Fides 2.87.0 release notes

• 2.87.0: June 8, 2026

Helios

Detect and classify global data risks with comprehensive visualization for data mapping and reporting for modern Enterprise.

• Sharper Data Classification With Reasons When the Model Is Unsure: Discovery monitor classification now reads the description of the System linked to a monitor (for example, "internal billing platform; the customers table holds B2B contact info") so the model has more context for ambiguous fields. On by default, toggleable per monitor. When the model can't confidently classify a field, it now records an uncertain verdict with a confidence score and a required explanation, surfaced on the default operational-data label. Reviewers now get a clear difference between "this is genuinely operational data" and "the model couldn't decide."
• Bug Fixes:
  • The System Information form now correctly locks every field for viewer users and for system managers who can't edit, including antd dropdowns and switches that previously stayed editable. A viewer who is assigned as manager of a specific system can edit that system.
  • The source filter (Global Vendor List / Google Additional Consent) on the Choose Vendors page now actually filters the table — it had silently stopped working after a column rename.
  • Website monitor assets now show the correct assigned system name after you change it.
• Removed:
  • The old /add-systems setup wizard has been removed, including its AWS and Okta scanner steps, which were no longer reachable through normal navigation. Single-system creation still lives at /add-systems/manual and bulk vendor add at /add-systems/multiple.

Lethe

Enterprise grade privacy request management and processing with a single orchestration layer for DSRs across vendors and systems

• Review and Redact Access Request Data Before It's Released: A new Access package tab opens automatically when a completed access request is waiting for review. Reviewers can see the collected data organized by data use, with field and system counts, and uncheck individual fields to redact them. The package can be previewed or downloaded, and approving it resumes the request. Redactions are validated against real field paths so you can't redact something that doesn't exist, with a size guard to protect against very large requests. Opt-in: gated by the backend FIDESPLUS__ACCESS_PACKAGE__ENABLED setting plus the accessPackages frontend flag. Both are off by default; until they're on, nothing changes.
• Richer Privacy Center Intake Forms: The Privacy Center form now renders checkbox, checkbox-group, textarea, and file-upload fields. File uploads are validated for size and type, then attached to the request on submit. File uploads require additional security measures, please reach out to the Ethyca team for more information. Fields can carry display conditions so they appear or disappear reactively as the form is filled in — for example, a form can show a "State of residence" field only after the person selects "United States" as their country. Hidden fields are excluded from validation and from submitted data. The Admin UI form builder also now knows about date-of-birth and file-upload field types (the form builder is gated by the formBuilder feature flag).
• Import Historical Privacy Requests From Another Fides Deployment: A new owner-only API endpoint bulk-inserts already-finished privacy requests without running them through the processing pipeline again, preserving the audit trail when migrating from a self-hosted Fides to the cloud (or between deployments). Each imported record is written directly with a terminal status, tagged with source "Import," and given a single audit-log entry. No task scheduling, notifications, webhooks, duplicate detection, or identity verification fires. The endpoint is limited to the owner role and rejects any record that isn't in a finished state. API-only — no UI surface.
• Duplicate Detection: Stable Groups and New Matching Options: Toggling a duplicate-detection setting like "enabled" no longer reshuffles your existing duplicate groups. Previously, changing a setting could rotate the internal rule version and regroup requests; now only a real change to the matching criteria (time window or matched fields) does that. This release also adds configuration for matching on location and on custom fields, and for an auto-deny option that can automatically deny detected duplicates with a stated reason.
• Privacy Requests That Used to Get Stuck Now Recover: A batch of fixes resolves several ways a privacy request could silently stall or finish without doing its work — mostly affecting deployments with deleted or reconfigured integrations, manual tasks, and worker crashes.
  • A request no longer gets permanently stuck when an integration it depends on is deleted or disabled mid-flight. Orphaned async tasks are skipped cleanly, and a dangling "erase after" reference to a deleted integration raises a clear error before any partial work is saved, instead of completing the request without erasing anything.
  • Erasure requests that lost their tasks to a silent task-creation failure now recreate the missing tasks on retry, and the watchdog can see the gap instead of being fooled by the completed access tasks.
  • Errored tasks that depend on each other now all reset and re-run together on retry, instead of one of them getting left behind as orphaned.
  • Editing or deleting a manual task's configuration while a request is paused for input no longer silently completes the task with no data or deletes partially-submitted work. The task keeps waiting for the operator.
  • Privacy request status is now always computed from the underlying task states, fixing cases where a request with a mix of manual and async tasks showed the wrong status or didn't update when a manual task finished.
  • The watchdog no longer cancels requests that are intentionally paused waiting for manual input.
  • When the stuck-task reaper or a worker-level crash (out-of-memory, kill, timeout) ends a request, an error entry is now written to the request's Activity timeline so the reason is visible in the Admin UI instead of only in server logs.
  • Async erasure for SaaS connectors that rely on data from another collection (such as Movable Ink) no longer fails to resolve that data.
  • Large volumes of privacy requests now use less memory and put less load on the database.
• Bug Fixes:
  • The first entry in a request's activity timeline now reflects the real request type (for example "Erasure request received") instead of always saying "Access request received."
  • "Manual Task" no longer appears as a selectable integration type on the Systems page, and a linked manual task no longer shows the legacy "Customize DSR" modal.
  • "Download troubleshooting data" now streams the diagnostics ZIP straight to your browser instead of uploading it to storage first, so it works regardless of how (or whether) remote storage is configured.
  • Boolean/checkbox custom fields now display correctly in the request details view, showing "Yes"/"No" instead of dropping a false value entirely.
  • The "Resend code" button on the Privacy Center verification page now resends the code and keeps the user on the verification page, instead of throwing them back to the request form.

