Skip to content
Release Notes
2.X
2.81.0

Fides 2.81.0 release notes

  • 2.81.0: March 16, 2026
The Enterprise tag indicates that features are only available for Enterprise customers. To review pricing and upgrade your plan, please visit our site (opens in a new tab) or contact us to learn more.

Helios

Detect and classify global data risks with comprehensive visualization for data mapping and reporting for modern Enterprise.

  • Okta Monitor Enhancements:
    • LLM Classification: The LLM classifier toggle is now available for Okta infrastructure monitors, allowing users to opt in to LLM-powered classification for unknown systems detected during scans. When enabled, the classifier enriches systems with data uses, domains, and descriptions.
    • Compass Description Priority: Okta monitor now prioritizes descriptions from Compass over LLM-generated or default fallback descriptions. Systems matched by Compass receive vendor-sourced descriptions, while LLM descriptions are used for unmatched resources. The default "Okta SSO application" description is only applied during promotion when no enriched description is available.
    • UI Updates: The action center now displays an informational banner for infrastructure monitors, and bulk actions have been updated from "Add" to "Approve" for consistency with other monitor types. Monitor result labels have been updated to "Known Systems" / "Unknown Systems". Disallowed actions now show explanatory tooltips, and the Okta integration logo appears in the action center.
    • Scan Improvements: Okta monitor scans now automatically exclude inactive apps and the monitor's own OAuth service application from results.
    • Bug Fix: Fixed a DetachedInstanceError that occurred when running an Okta monitor scan without LLM classification enabled.

Lethe

Enterprise grade privacy request management and processing with a single orchestration layer for DSRs across vendors and systems

  • DSR 3.0 (Sole Execution Path): Deprecated DSR 2.0 code has been fully removed, making DSR 3.0 the sole privacy request execution path. This simplifies the codebase and ensures all customers benefit from the performance and reliability improvements introduced in DSR 3.0.
  • DSR Policies (Beta): The DSR Policies feature has been promoted from alpha to beta. Policy creation now auto-populates rules and targets based on the selected request type, and a new condition builder supports multiselect for location fields. Default DSR policies are protected from deletion with a disabled button and tooltip explanation.
  • Privacy Request Diagnostics: Support teams can now download a diagnostics ZIP file directly from the Admin UI for any privacy request. The export endpoint uploads a non-PII report to configured storage and returns a download URL, making it safe to share in support tickets.
  • Redis Cluster Support: Fides now supports Redis cluster deployments for both caching and Celery task queuing. The FidesopsRedis client accepts either a standard Redis or RedisCluster connection and provides cluster-aware key prefix operations. Valkey compatibility has also been validated with new test coverage.
  • Dataset-Property Scoping: New endpoints allow querying and managing dataset-property mappings by property ID or dataset fides_key, with support for bulk assign and remove operations. This enhances the property-based DSR scoping introduced in 2.80.0.
  • Database Namespace Support: Added namespace metadata support for Google Cloud SQL Postgres, standard Postgres, and RDS Postgres connectors. DSR execution now respects namespace configuration, and set_schema is reconciled with namespace_meta to prevent conflicting search path changes. RDS and MySQL namespace field names have been standardized (database_iddatabase_name, database_instance_iddatabase_instance_name).
  • Bug Fixes:
    • Fixed a watchdog false-positive that could cancel DSRs with tasks legitimately awaiting upstream dependencies.
    • Fixed async polling requests not fully respecting the ignore_errors configuration.
    • Fixed consent status tracking to key per-connection (connection_config.key) instead of per-system.
    • OAuth clients without an associated user can now create comments on privacy requests.
    • Added task time limits and graceful timeout handling to the consent webhook task to prevent worker stalls.

Janus

High performance consent recording and orchestration for data sharing, built for enterprise data engineering and AI pipelines.

