v2.86.2

Release Pull Request

#8285

What's Changed

• Reduced per-request overhead in logging and JWE token decryption to improve API performance by @erosselli in #8284

Full Changelog: 2.86.1...2.86.2

v2.86.1

Release Pull Request

#8279

What's Changed

• Fixed stuck DSRs when async task ConnectionConfig is deleted or disabled #8211
• Fixed property form paths not saving and actions not working during property creation #8271
• Fixed "Download troubleshooting data" feature to stream diagnostics ZIP directly instead of uploading to storage, eliminating storage configuration dependency and reliability issues #8254
• Fixed watchdog incorrectly erroring privacy requests paused for manual webhook or manual task input, and fixed connection config updates incorrectly requeuing manual task DSRs #8264
• Fixed permanently stuck privacy requests when erasure task creation fails silently by recreating missing erasure tasks from the current graph on retry #8268

Full Changelog: 2.86.0...2.86.1

v2.86.0

Release Pull Request

#8248

What's Changed

• ENG-3700: Include libpbac source in build artifacts by @galvana in #8093
• ENG-3757: Fix Fides.version showing dev decorations on tagged Docker builds by @adamsachs in #8147
• ENG-3695: Surface integration save errors under form fields by @Kelsey-Ethyca in #8092
• ENG-3564: SecretProvider abstraction and AWS Secrets Manager provider by @erosselli in #8051
• ENG-3301: Refactor messaging dispatchers into provider classes by @JadeCara in #8118
• Untrack auto-generated next-env.d.ts in admin-ui and privacy-center by @gilluminate in #8150
• ENG-3301: Migrate AWS SES dispatcher to provider class by @JadeCara in #8120
• ENG-3301: Align messaging endpoints with service layer pattern by @JadeCara in #8138
• Update the cookie wildcard placeholder by @guncha in #8152
• ENG-3648: Fix FidesJS banner resurfacing on non-applicable notices by @gilluminate in #8137
• Build dependencies automatically when running turbo run dev by @lucanovera in #8157
• ENG-3566: Refactor engine creation to use SQLAlchemy creator pattern by @erosselli in #8148
• Change domain validation default from monitor to enabled by @Linker44 in #8141
• ENG-3000: add Privacy requests tab to integrations (alternative to #8121) by @adamsachs in #8126
• ENG-3301: Add threading header support to email providers (Story 2) by @JadeCara in #8122
• Bump the npm_and_yarn group across 1 directory with 5 updates by @dependabot[bot] in #7621
• ENG-3178: Migrate vendor / configure-consent forms to antd by @gilluminate in #8156
• fides-js: Reduce bundle size by removing dependencies and trimming locale data by @eastandwestwind in #8142
• ENG-3301: Add correspondence template and reply-to utility (Story 3) by @JadeCara in #8123
• Remove retired Data Catalog beta feature by @dsill-ethyca in #8149
• ENG-3302: Add hook skeleton for reply polling and notifications by @JadeCara in #8158
• ENG-3324: Monitor steward inheritance data model by @adamsachs in #7888
• ENG-3517: Foundation - attachment_user_provided model + repository by @mikeGarifullin in #8110
• Add markdown support to policy agent UI by @lucanovera in #8174
• ENG-3566: Add DBCredentialProvider for dynamic credential resolution by @erosselli in #8175
• ENG-3617: fix system integration form keys misalignment, make it look more consistent with other forms by @nreyes-dev in #8131
• ENG-3303: Add NOTIFICATION_UPDATE scope to scope registry by @JadeCara in #8167
• ENG-3773: Fix privacy-center build by dropping uuid dep by @mikeGarifullin in #8179
• Support all taxonomies in policy builder UI by @lucanovera in #8177
• ENG-3517: Upload and promotion for user uploaded files - schema variant, storage util, hooks, config by @mikeGarifullin in #8113
• Update package-lock.json by @gilluminate in #8182
• Update .gitignore by @gilluminate in #8188
• Make RTK 404 less annoying in CLI logs by @gilluminate in #8187
• Improve the editing experience with policy agent by @lucanovera in #8164
• ENG-49: Restore privacy-center Swagger UI by @gilluminate in #8190
• ENG-3828: Fix Pydantic serializer warning for AnyHttpUrlStringRemovesSlash by @mikeGarifullin in #8193
• ENG-3552: Migrate AddNewSystemModal to antd Form by @gilluminate in #8195
• Add Snowflake VARIANT JSON integration tests by @eastandwestwind in #8173
• docs: add 2.84.5 changelog entry for GHSA-5qrq-9645-g5g2 by @daveqnet in #8198
