Fides 2.82.0 release notes

• 2.82.0: March 30, 2026

Helios

Detect and classify global data risks with comprehensive visualization for data mapping and reporting for modern Enterprise.

• Microsoft Entra ID Discovery (Beta): Fides now supports Microsoft Entra ID (Azure AD) as a discovery source for identity provider monitoring. Customers can connect their Entra tenant using OAuth2 client credentials, and Fides will discover enterprise application registrations, extract vendor domains from app metadata, and promote them into your system inventory. Behind the entraMonitor feature flag.
• Helios Insights (Beta): New aggregate statistics widgets in the action center provide a visual summary of monitor results across your entire estate. Progress indicators, status counts, approval progress, top data classifications, and vendor breakdowns are displayed per monitor type (datastore, infrastructure, website) — giving teams an at-a-glance view of discovery health without drilling into individual monitors. Widgets show contextual empty states linking to the integrations page when no monitors exist. Behind the heliosInsights feature flag.
• Bug Fixes:
  • Fixed Snowflake monitor failing to preserve mixed-case database, schema, and table names by properly quoting identifiers.
  • Fixed missing data uses on IDP resources classified by LLM.

Lethe

Enterprise grade privacy request management and processing with a single orchestration layer for DSRs across vendors and systems

• DSR Watchdog Self-Healing: The DSR watchdog is now self-healing: privacy requests stuck due to Redis cache eviction or worker crashes are automatically requeued up to the configured retry limit instead of being immediately hard-cancelled. This significantly reduces false-positive request failures in production.
• Jira Ticket Integration (Alpha): This release introduces a comprehensive Jira integration for manual privacy request tasks. When a privacy request requires manual action, Fides can now automatically create a Jira ticket, track its status, and unblock the DSR when the ticket is resolved — replacing the previous workflow of managing manual tasks entirely within Fides. Behind the alphaJiraIntegration feature flag.
  • Setup and authentication: Connect Fides to Jira via a guided OAuth flow or API key authentication directly from the Admin UI. Customers with an existing Jira SaaS connector can link those credentials in one click.
  • Ticket configuration: A step-by-step wizard lets you select the target Jira project, issue type, and configure summary/description templates using simple __VARIABLE__ placeholders (e.g., __SUBJECT_NAME__, __REQUEST_ID__).
  • Visibility in the request manager: Jira ticket status and a clickable link appear directly on privacy request cards. A new pending_external status clearly indicates when a request is waiting on external action. The detail view shows all linked tickets with status badges and operational controls.
  • Automated status sync: Fides periodically polls Jira for status updates and automatically advances the privacy request when the ticket reaches a terminal state. If a ticket is deleted in Jira, the request is properly errored rather than waiting indefinitely.
  • Operator actions: Three new actions give operators direct control: Retry (re-create a failed ticket without restarting the entire request), Refresh (fetch the latest ticket status on demand without waiting for the next poll cycle), and Force-close (complete all pending Jira gates to unblock a stuck request, with an optional audit reason).
  • Resilience: If one Jira connection has misconfigured credentials, the polling cycle gracefully skips it rather than crashing polling for all connections.
• Bug Fixes:
  • Fixed DSR submission failing when properties are configured only for messaging and not for request filtering.
  • Fixed viewer users being unable to edit systems assigned to them due to a read-only permission check that wasn't properly gated.
  • Fixed manual task modal content overflowing modal boundaries.
  • Fixed async-execution cache keys leaking with no TTL.
  • Eliminated unnecessary manual task API requests on non-manual-task integrations.

Janus

High performance consent recording and orchestration for data sharing, built for enterprise data engineering and AI pipelines.