  • TCF Compliance: Added gdprApplies=false signaling to existing TCF stubs in non-TCF bundles, ensuring correct IAB TCF behavior for visitors outside GDPR jurisdictions. Fixed TCF modal content not displaying correctly in mobile SDK WebViews by syncing CSS.
  • Consent Propagation: Added the cascade_up_opt_in_all_opt_out_conservative propagation policy for more granular control over how consent preferences cascade through notice hierarchies.
  • Bug Fixes:
    • Fixed fidesString being cleared on app launch when consentNonApplicableFlagMode is set to INCLUDE.
    • Fixed echo detection bug for empty or null consent preferences.
    • Optimized echo detection Redis lookups using hash keys instead of SCAN, and fixed a TTL bug.
    • Fixed custom field create_or_update creating duplicates instead of updating existing records.

Astralis

Real-time data access, usage, and retention policy enforcement across your infrastructure. Astralis embeds governance directly into data pipelines and AI workflows, preventing misuse before it happens and generating an always-on audit trail for regulatory and AI governance.

  • Privacy Assessments (Early Access): Privacy assessments are now available as an early access feature (promoted from alpha to beta). This is a new product area focused on AI governance and risk assessment. Contact your account team if you're interested in early access.

Integrations

  • Domain Validation for SaaS Integrations: Fides now validates that domains configured in SaaS connector parameters match an allowlist for each integration, preventing connectors from reaching unintended endpoints. The feature is controlled via FIDES__SECURITY__DOMAIN_VALIDATION_MODE with three modes:
    • monitor (default) — validates and logs a warning, but does not block requests
    • enabled — enforces validation and blocks disallowed domains
    • disabled — skips validation entirely
    • Since the default mode is monitor, existing deployments are unaffected. In a future release, the default will change to enabled. Self-hosted customers should review their server logs now for lines containing Domain validation violation (monitor mode) to identify any integrations using non-allowlisted domains before enforcement is turned on. If you find violations in your logs, contact support with the integration name and flagged URLs so the allowlist can be updated.
  • Loop Returns Connector: Simplified the Loop Returns integration by removing the labels endpoint and switching to API key authentication.
  • Bug Fixes:
    • Fixed performance regression in the connection config list endpoint.
    • Fixed MSSQL discovery monitor crash by upgrading pymssql to 2.3.13.
    • Fixed MSSQL connection failures on the encoders image caused by OpenSSL library conflicts.
    • Fixed KeyError in Iterable consent update when user profile lacks subscription fields.
    • Fixed Datadog log search timeout by using date math for the filter range.
    • Fixed stale DB session causing SSL errors during long-running monitor detection.

Fides core

  • Admin UI Navigation Redesign: The Settings section has been reorganized into Core Configuration, Compliance, and Settings groups with new Carbon icons. The sidebar is now collapsible with smooth transitions and a logo crossfade, and content expands to fill available width when the nav collapses.
  • Privacy Center Enhancements: Added support for a configurable browser tab title (page_title) in the Privacy Center config and warning indicators for disabled privacy notices in the experience config editor.
  • Experience Descriptions: Changed the container element for experience descriptions from <span> to <div>, enabling support for block-level HTML tags like <p> that were previously being mangled in rendered descriptions.
  • Startup Reliability: Fides now raises an error on startup when database migrations fail to apply, preventing the server from running against a mismatched schema. Added a circuit breaker and socket timeouts to prevent startup hangs when Redis is unavailable.
  • Encryption Migration: Migrated Organization encrypted columns from pgcrypto to AES-GCM, centralizing encryption column definitions behind an encrypted_type() factory.
  • Security: Replaced python-jose with joserfc to address CVE-2024-23342 (opens in a new tab).
  • Other:
    • Updated dataset select options to display the fides key alongside the name when they differ.
    • Improved Celery worker visibility, prefetch configuration, and environment propagation. Added --reload flag to fides worker CLI for automatic hot-reload during development.
    • Upgraded pymssql to 2.3.13 and Next.js to 15.5.10 in the Privacy Center.
    • Fixed web monitor config form being interactive before system data loads.
    • Fixed the checkbox and form component rendering issues in the Admin UI.

Notes

This release includes multiple database migrations, including the dynamic RBAC models, privacy assessment configuration, RDS/MySQL namespace field standardization, Organization encryption migration, and OAuth client permissions. The DSR 2.0 removal is a significant internal change — while DSR 3.0 has been the default execution path for several releases, this version removes the legacy code entirely. We recommend testing in a staging environment before upgrading.

Release Notes2.80.0