• ENG-3566: Wire all DB connections through DBCredentialProvider by @erosselli in #8176
• Add high-risk label to credential provider changelog entry by @erosselli in #8201
• Support filtering by duplicate request groups. Add duplicate request drawer UI. by @lucanovera in #7965
• ENG-3680: migrate admin-ui drag-and-drop from react-dnd to dnd-kit by @gilluminate in #8169
• Fix Privacy Center Cypress path filter firing on every PR by @gilluminate in #8196
• Always open Cmd+K search as centered modal by @galvana in #8202
• ENG-2907: Add Source filter to Request Manager by @nreyes-dev in #8161
• ENG-3303: Generate TS types for correspondence API contract by @JadeCara in #8159
• ENG-3614/ENG-3823: Bump click and pydantic for litellm 1.84.0 compatibility by @galvana in #8178
• ENG-3842: Add configurable pool_recycle for database connections by @erosselli in #8209
• ENG-3847: Make client comments clearer by @tvandort in #8220
• Changelog for 2.85.1 by @erosselli in #8221
• Move tests for fides by @johnewart in #8222
• ENG-3818: Fix Action Center keyboard shortcut infinite render loop by @gilluminate in #8194
• ENG-3250 - Add group_id to MonitorTask by @vcruces in #8115
• ENG-3553: Migrate AddEditAssetModal to antd Form by @gilluminate in #8210
• ENG-3664: Allow for HTML in manage consent page description in Privacy Center by @nreyes-dev in #8226
• ENG-3551: Migrate simplified Privacy Declaration form to antd by @gilluminate in #8227
• ENG-3185: Migrate system data flow components to Ant Design by @jpople in #8133
• ENG-3550: Migrate modal Privacy Declaration form to antd by @gilluminate in #8229
• ENG-3324: System data-stewards change hook for inheritance by @adamsachs in #8172
• ENG-2902: Default ATTRIBUTION_ENABLED to true in Privacy Center by @eastandwestwind in #8219
• Eng 3003 date of birth as Identity by @Vagoasdf in #8143
• Eng 3496 improve ux saas validation by @Vagoasdf in #8166
• Make attachment_user_provided property_id nullable by @jpople in #8228
• Improve display of multiple taxonomies values in policy builder UI by @lucanovera in #8234
• ENG-1958: Add TCF version hash history table and model by @reneruck-ethyca in #8200
• ENG-3339: Rename /access-policy to /access-policies (frontend) by @thabofletcher in #8225
• Add REFRESH_CONSENT_WEBHOOK_TOKEN SaaSRequestType by @Linker44 in #8186
• ENG-3768: Add access package review model and status by @JadeCara in #8183
• ENG-3714: Form builder base — feature flag, deps, and data layer by @jpople in #8203
• ENG-3768: Add access package hook points and builder registry by @JadeCara in #8191
• ENG-3767: Land DSR traversal visualizer (initial merge from PoC) by @gilluminate in #8168
• ENG-3714: Form builder registry, SSE streaming, and useFormBuilder hook by @jpople in #8205
• ENG-3714: Migrate ChatPane to Ant Design X (Bubble/Sender) by @jpople in #8206
• ENG-3714: Form builder UI panels (PreviewPane, FieldPropertiesPanel, SortableFieldItem, VisibilityEditor) by @jpople in #8207
• ENG-3730: Add ATT exempt toggle for privacy notices in Admin UI by @eastandwestwind in #8233
• ENG-3572 - Add cloud_infra_group and cloud_infra_group_assignment tables by @vcruces in #8189
• chore: ga helios insights [ENG-3734] by @speaker-ender in #8130
• ENG-3613: Remove GitPython dependency, reimplement dirty check with subprocess by @thabofletcher in #8237
• ENG-3714: Privacy center field_order, visibility, and placeholder support by @jpople in #8204
• Add Stewardship tab to user detail page by @adamsachs in #8240
• ENG-3877: Wait for custom fields to load before mounting declaration form by @g...

v2.85.1

Release Pull Request

#8223

What's changed

• Added SecretProvider abstraction and AWS Secrets Manager provider by @erosselli in #8051
• Add DBCredentialProvider for dynamic database credential resolution via AWS Secrets Manager by @erosselli in #8175
• Added configurable pool_recycle setting for database connections [#8209] by @erosselli in (#8209)
• Route all database connections through DBCredentialProvider for dynamic credential resolution by @erosselli in #8176 high-risk This issue suggests changes that have a high-probability of breaking existing code
• Refactored database engines to use SQLAlchemy creator pattern for per-connection credential resolution by @erosselli in #8148
• Changed the label on API client comments to make it more obvious that they are from the API client and not from the user by @tvandort in #8220