Janus

High performance consent recording and orchestration for data sharing, built for enterprise data engineering and AI pipelines.

• See How Your TCF Consent Setup Has Changed Over Time: A new TCF Version History page records every change to your TCF consent configuration (cache rebuilds, config edits, Compass vendor syncs), with a fingerprint of the old and new state and what triggered each transition. Access it by clicking "History →" next to each TCF experience in the experience list table. The history table has expandable rows showing the component-level differences. When a Compass vendor sync changes the setup, Fides now also refreshes the cache so visitors are re-prompted for consent as expected.
• Bug Fixes:
  • The Properties picker in the Privacy Experience editor now lists all of your properties (up to 300) instead of cutting off at 50, so customers with many properties can find the one they need.
  • Property forms now save their configured paths and any actions added during initial creation, instead of dropping them.
  • Fixed a misaligned "Edit experience text" button in the Locations & Languages section when translations are turned off.
• v3 Privacy Preferences API Changes:
  • Note: GET /api/v3/privacy-preferences no longer returns total_count automatically on the first page. Pass include_count=true to get it. This is a behavior change for any direct caller relying on the old default.
  • The v3 privacy-preferences import and export endpoints now require authentication and the appropriate scope. They were previously reachable without authentication.
  • Consent read endpoints are faster and put less load on the primary database: authentication on the read path now uses the read replica, and the write path makes fewer round trips.

Astralis

Real-time data access, usage, and retention policy enforcement across your infrastructure. Astralis embeds governance directly into data pipelines and AI workflows, preventing misuse before it happens and generating an always-on audit trail for regulatory and AI governance.

• Assessment Status on the Home Dashboard: A new Assessment Status card on the home dashboard shows privacy assessments broken down by status, risk profile, the owners with open work, and the groups that need attention. Clicking any part of it jumps to the Privacy Assessments page. Behind the privacyAssessments feature flag, and additionally behind alphaDashboardAssessmentStatusCard.
• Assessments and Privacy Requests No Longer Slow Each Other Down: Assessment and questionnaire jobs now run on their own dedicated worker capacity, separate from privacy request processing. Previously, a busy stretch of AI-assisted assessment work and a busy stretch of privacy requests could leave each other waiting, time out, or run into memory pressure. Each kind of work now has dedicated capacity, keeping assessment and questionnaire latency steadier and protecting privacy request turnaround.
• Bug Fix: The assessment questionnaire assistant no longer falsely tells a respondent their answer was recorded when it wasn't, and no longer treats "what's your next question?" as a request to skip the current one. Behind the privacyAssessments feature flag.

Purpose-Based Access Control (Alpha)

All PBAC functionality remains behind the alphaPurposeBasedAccessControl feature flag.

• Access Policies That Match on Data Category Now Work: Fides now reads the columns a query touches, resolves them to data categories, and feeds those into policy evaluation. Previously the data-category field was always empty, so any policy written against a data category never fired.
• Descriptive Labels for PBAC Violations: Violations that don't map to a real access policy now show descriptive labels like "Dataset Purpose Empty" or "Consumer and Data Purpose Alignment" instead of blank dashboard columns.
• Data Purposes Moved to a Database Table: The data-purpose store moved from a Redis cache to a global_purpose database table (one purpose per data use), with guards that prevent deleting a data use or purpose that is still in use. Existing purposes are backfilled automatically on upgrade.

