RC 91

Features

• Send push notifications as OpenID RISC Event Types (#3206)
• Support option to proof with either State ID or CAC (#3221)
• Add support for backup SMS and Voice OTP provider Pinpoint (#3202, #3203, #3205, #3199, #3241)
• Rate limiting emails on unauthenticated forms to prevent abuse (#3228)

Service Provider Updates

• Add SP RRB - myRRB (#3212)
• Add additional DOT Delphi eInvoicing SP config (#3238)
• Add SP DOT - FMCSA - Drug and Alcohol Clearinghouse (#3211)

Bugs and Enhancements

• Stop sorting backup codes by ID (#3208)
• Create hashed and unhashed assets (#3209)
• Add usds fonts (#3216)
• Static page not found page (#3219)
• Update the knapsack report (#3207)
• Fix confusing placeholder phone number (#3220)
• Set the image and font path variables for USWDS (#3223)
• validating token not expired to prevent 500 errors on password validation (#3210)
• Remove unused assets (#3222)
• Fix expired link on email confirmation (#3226)
• Visually distinguish characters in backup codes and personal keys (#3231)
• Remove return to profile link from completions page (#3230)
• Add missing user UUID to doc auth proofing (#3232)
• es translation fixes (#3229)
• Update stale password digests as users sign in (#3227)
• fix default when editing phone (#3235)
• added idv_extra to resolution response (#3240)
• Fix state ID preview on ie 11 (#3239)

RC 90

Bugs and Enhancements

• More accurate geo-location for account events #3196
• Fix an issue where uploaded images appeared distorted on IE #3194
• Log an event immediately before SP handoff #3193
• Add the ability to export data in reports on a recurring basis #3189 #3188 #3190 #3165 #3167
• New design for the phone verification screen #3187
• Add IAL2 data sharing consent checkbox to the doc auth flow #3145

RC 89

Features

• Allow authentication with a PIV/CAC (#2815, #3114)
• Standardize success confirmation during 2FA setup (#3082)
• OMB Fitara report for stats on sign ups (#3121, #3131)
• SMS CTIA compliance (#3125, #3126, #3042)
• Add new titles for MFA setup option menus (#3127)
• Link to check SMS status on SMS error pages (#3134)
• New setup flow for backup codes (#3138)
• List browsers that support security keys on error (#3141)

Service Provider Updates

• Adds Touchpoints SP configuration (#3137)

Bugs and Enhancements

• Update copy on confirmation email (#3105, #3122)
• Phone setup enter OTP cancel behavior (#3103)
• fixed wording and translations for accuant throttling message (#3104)
• Add timeout for post to google analytics on backend (#3108)
• Use the AddEmailConfirmTokenValidator to validate that an email has n (#3107)
• Add ability to show deprecation warnings when using email attributes (#3113)
• Use email address table to confirm email during sign up (#3109)
• Remove pwned password feature flag and configs (#3116)
• Fix pwned passwords paths (#3119, #3120)
• added link to return to account/SP and converted slims into e… (#3110)
• Remove RegiserUserEmailForm from views that deal with resending email (#3111)
• Fix flickering push notification spec (#3123)
• Redesign check your email screen (#3118)
• Cleanup rubocop violations (#3128)
• Remove the phone setup presenter (#3129)
• Make the email attribute in the factories transient (#3132)
• Drop uniqueness constraint on user email fingerprint (#3133)
• No default checkbox on first phone setup (#3142)
• Fix backup codes copy button output on IE (#3136)
• Fix Backup codes download on IE (#3135)
• Make phone number non-editable (#3117)
• Redesign backup codes warning page (#3139)
• Redesign backup codes screen (#3140)
• Fix remember browser for first MFA (#3144)
• Fix copy on sign in selection list with backup codes (#3146)

RC 88

Features

• Allow a user to change their password directly from emails about a new phone added to their account (#3061)
• Prevent users from creating an account with passwords that are known to be compromised from password breaches (#3074 #3094)
• Add example state ID images to the doc auth proofing flow (#3090)

Service Provider Updates

• Add configuration for eCBP Gateway (#3071)
• Add configuration for BETA SAM (#3076)