Full Changelog: v2.85.0...2.85.1

v2.85.0

Release Pull Request

#8129

What's Changed

• revert Dockerfile fix by @gilluminate in #8012
• feat(fidesui): add agent Alert variant and update body UI by @kruulik in #8001
• Agent chat for policy builder UI by @lucanovera in #7993
• Restore webpack for Next builds by @gilluminate in #8022
• ENG-564 (1/4): SaaS dataset backend validation and protected field restoration by @Linker44 in #7686
• Add Fides.matomo() integration helper by @gilluminate in #7991
• ENG-3489: Add CCPA/CPRA privacy request disclosure metrics page by @jpople in #7980
• feat: infra monitor details tray [ENG-3119] by @speaker-ender in #7857
• ENG-3528: Update FE to match BE disclosure metrics API contract by @eastandwestwind in #8025
• fix sass warning by @gilluminate in #8006
• ENG-3603: Fix custom field updates on privacy declarations by @jpople in #8024
• ENG-3593 Fix N+1 query performance in system upsert validation by @erosselli in #8009
• Update 2.84.0 changelog fragment by @dsill-ethyca in #8028
• ENG-3261: close re-invite validation gap and null-email modal render by @nreyes-dev in #7963
• ENG-3627: Update FidesJS JSDoc links for new fidesdocs structure by @gilluminate in #8038
• Wire antd CLI lint into npm lint scripts by @gilluminate in #8036
• ENG-3466 Relax username validation to allow email addresses by @erosselli in #8049
• Upgrade ESLint and fix no-unused-vars mapped type errors by @gilluminate in #8050
• Add dedicated Celery queue for bulk consent imports by @Linker44 in #8055
• ENG-3649: Add consent to supported actions for database integrations by @galvana in #8057
• ENG-3630: Consent identity enrichment via DB graph traversal by @galvana in #8039
• Expose consent webhook requests in privacy request search by @Linker44 in #8037
• 2.84.1 changelog by @Kelsey-Ethyca in #8058
• Fix consent webhook requests not visible on detail page by @Linker44 in #8059
• Updated dependencies for security fixes by @rayharnett in #8061
• ENG-3564: Design doc for dynamic DB credentials via AWS Secrets Manager by @erosselli in #8016
• Fix NextJS 16 warnings about logos by @gilluminate in #8052
• ENG-3605: Fix login button animation to be disabled and dimmer by @gilluminate in #8054
• ENG-2174: Optimize DSR queries to only SELECT necessary columns by @nreyes-dev in #7800
• Tighten turbopack chunk filename allowlist regex by @gilluminate in #8048
• Add optional dbname override to MicrosoftSQLServerConnector.build_uri by @adamsachs in #8017
• ENG-3655 Fix excessive memory usage in get_request_task_celery_task_ids by @erosselli in #8062
• Fix VSCodes changes to settings names by @gilluminate in #8068
• ENG-3479: Enable Ant cssVar + register brand/neutral palette as custom tokens by @gilluminate in #8056
• ENG-3479: Migrate var(--fidesui-) consumers to --ant- and delete Sass var generation by @gilluminate in #8065
• ENG-3479: Rename Ant cssVar prefix to fidesui and migrate consumers by @gilluminate in #8066
• ENG-3662: Pin first two columns of the datamap report table by @gilluminate in #8069
• ENG-3630: Consent pipeline reliability improvements by @rayharnett in #8064
• Change log for 2.84.2 by @galvana in #8074
• ENG-3507: Unlink StagedResources before system deletion by @dsill-ethyca in #8032
• ENG-564 (2/4): Node-based dataset editor with drill-down, CRUD, metadata editing, and YAML panel by @Linker44 in #7687
• ENG-564 (3/4): Wire up SaaS dataset validation and protected field decorations by @Linker44 in #7685
• ENG-564 (4/4): Add node-based graph editor to manage datasets page by @Linker44 in #7812
• ENG-3657: Update URLs for harpocrates by @tina-zimnicki in #8081
• play nice with newer Prettier extension by @gilluminate in #8089
• ENG-3593: Eliminate redundant System fetches in /system/upsert by @adamsachs in #8080
• ENG-3666 Parallelize warm_async_pool connections with asyncio.gather by @erosselli in #8097
• ENG-3290: In-app questionnaire chat UI and model changes by @galvana in #8091
• ENG-3569 - Add cloud infrastructure monitor action center frontend by @vcruces in #8053
• ENG-3590: Resurface behaviors for TCf by @tvandort in #8079
• Improve progress feedback on assessment evaluation by @lucanovera in #8041
• update changelog 2.82.2 by @adamsachs in #8101
• Improve update polling for assessments by @lucanovera in #8102
• ENG-2488: Validate user_geography to prevent malicious data persistence by @mikeGarifullin in #7889
• ENG-3515: BE: new custom privacy center field types (checkbox, checkbox_group, textarea) by @mikeGarifullin in #7977
• ENG-3516: BE: Condition validation for new custom fileds: checkbox, checkbox_group, textarea by @mikeGarifullin in #8026
• ENG-3516: BE: Submission-time resolution of display_condition rules by @mikeGarifullin in #8027
• Remove newIntegrationManagement beta flag by @Kelsey-Ethyca in #8082
• Require integration name when adding from system form by @Kelsey-Ethyca in #8085
• Make database healthcheck timeout configurable by @erosselli in #8100
• Improve activity log step names by @RobertKeyser in #8088
• Fix default tag color by @lucanovera in #8105
• Fix integration detail page 404 from route shadowing by @JadeCara in #8103
• ENG-3160: BE - Access policy agent chat (types + prompt explorer) by @thabofletcher in #7992
• ENG-3252: Remove redundant and flickering tooltip from Action Center view by @nreyes-dev in #8094
• refactor/action-center-refresh [ENG-3414] by @speaker-ender in #7981
• ENG-3464: Configurable Jira completion status by @JadeCara in #8046
• Add correlation ID fallback for async polling (Movable Ink) by @Linker44 in #8034
• Configurable reduction in Celery chatter on Redis queues by @rayharnett in #8077
• Update changelog for release 2.84.3 by @Linker44 in #8111
• Data purposes: card-grid listing page (1/2) by @kruulik in #8020
• ENG-3589: Add text customization to all privacy center pages by @jpople in #8071
• ENG-3457: fix long field name overflow in action center monitor results by @nreyes-dev in #8095
• ENG-3275: Display named OAuth clients by @tvandort in #7869
• refactor: action center cache busting [ENG-3643] by @speaker-ender in #8104
• ENG-3278: Improve nav search with keyword matching and relevance ranking by @jpople in #7952
• ENG-3447: Add att_exempt field to PrivacyNotice by @thabofletcher in #8029
• ENG-3588: Add semantic CSS class names for Privacy Center customization by @jpople in #8072
• ENG-3254: surface extracted log data by @tvandort in #7975
• Policies UI improvements by @lucanovera in #8078
• ENG-3389: Add Jira credential management UI by @jpople in #8098
• ENG-3263: new privacy center error page by @nreyes-dev in #7998
• ENG-3447: Add att_exempt support to FidesJS consent overlay by @thabofletcher in #8030
• Add promotion impact modal for wildcard assets by @guncha in #8075
• Cypress test flakiness fixes by @gilluminate in #8114
• E...

