Skip to content
Release Notes
2.X
2.85.0

Fides 2.85.0 release notes

  • 2.85.0: May 11, 2026
The Enterprise tag indicates that features are only available for Enterprise customers. To review pricing and upgrade your plan, please visit our site (opens in a new tab) or contact us to learn more.

Helios

Detect and classify global data risks with comprehensive visualization for data mapping and reporting for modern Enterprise.

  • IDP Monitor Staged Resource Details: Descriptions and data uses are now editable for systems discovered by IDP monitors (Okta, Entra). This is especially helpful for unknown systems — typically internal applications — where adding context improves downstream classification.
  • Microsoft SQL Server Read-Only Connections: The read_only_connection setting was being silently dropped during discovery scans because of duplicated URL-building logic. That logic is now centralized so the setting takes effect everywhere — customers running Always-On availability groups can point Fides at their read-only replica and have it work correctly.
  • DynamoDB Classification Fix: DynamoDB tables no longer get stuck on "Classifying..." when two tables share the same name in different schemas. New DynamoDB monitors also default to single-dataset mode, which sidesteps the problem entirely. Note: This changes the default for new DynamoDB monitors to single-dataset mode; existing monitors are unchanged.
  • Bug Fixes:
    • SaaS integration discovery now detects when an endpoint disappears, flagging it for review on the next scan instead of leaving it in place silently.
    • Long field names in the Action Center monitor results no longer overflow out of place.
    • The flickering tooltip on Action Center breadcrumb paths is fixed.
    • Deleting a system that has linked resources from an IDP or website monitor no longer fails with a database error.
    • The first two columns of the Data Map report now stay pinned on the left when scrolling horizontally.

Lethe

Enterprise grade privacy request management and processing with a single orchestration layer for DSRs across vendors and systems

  • CCPA/CPRA Annual Disclosure Metrics Page: California businesses can now publish their required annual privacy-request statistics straight from the Privacy Center. A new public page shows the number of access, deletion, correction, and opt-out requests received and complied with for the previous calendar year, along with average response times — fulfilling the disclosure obligation under California Civil Code §1798.130(a)(5). All copy on the page is configurable, and the data refreshes from a server-side cache so the page stays fast under public traffic. Behind the FIDES_PRIVACY_CENTER__PRIVACY_REQUEST_DISCLOSURE_ENABLED feature flag.
    • Note: This release supports metrics for access and erasure (deletion) requests. Support for correction and opt-out request metrics is planned for a future release.
  • Configurable Jira Completion Status: For customers that use the Jira Manual Tasks integration, you can now pick the single Jira status that means "we're truly finished" instead of having Fides close the request as soon as any "done"-category status is reached. Admins set this from a "Completion trigger" dropdown on the Jira integration's config tab, scoped to the selected issue type. Jira polling also moved to a background worker and the default interval dropped from 10 minutes to 3 minutes. Note: The polling interval is now 3 minutes by default. Existing customers without a configured completion status keep the prior "any done status closes the request" behavior.
    • Also fixed: auto-approved privacy requests now get a Jira ticket created automatically. Previously, auto-approved requests skipped the approval step entirely, which meant no Jira ticket was created.
  • Jira Credential Management UI: You can now connect Jira directly from the Admin UI. A new Credentials tab on the Jira integration page lets you complete OAuth 2.0 authorization in-browser, or copy credentials from an existing Jira SaaS connector. Status indicators show whether the connection is live, stale, or broken.
  • More Field Types for Privacy Center Forms: Privacy Center request forms can now be configured with three additional field types: single checkbox, checkbox_group (multiple checkable options), and multi-line textarea (free-text comment box). You also gain support for conditional "show this field only if…" display rules tied to the new field types, with validation enforced at both save-time and submission-time. Configuration happens via the Privacy Center config API/YAML; an Admin UI for managing these fields visually is planned for a future release.
  • Customize Every Word on the Privacy Center: You can now control the text shown on every step of the Privacy Center — verification, success, and the new metrics page — without code changes. Every user-facing string is configurable per property or per request action through the config API, with sensible defaults. Combined with the new semantic CSS class names on Privacy Center pages, you can rebrand the entire experience with config and a stylesheet.
  • Branded Error Page: Visitors no longer see a raw browser-style error message when the Privacy Center hits an unexpected problem. The fallback page is now branded, never exposes raw exception details, and shows a configurable message.
  • Faster, Lighter Privacy Request Execution on Big Tables: Privacy requests against large tables now complete faster and use less memory. Fides only reads the columns it actually needs for the privacy request, instead of pulling every column on every table. Note: Access reports now only include fields that have a data category set directly on them. Erasure requests are unaffected. Customers relying on table-level category tagging to surface uncategorized sub-fields should review their access report output after upgrading.
  • Easier Privacy Request Triage:
    • Privacy request logs now show exactly which API client or user made each comment, attachment, or action.
    • The activity timeline shows how many detailed log entries are available per step, and uses human-readable names (e.g., "Email sent", "Request execution plan") instead of internal codes.
    • Async integrations no longer fail an entire step when one sub-request errors out — partial results come through, so you see what data was collected and only need to investigate the parts that genuinely failed.
  • Bug Fixes:
    • The sample Privacy Center config now points at the public Ethyca asset URL instead of a direct S3 URL.
    • Integrations created from a system's Integrations tab now require a name, so they no longer appear as "(No name)" on the integrations list.
    • The integration detail page no longer 404s after a recent dataset-editor route addition.

Janus

High performance consent recording and orchestration for data sharing, built for enterprise data engineering and AI pipelines.

