Fides 2.84.0 release notes

• 2.84.0: April 27, 2026

Helios

Detect and classify global data risks with comprehensive visualization for data mapping and reporting for modern Enterprise.

• Action Center Performance: The Action Center monitor list now loads significantly faster for large estates. Aggregate counts (Total, Classified, Approved, etc.) are read from a refreshed cache rather than recalculated on every page load. The "Approved" column, which previously appeared blank, is now populated. The cache refreshes every 2 minutes by default (down from 5 minutes) and is tunable.
• Regex Search for Monitor Fields: A regex toggle next to the search box on the datastore monitor fields page lets you write precise patterns. Search now matches both the field name and its full URN path.
• LLM Classification Retry: Transient LLM provider errors (rate limits, server errors, connection failures) no longer leave you with empty classifications. The classifier now retries automatically with exponential backoff. Real errors (bad credentials, content policy violations) still fail fast. Tunable per-monitor via classification_retry_count and classification_rate_limit_retry_max_wait.
• Discovery Monitor Improvements:
  • Salesforce custom objects: The monitor now falls back to the standard Describe API when the Tooling API is unavailable, so locked-down Salesforce orgs still get a complete picture of custom objects.
  • Microsoft SQL Server read-only replicas: Discovery scans now honor the read_only_connection setting and route to the Always-On read-only replica.
  • IDP monitor cleanup: When apps disappear from Okta or Entra, un-promoted resources are quietly cleaned up instead of lingering as stale "removed" records. Promoted resources still go through the existing removal workflow, and "ignored" decisions are preserved.
• Aggregate Statistics Accuracy:
  • Action Center widgets no longer show inflated counts when resources have multiple data uses or categories.
  • The "Classified" bucket on IDP and website monitors now shows accurate data driven by data use presence, instead of always showing zero.
• Bug Fixes:
  • Bulk-promoting assets with long URNs no longer fails with a 500 error.
  • The Data Catalog drawer no longer crashes when closing it on a system with no privacy declarations.
  • Drag-and-drop column reordering in the Data Map Report's "Edit columns" modal now works when you drop anywhere on a row.
  • The Action Center sidebar now shows fresh data after clicking refresh.
  • Browser back/forward navigation in the Action Center keeps you on the correct tab.
  • Findings under a monitor run now link to the correct confidence bucket.
  • Datastore monitor configuration text now matches the integration vocabulary (e.g., BigQuery says "projects").
  • Removed the redundant "across 1 monitor" subtitle on single-monitor pages.
  • Removed the flickering tooltip on Activity tab error messages.
  • The steward filter now correctly defaults to "assigned to me" when stewards log in.

Lethe

Enterprise grade privacy request management and processing with a single orchestration layer for DSRs across vendors and systems

• Property Info on Privacy Request Details: When a privacy request originates from a specific Fides property (a website, brand, or app), that property name now appears on the request detail panel as a clickable link.
• Jira OAuth Configuration via API: Jira OAuth credentials (client_id, client_secret, redirect_uri) can now be set per-connection through the connection config API and the Admin UI integration form, instead of requiring FIDESPLUS__JIRA__* environment variables. Existing environment-variable setups continue to work as a fallback. Jira tokens are now masked in API responses.
• Property Scoping for SaaS Integrations: You can now assign specific Fides properties (brands, domains, product lines) to an integration's datasets via a new Properties picker on integration edit forms, so privacy requests for one brand don't accidentally pull data from a sibling brand.
• SaaS Dataset Auditing: SaaS dataset changes now have an audit trail showing who created, edited, or deleted the dataset and when. Useful for change management, compliance audits, and root-cause investigations.
• Bug Fixes:
  • Manual tasks scoped to a property are no longer silently dropped from privacy request execution.
  • SaaS connector datasets now correctly honor property-based scoping.
  • Privacy Center request submissions with custom fields now succeed correctly after a recent UI migration had broken the form payload.
  • Editing custom fields on systems with multiple privacy declarations no longer fails with database errors.
  • The Jira tickets section is now hidden when no Jira integration is configured.

Janus

High performance consent recording and orchestration for data sharing, built for enterprise data engineering and AI pipelines.

• Hide the Consent Module: Deployments that only use Fides for discovery or DSRs can now hide consent-related navigation, settings, and integration options from the Admin UI by setting the FIDES__ADMIN_UI__CONSENT_MODULE_ENABLED environment variable to false. Defaults to enabled.
• Privacy Preference Input Validation: Malformed emails, invalid phone numbers, garbage TC strings, and broken device IDs are now rejected at the API boundary with a clear HTTP 422 error, rather than slipping into consent records. This protects data quality and hardens consent ingestion endpoints.
• Bug Fixes:
  • Preferences are no longer dropped when two notices share a name in the V2 current preferences endpoint, and old notice versions no longer pile up alongside new ones.
  • Bidirectional consent integrations (HubSpot, Salesforce, etc.) now correctly maintain their echo-detection window, eliminating a class of duplicate consent updates.
  • Only accepted system-wide consent preferences are now propagated to DSR processing; previously, non-accepted preferences could be incorrectly included.

Astralis

Real-time data access, usage, and retention policy enforcement across your infrastructure. Astralis embeds governance directly into data pipelines and AI workflows, preventing misuse before it happens and generating an always-on audit trail for regulatory and AI governance.

