RC 101

Features

LG-2223 Sign in with multiple TOTP apps (#3499, #3526)
LG-1904 LG-2222 Add and delete TOTP apps (#3509)
LG-2513 LG-2514 Allow multiple PIV/CACs or auth apps on setup (#3515)
LG-2379 LG-2476 Add cost tracking by SP (#3522, #3527)

Service Provider Updates

Update DOT Secure Data Commons friendly name

Bugs and Enhancements

Remove Devise confirmable from the user model (#3484)
Fixing 2FA SMS code not autopopulating in Safari (#3493)
fixed strong_migrations error (#3506)
LG-2295 Pre-populate address when editing address from ID (#3510)
LG-2310 run locally with piv cac (#3511, #3517, #3518)
LG-2052 Remove auto-format from IAL2 proofing phone check (#3512)
LG-2308 Add migration for adding 'allow_prompt' to service provider table, backfill rake task (#3513)
Remove Geolite2 setup from the setup script (#3514)
LG-2512 Put the 127.0.0.1 geocoder stub back in the spec file (#3516)
LG-2063 Give users more time to complete mobile capture on hybrid flow (#3521)
LG-2213 Upgrade the identity style guide to 2.2.0 (#3523)

RC 100

Service Provider Updates

Change DOT Secure Data Commons redirect URI

Bugs and Enhancements

LG-2477 Add rack timeouts to new relic (#3496)
LG-2484 Increase timeouts for Acuant results API call (#3498)
LG-2489 Increase timeout time for AAMVA during doc auth (#3501)
Drop x509_dn_uuid column from users table (#3483)
LG-2485 Fix uploading test credentials for IAL2 (#3500)
LG-2395 Allow failures with yaml test document upload (#3497)
Bump rack from 2.0.7 to 2.0.8 (#3494)
Add a banlist for non-essential emails (#3487)

RC 99

Features

Add choose verify method screen for CAC proofing (#3474)
LG-2419 User with a CAC sees the CAC proofing flow (#3471)
LG-862 Add a PIV/CAC to an account (#3449)

Service Provider Updates

Add SP: HHS - OIG - Exclusion Referrals
Add SP: DOT - FHWA ITS JPO - Secure Data Commons
Add SP: DOL - OASAM - eFile-eServe (EFS)

Bugs and Enhancements

Add a banlist for non-essential emails (#3487)
Add CT to the list of supported states (#3482)
Lg 2441 redirect URIs not included in CSP for oidc (#3479)
LG-2413 Doc auth drop offs by sprint report (#3480)
Remove references to x509_dn_uuid on user (#3477)
Rescue db not found error in migration check. (#3476)
LG-2430 Track data around profile deactivation and activation with personal key (#3475)
Parse full name from CAC correctly (#3473)
Limit PIV/CAC count (#3472)
LG-2410 Accept IAL2 and LOA3 assertions (#3464)
LG-1767 LG-2103 Get name off CAC when proofing with CAC. On error offer doc auth (#3470)

RC 98

Features

LG-2224 Remove a PIV/CAC (#3436)
LG-2315 Users should not see PIV/CAC option to configure MFA on mobile (#3439)
LG-2218 Added friendly doc auth errors (#3434)
LG-1649 Update design and copy for MFA more info (#3429)
LG-2351 Sign in with multiple PIV/CACs (#3431)
LG-2313 Users should not see sign in with PIV/CAC option on mobile (#3437)
LG-2312 Users should not see proofing with a CAC option on mobile (#3438)

Service Provider Updates

LG-2372: new version of saml_idp doesn't sign saml logout response (#3430)

Bugs and Enhancements

Don't check for pending migrations on a migration instance (#3445)
Change max doc auth attmepts to 10 (#3444)
Update encryption-and-key-rotation.md (#3433)
LG-2383 Raise an error if migrations are pending in bin/activate (#3435)
Use an OTP object to save IdV OTPs in the session (#3432)
Fix blank doc_auth_log entries (#3428)
LG-2370 Apply the secure headers override during webauthn setup (#3427)
LG-2350 Add a new table for piv/cac configurations (#3426)
LG-1190 Default to read replica for the console db (#3425)

RC 97

Features

LG-664 Require 2nd MFA for personal key users (#3373)
LG-2051 Allow IAL2 users who fail recovery to revert to account reset (#3389)
LG-1080 Allow deleting backup codes (#3405)
LG-1726 Confirm screen for generating backup codes (#3405)
LG-2125 Unique yearly auths report (#3421)

