Skip to content

Releases: 18F/identity-idp

RC 549

10 Feb 21:19
@Mawar2 Mawar2
2026-02-10T211912
10badd5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
RC 549 Latest
Latest

User-Facing Improvements

  • MFA Authentication: Update Information to be clearer (#12843)
  • Partner-Facing SAML Response Improvements: Add email attribute to support integrations with Microsoft Entra ID (#12841)

Bug Fixes

  • NewDevice alert: Reset sign_in_new_device_at for abandoned events (#12855)
  • Proofing Job: Make user access nil safe (#12836)

Internal

  • Hybrid ThreatMetrix: Detect when user went through hybrid flow and return threatmetrix_id_missing_result when session ID is missing (#12851)
  • IdV: Abstract Threatmetrix from DDP proofer (#12840)
Assets 2
Loading

RC 548

05 Feb 17:40
@WilliamBirdsall WilliamBirdsall
2026-02-05T174006
f94af4b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
RC 548

Internal

  • Analytics: Add test coverage for passport MRZ verification in Socure flow (#12833)
  • Document Authentication: Use unlink in task to remove depcreated Set of socure users uuids (#12846)
  • Document Authentication: Add signals to phonerisk (#12839)
  • IdV: Add distinct customer event type to TMX hybrid mobile requests (#12847)
  • IdV: Exclude device fingerprint from analytics (#12850)
  • RISC Events: Refactor risc events to ensure it notifies for all MFA event changes (#12818)
  • SAML: Setting 2026 as canonical SAML year (code/tests) + removing 2024 references/sample files (#12831)
  • IdV: Restore AAMVA verified fields to cover failed IV checks(#12808)

Upcoming Features

  • Doc Auth: Ddp read pii and update response fixtures (#12823)
Loading

RC 547.1

04 Feb 21:31
@vrajmohan vrajmohan
2026-02-04T213124
db3c12d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
RC 547.1

User-Facing Improvements

  • NewDevice email, Suppress email if there are no events to show (#12834)
Loading

RC 547

04 Feb 00:35
@vrajmohan vrajmohan
2026-02-04T003541
30339f8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
RC 547

Bug Fixes

  • NewDevice email: Guard against null new_device_alert_window_start_in_minutes (#12829)
  • NewDevice email: Make start time for scanning new device activity configurable (#12827)

Internal

  • IdV: Rename desktop_selfie_test_mode to desktop_test_mode (#12828)
Loading

RC 546

03 Feb 17:59
@WilliamBirdsall WilliamBirdsall
2026-02-03T175922
b7335aa
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
RC 546

User-Facing Improvements

  • User redirect: Allow users to redirect if not fully signed in (#12788)

Bug Fixes

  • NewDevice email: Revert email aggregation logic on MFA lockout (#12634)

Internal

  • Doc Auth: Add aamva_checked flag to state ID validation event (#12825)
  • Document Authentication: Task to remove unused socures users set from Redis (#12824)
  • SMS preview: Create infrastructure for SMS preview(#12786)
  • In-Person Proofing: Implement AAMVA verification at state ID capture with deferred storage(#12812)
Loading

RC 545

29 Jan 17:59
@AShukla-GSA AShukla-GSA
2026-01-29T175900
2bf4851
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
RC 545

Internal

  • Reporting: Add SP version (#12805)

Upcoming Features

  • Doc Auth: Handle doc type mismatch in DDP true ID response (#12815)
  • IdV: Add AB test for hybrid mobile threatmetrix (#12816)
Loading

RC 544.1

27 Jan 18:44
@AShukla-GSA AShukla-GSA
2026-01-27T184409
492c6c6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
RC 544.1

Internal

  • Revert New Device alert: Set longer timeout for slow query (#12813)
Loading

RC 544

27 Jan 17:19
@AShukla-GSA AShukla-GSA
2026-01-27T171932
cbcd6cf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
RC 544

User-Facing Improvements

  • Authentication: Update MFA name limit (#12804)
  • IPP: Remove state ID update link from IPP verify info page (#12806)

Internal

  • Historical Attempts API: Creates user_proofing_events table (#12811)
  • New Device alert: Set longer timeout for slow query (#12813)
  • Reporting: Generecize RegistrationFunnel Report (#12775)

Upcoming Features

  • Doc Auth: Ddp response id_type_supported (#12807)
Loading

RC 543

22 Jan 19:37
@shanechesnutt-ft shanechesnutt-ft
2026-01-22T193712
9aff29a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
RC 543

User-Facing Improvements

  • Fraud: Update LG22 email (#12724)

Internal

  • Analytics: Add new logged event for LexisNexis Instant Verify results (#12798)
  • Document Authentication: Phonerisk percentage routing and failure by reason code configuration (#12800)
  • IdV: Add threatmetrix checks to hybrid flow (#12778)
  • SAML: Adding SAML2026 as valid artifact to list (#12801)
  • Scripts: Add deactivation reason duplicate account (#12796)

Upcoming Features

  • Doc Auth: Add DDP TrueID API client for LexisNexis integration (#12781)
  • Doc Auth: Create ddp true id response base class (#12792)
Loading

RC 542

20 Jan 22:25
@shanechesnutt-ft shanechesnutt-ft
2026-01-20T222524
e8acafe
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
RC 542

Bug Fixes

  • Proofing: Make zip5 in Instant Verify verification request nil safe (#12791)
  • Internal Report: API Transaction count report (#12790)

Internal

  • Analytics: Add new logged event for Socure KYC calls (#12785)
  • Reporting: Genericize IRSFraudMetricReport (#12757)
  • Reporting: Billing Report (Team Data-390) (#12784)
  • Security: Integrate pre-commit secrets detection with devenv (#12737)
  • Validation: Adding character limits for configuration names (#12779)
  • Attempts API: Adds idv/attempts to secure session (#12795)
  • Validation: Set name length to 80 for MFA configs (#12797)

Upcoming Features

  • Historical Attempts API: Create historical attempts feature flag (#12793)
Loading