Bugs and Enhancements

• Add additional alerting for failed background jobs (#3025)
• Initiate the account reset background job with new background job tooling (#3062)
• Fix a bug where a part of the “Add email” button was visible for users who could not add an email (#3073)
• Add additional instructions to account reset emails (#3070)
• Alert users about issues adding an email to an account sooner (#3075)
• Enable backup codes as soon as they are visible to the user instead of requiring the user to click “Continue” for them to work (#3044)
• Fix an issue where the back button did not work during identity proofing failure due to unsupported jurisdiction (#3056)
• Support additional ciphers for WebAuthn (#3086)
• Provide users with recommendations for what to do when add email fails (#3084 #3097)
• Warn users about consequences of deleting an email before they confirm deletion (#3085)
• Fix a bug where the request_id that appears in a sign up email sent to users may be incorrect (#3079)
• Fix bugs where the sign up completed page when appear when not necessary (#3069)
• Change the cancelation behavior on enter OTP screen during sign up to redirect to the options screen instead of aborting sign up (#3096)
• Don’t ask users who do not have a personal key to enter a personal key during account reset (#3100)

RC 87.1

Features

• Enable health checks on job run service. (#3025)
• Allow user to disavow new phone event (#3061)

Service Provider Updates

• Add eCBP SP configuration (#3071)
• Adds BETA SAM service provider config (#3076)

Bugs and Enhancements

• Move account reset notice into job_configurations. (#3062)
• Increase migration timeout to 10 minutes. (#3067)
• Remove visual remnants when you can no longer add emails (#3073)

RC 87

Features

• Show Steps During Sign Up (#3027)
• In Person Proofing Flow (#3031, #3039, #3042)
• Consolidate Text/SMS and Voice into one MFA option on signup (#3038)
• Make the phone option say "second phone" after setting up a phone (#3047)
• Show the last signed in email address on the account page (#3051)

Service Provider Updates

• Add GSA TTS OPP api.data.gov SP (#3023)
• Add NLRB My Account sp configuration (#3046)

Bugs and Enhancements

• Collocate phone rate limitting specs (#3033)
• Remove helper for entering the OTP from the db (#3035)
• Add international numbers to phone confirmation tests (#3036)
• Add knapsack rspec report (#3043)
• Fix logic to go to sign up completed page (#3048)
• Store signing_up session value in the user session (#3050)
• Change the text on the email address label (#3052)
• Fix Webauthn not visible on sign in (#3055)
• Redirect to SP after backup code only setup (#3057)
• Remove duplicate success message for PIV/CAC (#3053)
• Do not show TOTP success message if it is the first MFA method (#3054)
• Update node modules and gems (#3058)
• Log user uuid with OIDC token call (#3059)
• Fix French translation for "Email addresses" (#3060)
• Fix OIDC prompt=login automatic sign out after sign in (#3063)
• Update email address column after delete (#3064)

RC 86

Features

• Allow users to sign up with just backup codes enabled (#2970)
• Hide security key option on the MFA setup page for users who do not have JS enabled (#2997)
• Send an email to all confirmed emails on an account when an email is removed (#3007)
• Add an error message when a user tries to add an email that is already on their account (#3011)
• Improve the error message when a user tries to add the same phone number twice during sign up (#3016)
• Tell the user which MFA method they setup on the first MFA step during the second MFA step (#30120)
• Add a spinner during document upload during document authentication (#3021)
• Send users an email when a phone is added to their account (#3017)

Service Provider Updates

No service provider updates were made this release

Bugs and Enhancements

• Fix a 500 error on the SAML metadata endpoint (#2996)
• Fix an issue communicating server side analytics to Google Analytics (#2995)
• Fix a bug where users could change a phone number to the same number as an existing phone (#2992)
• Fix the cancel link on the second MFA setup screen (#2999)
• Fix an issue where signing in with the last backup code redirected to the account screen instead of the new backup code screen (#3000)
• Fix an issue with missing attributes on external links (#3001)
• Fix a bug where the “resend email” button would not work under certain conditions (#3002)
• Fix a cosmetic issue on the MFA options screen (#3009)

RC 85

Features

• Add an email address to an account (#2984)

Service Provider Updates

• Adds HHS.gov logo (#2988)

Bugs and Enhancements

• Make the PR age script take draft PRs into account (#2986)
• Test webauthn sign up for first and second mfa option (#2987)
• Improve the new registration 2nd MFA screen (#2980)
• Fix phone configuration index (#2989)

RC 84.2

Bugs and Enhancements

Fix account reset for users with one MFA (#2981)

RC 84.1

Service Provider Updates

Add new O&M staging environment for flag.dol.gov (#2961)

Bugs and Enhancements

Delete an email address (#2955)
Drop columns related to roles from the database (#2940)
Implement GPO mail job as rake task using RDS (#2919)
Remove the phone configuration consideration from 2fa options (#2964)
Add a generated at timestamp to backup codes (#2963, #2976)
Sign in with backup codes needs redirect to SP (#2966)
Fix supported webauthn protocols (#2967)
Show backup codes download button only on desktop (#2971)
Fix a bug parsing the GA cookie (#2975)
Mark local SAML rails SP as IAL2 (#2972)