Releases: 18F/identity-idp
Releases · 18F/identity-idp
RC 90
2019-08-27T140556
This tag was signed with the committer’s verified signature.
The key has expired.
jmhooper
Jonathan Hooper
Bugs and Enhancements
- More accurate geo-location for account events #3196
- Fix an issue where uploaded images appeared distorted on IE #3194
- Log an event immediately before SP handoff #3193
- Add the ability to export data in reports on a recurring basis #3189 #3188 #3190 #3165 #3167
- New design for the phone verification screen #3187
- Add IAL2 data sharing consent checkbox to the doc auth flow #3145
RC 89
Features
- Allow authentication with a PIV/CAC (#2815, #3114)
- Standardize success confirmation during 2FA setup (#3082)
- OMB Fitara report for stats on sign ups (#3121, #3131)
- SMS CTIA compliance (#3125, #3126, #3042)
- Add new titles for MFA setup option menus (#3127)
- Link to check SMS status on SMS error pages (#3134)
- New setup flow for backup codes (#3138)
- List browsers that support security keys on error (#3141)
Service Provider Updates
- Adds Touchpoints SP configuration (#3137)
Bugs and Enhancements
- Update copy on confirmation email (#3105, #3122)
- Phone setup enter OTP cancel behavior (#3103)
- fixed wording and translations for accuant throttling message (#3104)
- Add timeout for post to google analytics on backend (#3108)
- Use the AddEmailConfirmTokenValidator to validate that an email has n (#3107)
- Add ability to show deprecation warnings when using email attributes (#3113)
- Use email address table to confirm email during sign up (#3109)
- Remove pwned password feature flag and configs (#3116)
- Fix pwned passwords paths (#3119, #3120)
- added link to return to account/SP and converted slims into e… (#3110)
- Remove RegiserUserEmailForm from views that deal with resending email (#3111)
- Fix flickering push notification spec (#3123)
- Redesign check your email screen (#3118)
- Cleanup rubocop violations (#3128)
- Remove the phone setup presenter (#3129)
- Make the email attribute in the factories transient (#3132)
- Drop uniqueness constraint on user email fingerprint (#3133)
- No default checkbox on first phone setup (#3142)
- Fix backup codes copy button output on IE (#3136)
- Fix Backup codes download on IE (#3135)
- Make phone number non-editable (#3117)
- Redesign backup codes warning page (#3139)
- Redesign backup codes screen (#3140)
- Fix remember browser for first MFA (#3144)
- Fix copy on sign in selection list with backup codes (#3146)
RC 88
2019-07-17T194518
This tag was signed with the committer’s verified signature.
The key has expired.
jmhooper
Jonathan Hooper
Features
- Allow a user to change their password directly from emails about a new phone added to their account (#3061)
- Prevent users from creating an account with passwords that are known to be compromised from password breaches (#3074 #3094)
- Add example state ID images to the doc auth proofing flow (#3090)
Service Provider Updates
Bugs and Enhancements
- Add additional alerting for failed background jobs (#3025)
- Initiate the account reset background job with new background job tooling (#3062)
- Fix a bug where a part of the “Add email” button was visible for users who could not add an email (#3073)
- Add additional instructions to account reset emails (#3070)
- Alert users about issues adding an email to an account sooner (#3075)
- Enable backup codes as soon as they are visible to the user instead of requiring the user to click “Continue” for them to work (#3044)
- Fix an issue where the back button did not work during identity proofing failure due to unsupported jurisdiction (#3056)
- Support additional ciphers for WebAuthn (#3086)
- Provide users with recommendations for what to do when add email fails (#3084 #3097)
- Warn users about consequences of deleting an email before they confirm deletion (#3085)
- Fix a bug where the request_id that appears in a sign up email sent to users may be incorrect (#3079)
- Fix bugs where the sign up completed page when appear when not necessary (#3069)
- Change the cancelation behavior on enter OTP screen during sign up to redirect to the options screen instead of aborting sign up (#3096)
- Don’t ask users who do not have a personal key to enter a personal key during account reset (#3100)
RC 87.1
Features
Service Provider Updates
Bugs and Enhancements
RC 87
Features
- Show Steps During Sign Up (#3027)
- In Person Proofing Flow (#3031, #3039, #3042)
- Consolidate Text/SMS and Voice into one MFA option on signup (#3038)
- Make the phone option say "second phone" after setting up a phone (#3047)
- Show the last signed in email address on the account page (#3051)
Service Provider Updates
Bugs and Enhancements
- Collocate phone rate limitting specs (#3033)
- Remove helper for entering the OTP from the db (#3035)
- Add international numbers to phone confirmation tests (#3036)
- Add knapsack rspec report (#3043)
- Fix logic to go to sign up completed page (#3048)
- Store signing_up session value in the user session (#3050)
- Change the text on the email address label (#3052)
- Fix Webauthn not visible on sign in (#3055)
- Redirect to SP after backup code only setup (#3057)
- Remove duplicate success message for PIV/CAC (#3053)
- Do not show TOTP success message if it is the first MFA method (#3054)
- Update node modules and gems (#3058)
- Log user uuid with OIDC token call (#3059)
- Fix French translation for "Email addresses" (#3060)
- Fix OIDC prompt=login automatic sign out after sign in (#3063)
- Update email address column after delete (#3064)
RC 86
2019-06-18T142717
This tag was signed with the committer’s verified signature.
The key has expired.
jmhooper
Jonathan Hooper
Features
- Allow users to sign up with just backup codes enabled (#2970)
- Hide security key option on the MFA setup page for users who do not have JS enabled (#2997)
- Send an email to all confirmed emails on an account when an email is removed (#3007)
- Add an error message when a user tries to add an email that is already on their account (#3011)
- Improve the error message when a user tries to add the same phone number twice during sign up (#3016)
- Tell the user which MFA method they setup on the first MFA step during the second MFA step (#30120)
- Add a spinner during document upload during document authentication (#3021)
- Send users an email when a phone is added to their account (#3017)
Service Provider Updates
No service provider updates were made this release
Bugs and Enhancements
- Fix a 500 error on the SAML metadata endpoint (#2996)
- Fix an issue communicating server side analytics to Google Analytics (#2995)
- Fix a bug where users could change a phone number to the same number as an existing phone (#2992)
- Fix the cancel link on the second MFA setup screen (#2999)
- Fix an issue where signing in with the last backup code redirected to the account screen instead of the new backup code screen (#3000)
- Fix an issue with missing attributes on external links (#3001)
- Fix a bug where the “resend email” button would not work under certain conditions (#3002)
- Fix a cosmetic issue on the MFA options screen (#3009)
RC 85
RC 84.2
RC 84.1
Service Provider Updates
Add new O&M staging environment for flag.dol.gov (#2961)
Bugs and Enhancements
Delete an email address (#2955)
Drop columns related to roles from the database (#2940)
Implement GPO mail job as rake task using RDS (#2919)
Remove the phone configuration consideration from 2fa options (#2964)
Add a generated at timestamp to backup codes (#2963, #2976)
Sign in with backup codes needs redirect to SP (#2966)
Fix supported webauthn protocols (#2967)
Show backup codes download button only on desktop (#2971)
Fix a bug parsing the GA cookie (#2975)
Mark local SAML rails SP as IAL2 (#2972)
RC 84
Features
- Require two MFA methods on registration (#2900, #2949, #2951, #2952)
- Manage multiple emails (#2928, #2929, #2935, #2941, #2943, #2945, #2946, #2948, #2953, #2955, #2956)
- New default phone and fix for sms/voice delivery preference (#2947)
- Push notifications for account delete events (#2950, #2957)