• Configurable Banner Resurfacing: You can now control when consent banners are reshown after a user interacts with them. A new resurface_behavior setting on privacy experience configs supports REJECT and DISMISS triggers via multi-select checkboxes in the Admin UI — for example, reshowing the banner to users who previously rejected consent. Existing experiences default to no resurfacing unless explicitly configured.
• IAB TCF CMP Stub: Fides now serves the official IAB TCF CMP stub (@iabtechlabtcf/stub) at /fides-stub.js. Publishers can include this script tag before fides.js so that window.__tcfapi is immediately available for downstream ad and analytics scripts, eliminating the need to self-host the stub.
• Google Consent Mode Fallback: The Fides.gcm Google Consent Mode integration no longer requires gtag to be loaded beforehand. If gtag is not already defined, Fides now creates a dataLayer-backed fallback automatically, removing the load-order dependency that previously prevented consent signals from being sent.
• IAB TCF v2.2 Mobile Storage: The Janus mobile SDKs (iOS, Android, Flutter) now write IAB TCF v2.2 consent data to standard platform storage (NSUserDefaults / SharedPreferences), enabling third-party SDKs like Google Mobile Ads to automatically read TCF consent values. All 19 standard IAB TCF keys are implemented, including TC string decoding, Disclosed Vendors, Publisher TC segments, and Google Additional Consent (AC) string.
• US Spanish Language Support: Added support for the es-US (US Spanish) language code on privacy notices and experiences.
• Consent v3 Enhancements:
  • Behavior change: Policy-generated preferences now always override existing explicit preferences, even when the consent value is the same. This ensures that when a parent notice cascades a policy down to child notices, the child's preference_type correctly updates to policy.
  • Consent v3 preference records now include a historical_only_reason field in the FidesMeta metadata, allowing you to distinguish records that were inserted directly as historical from records that were once current but later superseded.
• Bug Fixes:
  • Fixed GPC title and description showing raw i18n keys instead of default values in the Privacy Center consent page.
  • Fixed "Privacy Notice id not found" error when saving TCF experiences.
  • Fixed received_at comparison in backfill preference upsert using the wrong timestamp.
  • Fixed analytics data use mapped to the wrong consent category.
  • Fixed race condition in v3 preference creation that could cause duplicate records under concurrent writes.

Astralis

Real-time data access, usage, and retention policy enforcement across your infrastructure. Astralis embeds governance directly into data pipelines and AI workflows, preventing misuse before it happens and generating an always-on audit trail for regulatory and AI governance.

• Scheduled Assessment Re-Evaluation with Material Change Detection: Privacy assessments can now be periodically re-evaluated to detect material changes. When system data or template questions change after an assessment is generated, Fides uses a diff engine and LLM-based judgment to identify affected answers and regenerates only those — preserving unchanged answers. Re-evaluation timeframes can be configured from the Fides UI.
• EU AI Act FRIA Template: A pre-built EU AI Act Fundamental Rights Impact Assessment (FRIA) template is now available. Organizations subject to the EU AI Act can generate FRIAs directly from Fides with all required sections, questions, and answer options pre-configured.
• Purpose-Based Access Control — PBAC (Alpha): PBAC enables organizations to enforce purpose-based data access policies on warehouse queries. The system evaluates whether data consumers have the required purposes to access specific datasets, logs violations, and provides a monitoring dashboard. Key capabilities include:
  • Management UI for defining data purposes, data consumers, and configuring query log ingestion from integrations like BigQuery
  • Visual policy builder with a node-based editor (React Flow) alongside a YAML code editor
  • Enforcement engine that connects warehouse audit logs to purpose declarations and records violations
  • Monitoring dashboard with violation trend charts, top data consumer rankings, and drill-down violation log with AI-generated explanations
  • Behind the alphaPurposeBasedAccessControl feature flag.

Integrations

• Meta Marketing API: A new Meta Marketing API connector automates erasure requests by removing users from all Custom Audiences in a given Ad Account via Meta's /usersofanyaudience endpoint.
• Improvements: Zendesk and Saleor connectors now include IDs in erasure exception messages and pre-validate order status during read, improving troubleshooting and resilience.