v2.84.5

Security

• Fixed DOM-based XSS in fides.js where client-controlled description overrides bypassed the server-side sanitiser when HTML-formatted descriptions were enabled. See GHSA-5qrq-9645-g5g2 / CVE-2026-44541.

Note: 2.84.4 was not released; 2.84.5 is the first public patch on the 2.84.x line containing this fix.

Full Changelog: 2.84.3...2.84.5

v2.84.3

Full Changelog: 2.84.2...2.84.3

Release Pull Request

#8112

What's Changed

• Added the ability to disable Celery heartbeat, mingle and gossip through the config by @johnewart #8077

v2.82.2

Release Pull Request

#8044

What's Changed

• Reduce redundant System fetches per row in /system/upsert from four to one, and add per-axis change-detection logging in the system audit path by @adamsachs in #8080
• Fixed excessive memory usage in DSR cancel path by using column projection instead of loading full RequestTask ORM objects with large encrypted blobs by @erosselli in #8062
• Fixed N+1 query performance issue in system upsert endpoint where privacy declaration label validation issued individual database queries per label instead of batching them by @erosselli in #8009

Full Changelog: 2.82.1...2.82.2

v2.84.2

Release Pull Request

#8073

What's Changed

• Add configurable soft time limit for privacy request tasks, fix connector engine leak, and improve consent pipeline logging by @galvana in #8064

Full Changelog: 2.84.1...2.84.2

v2.84.1

Release Pull Request

#8060

Full Changelog: 2.84.0...2.84.1