Integrations

• New Integration: Microsoft Dynamics 365 CRM: You can now fulfill both access and erasure privacy requests against Microsoft Dynamics 365 CRM (Dataverse) data. Access covers nine record types (contacts, leads, addresses, cases, quotes, orders, invoices, and more); erasure masks personal data across eight of them. Access requests are bundled into two batched API calls rather than one per record type, so they stay fast. Sales orders are returned in access but not modified on erasure, because Dynamics typically locks them once processed.
• New Integration: ERPLY: You can now fulfill access and erasure privacy requests against customer and address data in your ERPLY account. The integration is part of the standard add-integration flow.
• New Integration: Movable Ink: You can now fulfill erasure privacy requests against Movable Ink. The connector submits the deletion and then polls Movable Ink for completion.
• Braintree Connector Reworked: The Braintree integration now looks customers up by email, supports deleting the customer and their stored payment methods (in the right order), and can return payment-method and transaction data in an access request. Transaction fields only appear in an access package if user.financial is included in the access policy's targets. Note: This changes how the connector behaves — previously it identified customers by an external Braintree user ID and updated rather than deleted records. Existing Braintree integrations should be aware of the new behavior.
• Request Types on the Integration Form: You can now set which request types (access, erasure, consent) an integration supports directly from the Integrations page, both when creating an integration and from its Privacy Requests tab. Previously this could only be set through the older System-based integration form, and integrations created from the newer Integrations UI landed with no request types configured.
• Bug Fixes:
  • Event-log error messages for failed SaaS calls now name the endpoint that failed (for example GET /api/v1/users), not just the status code, which makes debugging a failing integration much faster. Only the method and path are included, never query parameters or request bodies.
  • Meta Marketing erasure no longer fails the whole request when the audience-removal endpoint returns a 400 for a user who isn't in any audience.
  • Five connectors (Boostr, Gladly, Medallia, Shipstation, Stytch Consumer) now show the View docs link in the Admin UI again.
  • GraphQL connectors that use cursor pagination in the request body can now be configured in YAML instead of requiring custom code.
  • In the dataset graph editor, clicking a field node now scrolls the YAML panel to that field and highlights it.

Fides core

• Reorganized Admin UI Navigation: The Admin UI navigation has been reorganized so things are easier to find. A new Data governance group now holds Taxonomy, Purposes, Access policies, Data consumers, Access control, Assessments, Locations, and Regulations. Integrations is now its own top-level group, higher in the list. Settings is flattened into a single list of app configuration, and two items were renamed inside it: "Privacy requests" became "DSR configuration," and "Consent" became "TCF configuration."
• Clearer Errors on Expired Invite and Password-Reset Links: Clicking an expired or already-used invite or password-reset link now shows a clear "this link is no longer valid" message instead of a working-looking password form that fails on submit. The link is checked the moment the page loads, against a new validation endpoint, then either shows the dead-link message (with a sign-in or request-a-new-link prompt) or the normal password form. The endpoints are built to avoid leaking whether an account exists through response timing, and the result isn't cached by browsers or proxies.
• Sign In to the API Docs With a Username and Password: The Swagger API documentation page now lets you authorize with your username and password, alongside the existing client ID/secret method. When you're already signed in to the Admin UI on the same domain, the docs page authorizes automatically, and login or logout in one tab syncs to the docs in another.
• The Server Starts Up After an Application Rollback: If you roll the application back to an older version while the database is still on a newer schema, the server now starts up against the existing schema and logs a warning, instead of refusing to boot. This supports safe rollbacks (and, later, rolling deployments). Normal upgrades are unchanged.
• More Accessible Form Section Headers: Form sections across the Admin UI now use proper section headings that screen readers announce as field groups, and that read as headings rather than blending in with the field labels below them. This affects the System, Privacy Declaration, Privacy Notice, Property, messaging template, and consent settings forms.
• Bug Fixes:
  • When an owner assigned scopes to an API client, an unrelated error could report every requested scope as missing instead of just the one the user actually lacked. Fixed.
  • Editing a custom field backed by a taxonomy (such as Data categories) now pre-fills the Template selector, so saving no longer fails with a "select a template" error.
  • The owner role now includes the manual_field:read-own scope, so creating an API client with that scope no longer errors.
  • Cleaned up the spacing and layout of the "Data processing properties" section of the System form.
• Security: Bumped urllib3 to 2.7.0 to clear two High-severity advisories (CVE-2026-44431, CVE-2026-44432). Neither vulnerable path was reachable from Fides, but the vulnerable version is removed from the shipped image.

Database schema & data changes

• New global_purpose table (one purpose per data use), backfilled on upgrade.
• consent_form enum values added, plus new nullable columns on the privacy experience config and translation models.
• tcf_version_hash_history foreign key changed to ON DELETE SET NULL.
• New imported audit-log action and privacy-request:import owner scope for the historical import endpoint.