  • Matomo Integration: A new Fides.matomo() integration helper syncs each user's consent choices to Matomo's tracking and cookie APIs in real time, so Matomo only tracks the activities the visitor agreed to. The integration only requires consent when the user is actually in a region where the requirement applies.
  • Query Default-Property Preferences: The historical and current preferences endpoints now accept property_id=default, which returns records associated with the default property whether they're tagged explicitly or have no property ID at all.
  • Embed Consent With Customer-Hosted Logos: The embedded consent module's image policy was widened so customer-controlled image sources are accepted.
  • IAB TCF Consent Banner Resurfacing Fix: Consent banners running on the IAB Transparency & Consent Framework (TCF) now correctly re-display to end users according to the resurface-on-dismiss and resurface-on-reject options set on the privacy experience. Previously, dismissing or rejecting the banner on a TCF experience would not bring it back even when configured to resurface.
  • Security: Reject Bad Inputs Before They Reach the Database: Consent endpoints now reject malformed location and URL inputs at the front door instead of saving them. This hardens consent ingestion endpoints against malicious payloads and protects data quality.

Astralis

Real-time data access, usage, and retention policy enforcement across your infrastructure. Astralis embeds governance directly into data pipelines and AI workflows, preventing misuse before it happens and generating an always-on audit trail for regulatory and AI governance.

Assessments

  • In-App Chat Provider for Testing Questionnaires: A new in-app chat provider lets you try out an assessment questionnaire end-to-end without first standing up a Slack messaging provider. The chat opens in a drawer in the Admin UI, supports start/stop/resume, and shows live status. The Slack provider remains the recommended way to collect answers from non-privacy stakeholders at scale.
  • Smarter Questionnaire Conversations: The assessment assistant now uses a two-step approach — first working out what the user meant, then drafting the answer. It generates personalized intro and completion messages, rephrases questions in plainer language on request, and matches the tone configured on each assessment. Non-privacy stakeholders can answer in their own words and the assistant translates into the structured answers the assessment needs.
  • See Assessment Progress in Real Time: Each assessment row appears as a placeholder tile the moment generation starts, then fills in as each question's answer comes back from the AI. The assessment list also refreshes while generation is running.
  • Privacy Assessment PDF Reports Now Work in Slim Deployments: The templates needed to render the assessment PDF report were missing from the slim Docker package. They are now packaged correctly.
  • Assessment Wording Polish: "Completeness X%" now reads "X% of questions answered." The detail page header now shows which template was used and which data categories the assessment covers.

Purpose-Based Access Control (Alpha)

  • Build Access Policies by Chatting With Fides (Alpha): You can describe what you want in plain English — e.g., "Allow the marketing team to read customer email and country, but never for users in California" — and Fides drafts the matching policy in both the visual builder and the YAML editor. The assistant only references taxonomy values that actually exist in your deployment. Behind the alphaPurposeBasedAccessControl and FIDESPLUS__ACCESS_POLICIES__AGENT_ENABLED feature flags.
  • Access Policy Builder Visual Polish (Alpha): The chat panel can now be toggled cleanly with a switch, the chat is responsive on smaller screens, and the policy YAML structure is simplified.

Integrations

  • New Integration: ServiceNow ITSM: You can now fulfill both access and deletion privacy requests against ServiceNow data end-to-end. The connector covers 20 collections including incident tickets, problem records, change requests, service catalog tasks, knowledge management, audit logs, and email residuals. Deletion uses field masking instead of actually deleting records, so ITSM audit trail and SLA reporting are preserved while personal data is cleared. Authenticates via OAuth 2.0.
  • Visual Dataset Editor: You can now build and edit SaaS integration datasets in a node-based visual editor, drilling into collections and fields, editing metadata, and previewing the YAML side-by-side. Protected fields (primary keys, identity fields, fields referenced by the integration config) are restored automatically with a warning instead of producing a hard error. The same editor is also available for non-SaaS datasets on the Manage Datasets page.
  • Erase Customer Data in Medallia: Medallia now supports deletion privacy requests via the Import Feed (CSV) flow. Previously only access requests were supported.
  • AppsFlyer Performance Improvement: The AppsFlyer integration now keys the apps step on the data subject's email instead of every known AppsFlyer ID, reducing redundant downstream API calls.
  • New Integration Management Experience Is Now Live: SaaS integrations are now visible on the unified integrations list and add-integration picker for all deployments. The Beta newIntegrationManagement flag has been retired. Note: SaaS connectors that were already configured will become visible in the integrations list on first login after the upgrade.

Fides core

  • Smarter Search in the Admin UI Nav: The nav search bar now matches synonyms with relevance ranking — typing "TCF" finds the Vendors page, "GDPR" finds Locations and Regulations, "DSR" finds the Request Manager. The Cmd/Ctrl+K quick-open modal uses the same matching.
  • Email Addresses as Usernames: The username validator now accepts @ and + characters, so user provisioning that uses email addresses (including the name+tag@domain.com form) works directly.
  • Configurable Database Health-Check Timeout: The database health check used a hard-coded 1-second timeout, which was too tight in some cloud deployments. It's now tunable via FIDES__DATABASE__HEALTHCHECK_QUERY_TIMEOUT. Default remains 1 second.
  • Polished Login UX: The login button is no longer interactive during the transition to the post-login screen. Login also no longer reveals SSO configuration details on bad credentials.
  • Security: Dependency upgrades address known vulnerabilities in cryptography, jwcrypto, and Werkzeug. The reinvite-user endpoint now rejects re-invites for disabled users whose disabled reason is not "pending invite."

Database schema & data changes

  • att_exempt column added to PrivacyNotice, PrivacyNoticeHistory, and PrivacyNoticeTemplate tables
  • New generating status added to the PrivacyAssessment model
  • needs_polling and completion_status fields added to Jira connection config
  • questionnairestatus enum: abandoned renamed to stopped; AnswerVersion.created_by made nullable
Release Notes2.84.0