Skip to content
Release Notes
2.X
2.83.0

Fides 2.83.0 release notes

  • 2.83.0: April 13, 2026
The Enterprise tag indicates that features are only available for Enterprise customers. To review pricing and upgrade your plan, please visit our site (opens in a new tab) or contact us to learn more.

Helios

Detect and classify global data risks with comprehensive visualization for data mapping and reporting for modern Enterprise.

  • Helios Insights (Beta): Aggregate statistics in the action center are now backed by a pre-computed cache with scheduled background refresh, replacing expensive per-request SQL queries. Data steward filtering is now supported on aggregate statistics endpoints, allowing the action center to show stats scoped to a specific steward's monitors.
  • Regex Search for Monitor Fields: You can now toggle regex matching when searching staged resource fields in monitors, making it easier to find specific patterns across large schemas.
  • Bug Fixes:
    • Fixed Salesforce monitor tree not expanding in the action center.
    • Fixed monitor detection crashing when datastore resources are deleted mid-scan.
    • Improved Salesforce monitor error diagnostics by logging response body on connector failures.

Lethe

Enterprise grade privacy request management and processing with a single orchestration layer for DSRs across vendors and systems

  • Jira Ticket Integration (Beta): The Jira integration for manual privacy request tasks has been promoted from alpha to beta. New in this release:
    • Ticket preview: Preview rendered Jira tickets with sample data directly in the configuration wizard before saving.
    • Policy-based due dates: Jira tickets now inherit the privacy request's policy-derived due date when no explicit due date configuration is set.
    • Fixed a race condition where ticket creation failed when the request transitioned to in_processing before ticket creation ran.
  • Pre-Approval Webhooks: Pre-approval webhook support allows external systems to approve or flag privacy requests for manual review before processing begins. New awaiting_pre_approval and pre_approval_not_eligible statuses indicate webhook disposition. Each webhook interaction is captured in the audit log, and a new admin UI provides webhook management.
  • Custom Identities in Manual Task Conditions: Custom identity fields (e.g., customer_id) now appear as options in the manual task condition builder, so conditions can be created based on any configured identity type.
  • DSR Structured Caching: Privacy request processing now uses a structured caching mechanism with secondary indexing in Redis, enabling more efficient cache clearing. Backward-compatible with legacy cache keys for in-flight requests during deployment.
  • Bug Fixes:
    • Fixed pagination on the Manual Tasks tab where users could not navigate past the first page.
    • Fixed property filtering dropping manual task collections.

Janus

High performance consent recording and orchestration for data sharing, built for enterprise data engineering and AI pipelines.

  • Case-Insensitive Identity Matching: Identity values (e.g., email addresses) are now normalized to lowercase before hashing and storage in v3 privacy preferences, so User@Example.com and user@example.com resolve to the same record. A new case_sensitive toggle on identity definitions controls this behavior per identity type.
  • Template Variable Autocomplete: Privacy experience translation fields now include autocomplete for template variables (GPC status, vendor count), making it easier to build dynamic consent banners.
  • Consent v3 updated_at: The consent v3 API response now includes meta.fides.updated_at, showing when a preference record was last modified.
  • Privacy Center:
    • Added startup schema validation for config.json — misconfigured files now produce clear error messages instead of runtime crashes.
    • Added UTM tracking parameters to brand and attribution links.
  • Bug Fixes:
    • Fixed consent overlay attribution positioning and mobile styling.
    • Fixed updated_at column on privacy_preferences to auto-populate on record updates.

Astralis

Real-time data access, usage, and retention policy enforcement across your infrastructure. Astralis embeds governance directly into data pipelines and AI workflows, preventing misuse before it happens and generating an always-on audit trail for regulatory and AI governance.