Service Provider Updates

Bugs and Enhancements

LG-2206: encode the logout response with the endpoint signature cert/key (#3390)
Update gems (#3391)
Fixes for jaws and IE (#3392)
Use the master branch of saml_idp (#3393)
Rename the grant_readonly_access rake task and revert implementation (#3400)
Remove Procfile_dev (#3402)
Revert LG-1896 (#3403)
Remove 1st mfa success screen when retiring personal key (#3407)
LG-1996 Email address form field does not provide error summary (#3408)
Misc content updates (#3409)
LG-2246 Fix phone edit authorization issues (#3410)
Bump json-jwt from 1.10.2 to 1.11.0 (#3411)
Misc bug fixes for retire personal key (#3412)
LG-2232 Use a separate NewRelic app in the background jobs (#3413)
Permit any node version between v8 and v12 inclusive (#3414)
Use export to set the NewRelic app name for background jobs (#3415)
LG-2323 Update libphone-js (#3416)
Bump rack-cors from 1.0.3 to 1.0.5 (#3417)
Pin the style guide version to 2.1.5 (#3419)
LG-2206: new version of saml_idp to include response id in signature (#3420)
Rollback the change to use separate NR accounts for web and bg jobs (#3422)

RC 96

Features

LG-1832 Display attributes on consent screen (#3366)
LG-2044 Add a PIV/CAC during sign in flow (#3361)
LG-1623 Redesign personal key page (#3381)

Service Provider Updates

Update agency names (#3301)

Bugs and Enhancements

LG-1838 Add default help text to service_providers.localdev.yml (#3336)
LG-2117 Fix auth counts tracking to exclude auths that that do not make it back to sp (#3360)
LG-2095 Accept either an array or a string as a value for OpenID (#3363)
LG-2054 Add link to send verification code via usps on error pages (#3364)
LG-1451 Ensure PII is not being transmitted/shared with IAL1 SPs (#3367)
LG-1832 Update consent screen to display attributes before continue (#3370)
LG-2194 Move image upload errors to top of screen (#3371)
LG-2040 Pick up debugging heavy saml_idp gem (#3372)
LG-2040 Pick up more debugging and possible fix from saml_idp gem (#3376)
LG-2200 Cleanup after the Pinpoint migraiton (#3379)
LG-2040 Saml_idp doesn't require namespace when checking signature (#3380)
LG-1941 Jaws not reading correct texts (#3374)
LG-2178 Fix IAL2 user counts per SP (#3383)
LG-2120 Fix total verified user count in doc auth funnel (#3382)
LG-2089 Remove the failure presenters in the IdV flow (#3375)
LG-992 Limit the amount of texts that can be sent out for doc auth (#3385)
LG-1896 accept oidc and saml requests with ial in request (#3384)
phone number flag icon fix (#3378)
Re-adding CREATE USER statement to grant_readonly_access rake task (#3353)
Enable doc auth in local dev and production (#3357)
Whitelist SP redirect in CSP on piv cac setup after sign in action (#3368)

RC 95

Features

Updated messages for PIV/CAC certificate timeout and ocsp errors (#3352)

Service Provider Updates

Add DOL - CIO - Case Management Platform SP (#3343)

Bugs and Enhancements

Move service_providers.yml and logos to identity-idp-config (3349)
Update authentication and confirmation OTP message (#3358)
Fix Sign In With PIV/CAC 500 errors (#3344)
Update AAMVA gem to 3.2.4 (#3348)
Cleanup application.yml (#3323)
Remove decorative image alt tags (#3350)
Fixed checkboxes in high contrast mode (#3351)
Add a uniqueness constraint to email address (#3355)
Fix country combo for screen readers (#3354)
Add aria labels to checkbox (#3356)

RC 94

RC 94.1

WHY: Update NGA NOME expiring certs

Features

Add missing hybrid flow steps to doc auth funnel analytics (#3345)

Service Provider Updates

Update NGA NOME cert (#3342)

Bugs and Enhancements

Fix tests failing because of an issuer change (#3341)

RC 94

Features

WHY: Regular scheduled release

Features

Self service help text (#3320)
Confirming email then entering password redirects to sign in (#3313)
Log redirect to SP bounce (#3315)

Service Provider Updates

Add DOI FedTalent configuration (#3296)
DOT - FMCSA - Drug and Alcohol Clearinghouse fixes (#3337)

Bugs and Enhancements

Set twilio_verify_override_for_intl_sms false (#3311)
LG-1273 Create migration to add help text to service providers, backfill existing SPs to have help text (#3318)
Use update attributes (#3321)
Fix help text backfill (#3322)
fix redirect from doc auth to idv when browser back clicked (#3325)
Rename loa to ial in the code (#3278)
Fix 500 error when unauthenticated on IAL2 password screen (#3332)
Fix erroneous error counts reported in doc auth funnel (#3331)
Fix 500 error verifying images in doc auth (#3333)
Hide docauth error and info after new image selected (#3335)
Revert sample app issuer in sp.yml (#3339)
Fix tests failing because of an issuer change (#3341)

