Fraud Prevention: Implement configurable percent tested reCAPTCHA at sign-in (#11148)
• Identity verification: Add background job for Socure KYC proofing (#11139)

RC 410.1

Merge pull request #11171 from 18F/stages/rc-2024-08-29-patch-1

Deploy RC 410.1 to production

RC 410

User-Facing Improvements

• Consent Screen: Standardize and simplify content for consent screen (#11147)

Bug Fixes

• In-Person proofing: Update profile.in_person_verification_pending_at timestamp to nil when the enrollment gets cancelled in the get_usps_proofing_results_job (#11149)

Internal

• Alerting: Model DMV maintenance windows in code (#11142)
• Authentication: Add aaguid to webauthn configuration (#11161) (#11161)
• Dependencies: Update dependency to resolve security advisory (#11159)

Upcoming Features

• Authentication: Piv filtering via domains (#10976)
• Partner account: Select email to share with partner (#10951)

RC 409.1

The release includes the changes from RC 409 (ref) with a bug-fix from #11153

RC 409

User-Facing Improvements

• Partner account: Database migration for 10951 (#11131) (#11131)
• Reporting: IdV, Add in-person proofing completion count to the weekly report that lists IdV completion statistics (#11075)

Bug Fixes

• Document Authentication: Fix mock client metadata (#11150)
• In-person proofing: Addresses error that occurs when pii is nil in verify info controller (#11065)

Internal

• Fraud prevention: Include associated user_id in event disavowal (#11140)
• Maintenance: Update rexml gem (#11132)
• Performance: Remove unnecessary use of DOMContentLoaded (#11127)
• Reporting: Update APG Report with Current Month (#11128)
• Reporting: Further stagger the delay of reporting jobs so we don't overwhelm other systems (#11116)
• Source code: Update lint rules (#11144)
• accuant capture: Refactor variable name (#11133)

Upcoming Features

• Doc Auth: Add secret validation for socure webhook (#11118)

RC 408

User-Facing Improvements

• Completions: Use standardized logo image for consent screen (#11120)
• Marketing Site: Update links to marketing site (#11086)

Bug Fixes

• Reporting: Add handling for error seen first day of the month (#11121)

Internal

• A/B testing: Rework A/B testing system (#11026)
• Code Quality: Remove feature flag for baseline email functionality (#11107)
• Continuous Integration: Improve performance of install step in continuous integration images (#11110)
• Dependencies: Update dependency to resolve security advisory (#11123)
• Performance: Optimize loading of Digital Analytics Program script (#11097, #11126)
• Reporting: Reduce threading and increase time slice default values for LG-99 Report (#11115)
• Reporting: Add AAL3 usage to protocols report (#11119)

Upcoming Features

• Identity verification: Implement proofer for Socure KYC (#11093)

RC 407

User-Facing Improvements

• Consent Screen: Arrange email as first item in IdV consent screen (#11113)
• In-person Proofing: Ensure EIPP enrollments are expired (#11085)
• Performance: Use defer for non-critical scripts (#11096)

Internal

• Automated Testing: Enforce YAML normalization for application.yml.default (#11106)
• Automated Testing: Improve reliability of automated tests (#11109)
• Automated Testing: Add 50/50 state integration (#11090)
• CI: Adding labels to kubernetes resources for easier tracing (#11081)
• Code Quality: Refactor backup code verification to follow conventional form pattern (#11089)
• Code Quality: Changed variable name (#11102)
• Code Quality: Change name of class and references (#11098)
• Code Quality: Renamed DocumentsStep to DocumentsAndSelfieStep (#11092)
• Configuration: Do not write config file by default on boot (#11100)
• Dependencies: Update dependencies to latest versions (#11103)
• Documentation: Link consistently to default application configuration (#11111)
• Documentation: Remove reference to frontend interest group team in contributing guide (#11108)
• Documentation: Document analytics methods properties (#11099)
• In-Person Proofing: Fix bug where user gets locked out of account after in_person_enrollment expires (#11105)
• Rate Limiting: Enforce additional user IP rate-limiting on backup code submission (#11094)
• Reporting: Adds some DIVR content to MKMR (#11072)

Upcoming Features

• Adding Socure support: Created a webhook for Socure to invoke during IdV (#11101)
• Doc Auth: Create feature flag for future use (#11114)

RC 406

User-Facing Improvements

• Authentication: Update authentication method links (#11047)

Internal

• Automated Testing: Use faster default driver for feature tests not requiring JavaScript (#11077)
• Configuration: Add redundancy checks to YAML configuration file (#11082)
• Dependencies: Update aws-sns-sdk gem (#11084)
• Documentation: Remove pii_like_keypaths from documented analytics properties (#11078)
• Documentation: Document authentication analytics events properties (#11076)
• Logging: Log unused_identity_config_keys event as JSON (#11080)
• Marketing Site: Add metadata to redirect URLs (#10889)
• Proofing Metrics: Optimized proofing query (#11083)
• Reporting: Stagger Cloudwatch-heavy report jobs so they don't hit rate limits (#11030)