  • Purpose-Based Access Control — PBAC (Alpha): Continued development on the PBAC alpha:
    • Access policy models with transparent versioning for audit trail.
    • Access policies list page with table and card views, drag-and-drop reordering, and enable/disable toggle.
    • Access policy update endpoint changed from PUT to PATCH for correct partial-update semantics.
    • Behind the alphaPurposeBasedAccessControl feature flag.
  • Home Dashboard (Alpha): Added an Astralis Agent Activity panel showing active conversations, awaiting responses, completed assessments, and identified risks. Behind the alphaDashboard feature flag.

Integrations

  • Stripe Organizations: A new Stripe Organizations integration propagates account IDs from connector parameters for multi-account access and erasure requests.
  • SaaS Config Version History: SaaS integration configurations now have version history tracking. Fides stores connector template versions on seed and custom template upload, with API endpoints to list versions and retrieve config and dataset snapshots by version.
  • Bug Fixes:
    • Fixed Loop Returns connector returning empty items in access packages.

Fides core

  • Self-Service Password Reset: You can now reset your password via email ("Forgot your password?" flow) without admin intervention. Follows OWASP best practices: no user enumeration, rate-limited, single-use tokens. SSO-only users are prevented from receiving reset emails.
  • Re-Invite Expired Users: Admins can now re-invite users whose invite links have expired or been lost. Invite TTL has been extended from 24 to 72 hours.
  • Unsaved Changes Protection: A confirmation modal now appears when closing forms with unsaved changes, preventing accidental data loss across the Admin UI.
  • Database Migration Role: A new FIDES__DATABASE__MIGRATION_ROLE configuration option allows Alembic migrations to run under a shared PostgreSQL role, preventing object ownership conflicts during blue-green deployments.
  • Envelope Encryption Foundation: Added KeyProvider abstraction with LocalKeyProvider (AES-256-GCM) for future at-rest encryption of sensitive data.
  • Search Engine Indexing Prevention: Admin UI and Privacy Center pages now include noindex meta tags to prevent search engine indexing of customer instances.
  • Admin UI: Ant Design Migration: Continued migration from Chakra UI and Formik to Ant Design: login page, privacy experiences, user management, dataset forms, datamap report table, properties, organization settings, domains/CORS configuration, and custom reports.
  • Security: Bumped requests to >=2.33.0 (CVE-2026-25645). Fixed command injection vulnerability in cls CLI.
  • Bug Fixes:
    • Fixed race condition in custom fields hook that wiped form values on the system configure page.
    • Fixed Edit SSO Provider Save button being permanently disabled after creating a provider.
    • Fixed Redis cluster connection URL generation to include SSL query parameters.
    • Improved error messages for misconfigured dynamic erasure email connectors to include the connector key.

Database schema & data changes

  • Added case_sensitive boolean column to identity_definition table
  • New SaaSConfigVersion and ConnectionConfigSaaSHistory tables for connector version tracking
  • Added user_assigned_description column to stagedresource table
  • New plus_access_policy and plus_access_policy_version tables for purpose-based access control
  • Added email_verified_at column to FidesUser and new FidesUserPasswordReset table for password reset flow
  • Added awaiting_pre_approval and pre_approval_not_eligible enum values to privacy request statuses; new audit log action enum values
  • Added aws to the connectiontype PostgreSQL enum
  • New monitor_aggregate_statistics table with JSONB stats column for Helios Insights cache
  • New cloud_infra_staged_resource table with unique constraint on URN

Notes

This release promotes the Jira ticket integration to beta and introduces pre-approval webhooks for privacy requests. Helios Insights gains a pre-computed statistics cache for faster dashboard performance, and a new regex search for monitor fields. Janus adds case-insensitive identity matching for consent v3 and template variable autocomplete. PBAC and the home dashboard continue expanding in alpha. Core adds self-service password reset and user re-invites.

Behavior changes:

  • Jira integration feature flag renamed from alphaJiraIntegration to jiraIntegration
  • Consent v3: Identity values are now normalized to lowercase by default for case-insensitive matching; controlled by a new case_sensitive toggle on identity definitions
  • DSR caching migrated to structured cache with secondary indexing; backward-compatible with legacy keys for in-flight requests
  • Access policy update API changed from PUT to PATCH
Release Notes2.82.0