RC 93

RC 93.4

WHY: Releasing fixes for IAL2 proofing flow

Features

• Self service help text (#3237)
• Confirming email then entering password redirects to sign in (#3313)
• Notify users of handoff to SP bouncing back to login.gov (#3315)

Service Provider Updates

• Merge pull request #3296 from 18F/amos/config/doi_talent

Bugs and Enhancements

• Bump telephony gem version to v0.0.12 (#3295)
• Tracking USPS letter sent and costing correctly (#3299)
• Remove PIV/CAC instructions link (#3303)
• Fix legacy idv throttling (#3302)
• Clean up PIV/CAC error screen (#3307)
• Cleanup log statement (#3304)
• Don't report cost for bad acuant calls (timeouts/connections) (#3308)
• Reset mobile doc auth properly in hybrid flow (#3312)
• Fix duplicate help links after failing to proof (#3314)
• Revert "Self service help text" (#3316)
• Bump simple_form from 4.1.0 to 5.0.0 (#3317)
• Set twilio_verify_override_for_intl_sms false (#3311)
• Create migration to add help text to service providers (#3318)
• Use update attributes (#3321)
• Self service help text (#3320)
• Fix help text backfill (#3322)
• Fix redirect from doc auth to idv when browser back clicked (#3325)
• Update gems (#3324)

RC 93.3

WHY: Releasing HHS SP config

Service Provider Updates

• Add SP HHS - OIG Utils (#3300)

Bugs and Enhancements

• Don't report cost for bad acuant calls (timeouts/connections) (#3308)

RC 93.2

WHY: Releasing telephony gem changes and USPS letter tracking

Features

• User cannot re-submit Docauth despite waiting longer than 24 hours (#3294)
• Update CBP TTP learn more URL (#3298)
• Tracking USPS letter sent and costing correctly (#3299)

Service Provider Updates

• RRB prod SP config updates (#3297)

Bugs and Enhancements

• Bump telephony gem version to v0.0.12 (#3295)

• Remove PIV/CAC instructions link (#3303)

• Fix legacy idv throttling (#3302)

RC 93.1

Features

WHY: Releasing PIV/CAC feedback enhancements and IAL2 reporting

• Sign in with PIV/CAC feedback on errors (#3279)
• Change the way the proofing client gems are specified in the Gemfile (#3275)
• Track Proofing Costs (#3264)
• Format the hybrid flow phone number (#3282)
• Save components used to establish IAL2 credentials (#3276)
• Successful handoff rate by SP report (#3277)
• Track Doc Auth Funnel (#3263)

Service Provider Updates

• Update rrb logo (#3285)

Bugs and Enhancements

• Move rubocop and rubocop-rails into the dev/test group (#3269)
• Fix CSS for IE 11 (#3271)
• Remove extra doc auth funnel creates (#3280)
• Set configs for identity-telephony v0.0.10 (#3283)
• Bump aamva gem (#3284)
• Revert "Set configs for identity-telephony v0.0.10 (#3283)" (#3287)
• Misc doc auth fixes (#3289)
• LG-1955 Bump telephony gem to v0.0.11 (#3290)
• Fix success rate report (#3291)

RC 91

Features

• Send push notifications as OpenID RISC Event Types (#3206)
• Support option to proof with either State ID or CAC (#3221)
• Add support for backup SMS and Voice OTP provider Pinpoint (#3202, #3203, #3205, #3199, #3241)
• Rate limiting emails on unauthenticated forms to prevent abuse (#3228)

Service Provider Updates

• Add SP RRB - myRRB (#3212)
• Add additional DOT Delphi eInvoicing SP config (#3238)
• Add SP DOT - FMCSA - Drug and Alcohol Clearinghouse (#3211)

Bugs and Enhancements

• Stop sorting backup codes by ID (#3208)
• Create hashed and unhashed assets (#3209)
• Add usds fonts (#3216)
• Static page not found page (#3219)
• Update the knapsack report (#3207)
• Fix confusing placeholder phone number (#3220)
• Set the image and font path variables for USWDS (#3223)
• validating token not expired to prevent 500 errors on password validation (#3210)
• Remove unused assets (#3222)
• Fix expired link on email confirmation (#3226)
• Visually distinguish characters in backup codes and personal keys (#3231)
• Remove return to profile link from completions page (#3230)
• Add missing user UUID to doc auth proofing (#3232)
• es translation fixes (#3229)
• Update stale password digests as users sign in (#3227)
• fix default when editing phone (#3235)
• added idv_extra to resolution response (#3240)
• Fix state ID preview on ie 11 (#3239)