Assessments

• Refreshed Regulatory Template Library + Versioning: Updated assessment templates ship with this release:
  • California CPRA v2025 — refreshed with the latest CPRA guidance (47 questions, 16 sections; replaces v2024).
  • EU AI Act FRIA v2026 — updated for 2026 (replaces v2024).
  • A new template versioning system means updated regulatory content can be published without disrupting assessments already in progress. Old assessments stay on the version they were created against and continue to render and evaluate normally.
• Assessment List Restructure: Assessments are now grouped by processing activity (e.g., "Email Marketing", "Customer Support") instead of by regulatory template. All relevant regulatory assessments are shown as cards under each activity. This matches how privacy teams plan their work.
  • Note: The GET /api/v1/plus/privacy-assessments response shape changes to a grouped format. External integrations against this endpoint will need to update.
• Smarter Questionnaire Assistant: When you ask the assessment assistant to rephrase a question, it now provides plain-language rephrasing with examples instead of asking follow-up clarifications. It also no longer echoes your answers back at you.

Integrations

• Iterable Access Requests: You can now fulfill right-of-access requests against Iterable, pulling user profiles, sent messages, and event history. Previously only erasure was supported. The new endpoints are part of the existing Iterable SaaS connector.
• SaaS Integration Version History UI: A new Version History tab on each SaaS integration's detail page shows every available template version with release dates. A modal lets you view config and dataset YAML side-by-side for any version. Execution log entries also surface the active version.
• AppsFlyer Rate Limiting: Rate limiting was added to keep requests within AppsFlyer's API limits, reducing spurious failures during large DSR runs.
• Bug Fixes:
  • SaaS integrations with per-minute rate limits no longer fail with timeout errors; the rate limiter now waits for the next time window and continues.
  • Integration form fields now populate immediately after creation instead of appearing blank until page reload.
  • The integration Manage modal no longer falsely reports "unsaved changes" on open.
  • Removed a duplicated "Authentication:" paragraph on the Okta integration page.

Fides core

• Major Admin UI Platform Upgrade: The Admin UI is upgraded from Next.js 14 to 16 and React 18 to 19, bringing improved rendering performance and smaller JavaScript bundles.
• Simpler RBAC Configuration: Dynamic RBAC now uses a single FIDESPLUS__RBAC__ENABLED setting instead of multiple separate flags. The frontend reads RBAC state directly from the backend so the UI and API can never disagree. Separation of duties is now always enforced when RBAC is enabled.
• OAuth API Clients Page: A new paginated list at /api-clients in the Admin UI shows every OAuth API client on your deployment.
• Username Validation: New users must use letters, numbers, dots, dashes, and underscores. User invite emails no longer break when a username contains characters like &, =, <, or >. Existing users are unaffected.
• Accessibility & UX Polish:
  • Replaced vague "click here" link text with descriptive text across the Admin UI, docs, and email templates.
  • Dashboard animations now respect the "Reduce Motion" OS preference.
  • The account dropdown menu now opens on click only, not on hover.
• Admin UI: Ant Design Migration: Continued migration from Chakra UI and Formik to Ant Design across many forms: connection manager, integration forms, messaging templates, privacy notices, consent settings, privacy requests, config wizard, properties, organization settings, domains/CORS, custom reports, and the datamap SystemInfo form. CSS variables now replace palette JS imports.
• Node.js 24: Upgraded from Node.js 20 to 24 across Dockerfiles and CI workflows, ahead of Node 20 EOL on GitHub Actions runners.
• Bug Fixes:
  • Fixed login page showing SSO configuration error instead of a generic login failure message when entering incorrect credentials. SSO configuration details are no longer exposed through the error.
  • Fixed unstable selectUser Redux selector causing unnecessary rerenders.
  • Fixed property creation failing with a 422 error caused by a missing paths field.
  • Cleaned up Ant Design v6 deprecated prop warnings in the browser console.
  • Fixed various console warnings and errors.

Database schema & data changes

• New CorrespondenceMetadata table for email delivery tracking and threading
• Correspondence enums, scopes, and encrypted comment_text column on the Comment model
• Added parent_id column to Comment model for threaded replies
• Added label column to MessagingTemplate with backfill to "Default" and unique constraint on (type, label)
• Added template versioning fields (fides_revision, is_managed, parent_template_id) to assessment templates and seeded five new templates (CPRA v2025, FRIA v2026, UK ICO ROPA, IE DPC ROPA, FR CNIL ROPA) — schema foundation for upcoming template versioning support
• Added composite (created_at, id) index on privacy_preferences table for pagination performance

Notes

Refreshed regulatory templates (CPRA v2025, EU AI Act FRIA v2026) ship alongside a new template versioning system that protects in-progress assessments from content updates. Action Center performance is significantly improved by reading aggregate stats from a refresh cache. The Admin UI platform is upgraded to Next.js 16 and React 19.

Behavior changes:

• GET /api/v1/plus/privacy-assessments now returns a grouped response (by processing activity) instead of a flat list. External consumers must update.
• RBAC flags collapsed: enforce_sod_constraints and allow_temporal_roles are removed in favor of FIDESPLUS__RBAC__ENABLED. Separation of duties is always enforced when RBAC is enabled.
• New user creation now rejects characters outside [a-zA-Z0-9._-]. Existing users unaffected.
• Action Center aggregate refresh default lowered from 5 minutes to 2 minutes (tunable).
• Only accepted system-wide consent preferences are propagated to DSR processing.