Fides core

• Home Dashboard (Alpha): A new home dashboard provides a unified view of your privacy program health, including a Governance Posture Score (GPS) with animated radar chart breakdown, AI-powered agent briefings with severity-based alerts, sparkline trend cards for GPS Score, DSR Volume, System Coverage, and Classification Health, DSR status breakdown with SLA health by request type, system coverage donut chart, and priority action lists with per-action routing. Behind the alphaDashboard feature flag.
• Sidebar Search: You can now search for any page, tab, system, integration, or taxonomy type directly from the Admin UI sidebar. Use the inline search or the Cmd+K / Ctrl+K keyboard shortcut for instant navigation.
• Dynamic RBAC (Alpha): Building on the foundational schema from 2.81.0, this release adds a full RBAC management UI and a NIST-model role management system with hierarchical roles, resource scoping, temporal role assignments, and separation-of-duties constraints. Administrators can create custom roles, assign granular permissions, and manage user-role assignments. This feature requires server-side environment variables to be enabled. Behind the alphaRbac feature flag.
• OAuth Client Management: OAuth API clients can now be listed, fetched, updated, and have their secrets rotated via dedicated CRUD endpoints — removing the need to delete and recreate clients to change credentials or metadata.
• X-Request-ID Correlation: Every API request now carries an X-Request-ID header (client-supplied or auto-generated) that appears in all associated log entries, making it straightforward to correlate logs across services and workers for debugging and support.
• Privacy Center: You can now configure multiple footer links (e.g., Privacy Policy, Terms of Service, Cookie Policy) via a new links array in config.json. Links now also appear on privacy request form pages. The legacy privacy_policy_url fields continue to work but are deprecated.
• Admin UI: Ant Design v6 Migration: The Admin UI has been migrated from Chakra UI to Ant Design v6. Modals, drawers, menus, toasts, and icons have all been replaced with Ant Design and Carbon equivalents, providing a more consistent and performant UI foundation.
• Security: Bumped several dependencies to address CVEs: tinycss2 (>=1.5.0), weasyprint (68.1), Tornado (=6.5.5), PyJWT (=2.12.0), ujson (~=5.12.0). Removed unused ecdsa dependency (CVE-2024-23342).
• Removed:
  • Pixie/PXL system scanner has been fully removed from the Admin UI, API, CLI, and configuration. AWS and Okta discovery flows are unchanged.
  • fideslog analytics dependency has been removed, along with the UserRegistration model and analytics ASGI middleware. The analytics_opt_out config field is deprecated but still accepted for backward compatibility.
• Bug Fixes:
  • Fixed SSL hostname verification failures after the redis-py upgrade in 2.81.0 by exposing ssl_check_hostname as a configurable Redis setting. Self-hosted deployments behind proxies can set FIDES__REDIS__SSL_CHECK_HOSTNAME=false to restore connectivity.
  • Fixed the Slack thread evidence (team input) not appearing in the evidence drawer.

Notes

This release introduces the Jira ticket integration for manual DSR tasks — now available as an alpha — bringing automated ticket creation, status polling, and operator actions directly into the privacy request workflow. Two additional alpha features debut in Core: a comprehensive home dashboard with GPS scoring and AI briefings, and dynamic RBAC with custom role management.

Astralis expands significantly with scheduled assessment re-evaluation, an EU AI Act FRIA template, and the new purpose-based access control (PBAC) alpha featuring a visual policy builder and enforcement engine. On the consent side, configurable banner resurfacing, the IAB TCF CMP stub, and TCF v2.2 mobile storage expand Janus capabilities. Microsoft Entra ID discovery joins Okta as a supported identity provider for Helios.

Database migrations in this release:

• Banner resurface behavior column
• Assessment context_snapshot and last_evaluated_at columns
• EU AI Act FRIA assessment template
• Microsoft Entra ID connection type enum
• IDP staged resource type unification
• OAuth client name/description columns
• Encryption keys table
• SaaS version field on execution logs
• received_at column on currentprivacypreferencev2
• Dropped userregistration table (fideslog removal)

Behavior changes:

• Consent v3: Policy preferences now always override explicit preferences
• Google Consent Mode: Fides.gcm now creates a gtag fallback instead of returning early when gtag is undefined
• Okta connections recategorized from system_type=database to system_type=system
• IDP staged resource meta field renamed: okta_app_id to app_id
• Assessment completeness excludes soft-removed template questions
• Redis SSL: New ssl_check_hostname setting available for deployments affected by 2.81.0 redis-py upgrade