Skip to content
Release Notes
2.X
2.88.0

Fides 2.88.0 release notes

  • 2.88.0: June 23, 2026
The Enterprise tag indicates that features are only available for Enterprise customers. To review pricing and upgrade your plan, please visit our site (opens in a new tab) or contact us to learn more.

Helios

Detect and classify global data risks with comprehensive visualization for data mapping and reporting for modern Enterprise.

  • Bug Fixes:
    • Discovery scans no longer crash when two field names reduce to the same identifier. The duplicate resources in a batch are skipped and logged, and the rest of the table scan completes.
    • Identity provider classification no longer fails when an application name causes the model to emit an unescaped & or < in its response.
    • The Systems Inventory Add asset form now opens blank instead of pre-filling values from the previously added asset.
    • The horizontal scrollbar on the asset report and systems tables now stays pinned to the bottom of the viewport instead of floating mid-page.
    • Deleting a system now cleans up its data steward assignments on linked monitors immediately, closing a brief window where stale assignments could linger.

Lethe

Enterprise grade privacy request management and processing with a single orchestration layer for DSRs across vendors and systems

  • Data Portability Requests, With Groundwork for More Request Types: You can now fulfill data portability requests end to end, routed through the existing access pipeline and finalized with a dedicated completion email. Portability appears as an action in the Privacy Center and as a row in the Request Manager, with a seeded default policy and a customizable completion-email template. The data model now also recognizes restriction-of-processing, automated-decision, complaint, and correction request types — these are defined so later releases can turn them on, but they are not yet selectable. Includes a database migration.
  • Stronger Duplicate Detection With Automatic Denial: Duplicate request detection can now match on jurisdiction and on custom fields, on top of identity and property, and can automatically deny the duplicates it finds with a reason returned to the requestor. A new settings screen lets admins choose which identity fields to match, toggle location and custom-field matching, and turn on auto-deny with a configurable denial reason. Note: Location matching is on by default, so two requests now count as duplicates only when they share the same jurisdiction — a California request no longer matches a New York one. Auto-denied requests carry an Auto-denied badge and Denied by: System, and the request's activity timeline records the auto-denial with a link back to the original request. Includes a database migration.
  • Mark an Errored Task Complete to Unblock a Stuck Privacy Request: When an erasure or consent task errors and blocks a request, an operator can now mark that task complete with a required justification note, so one failed step no longer leaves the whole request stuck. A Mark complete button appears in the event-log drawer for errored erasure and consent tasks, a confirmation modal lists the affected tasks and requires a reason, and the action is recorded in the audit trail. Requires the privacy request review permission. Includes a database migration.
  • Admin Identity Attestation Is Now Recorded: When an admin creates a privacy request for someone and checks the box confirming they verified that person's identity, the attestation is now saved and audited. The request counts as identity-verified, so it behaves correctly in duplicate detection instead of the checkbox being cosmetic. Includes a database migration.
  • Filter the Request Manager by Property: Teams running several brands through separate Privacy Centers can now filter the privacy request list by property and see each request's originating property in its row.
  • Manual Tasks Can Depend on a Requestor's Consent Choices: A manual task can now be set to run only when it applies — for example only for users who opted out of data sales, or only when the request carries a specific identifier. The condition builder picks up per-notice consent preferences and an identity check automatically.
  • Erasures Now Fail Loudly Instead of Silently Recording False Success: A group of fixes closes cases where an erasure could report success without actually deleting data, which previously created inaccurate compliance records. These mostly affect SaaS connectors and large or partially failing requests.
    • ignore_errors no longer counts failed masking or erasure API calls as successful erasures. This had created false compliance records for integrations such as Stripe, Gong, and ServiceNow.
    • Connector responses that return HTTP 200 with an error payload are now detected as failures instead of silent successes.
    • A SaaS erasure that skipped every row no longer reports success or waits forever for a callback that never arrives.
    • Connectors that do not support erasure now raise an error instead of silently returning zero.
    • A missing data path on a masking row no longer crashes SaaS erasure. The row is skipped and logged.
    • A failed BigQuery upstream data fetch now raises instead of being swallowed.
  • Privacy Requests Recover From Stuck States More Reliably: A batch of fixes resolves several ways a privacy request could stall after a worker problem or a retry.
    • The same request task can no longer be picked up by two workers at once, which could leave a request stuck with downstream tasks reported as incomplete.
    • Requests no longer get permanently stuck after a bulk retry.
    • The status poller no longer reverts a freshly retried request back to error.
    • Resubmitting a request no longer wipes the execution logs from earlier attempts — the history is kept and the new run's logs are appended.
    • Outbound webhook connector calls now have connect and read timeouts, so an unresponsive endpoint can no longer block workers.
  • Bug Fixes:
    • The Completed On column in the privacy request CSV export is now populated.
    • Diagnostics download no longer returns a 500 for requests that errored multiple times.
    • Execution log status is now correct when a primary key is missing.
    • Saving a manual task no longer triggers a spurious unsaved-changes prompt.
    • The form builder no longer errors when saving a Location field.
    • Privacy Center identity inputs of type select or location now render as dropdown and autocomplete widgets instead of plain text.
    • Query-param prefilling now works for multiselect and checkbox-group fields in the Privacy Center.
    • Debounced search no longer scrambles text when typing and deleting quickly in the Request Manager and integration search bars.
    • Oversized country flags in the form builder phone field are fixed.
  • Removed:
    • Name is no longer a selectable identity field in the form builder.

Janus

High performance consent recording and orchestration for data sharing, built for enterprise data engineering and AI pipelines.

  • "Do Not Sell" Consent Form Is Now Generally Available: The Consent Form, a "Do Not Sell"-style opt-out experience introduced as an alpha in 2.87, is now generally available to all customers with no feature flag required. End users can complete an opt-out directly on your site and get a confirmation screen. Opting out without identity stays browser-only, while adding an email or phone escalates the opt-out into a tracked privacy request. This release wires the experience end to end: the opt-out submission and its success screen are now functional (the 2.87 modal was display only), the backend supports a full opt-out with identity on the public preferences path, and Consent Form experiences are served to the consent SDK. Note: The alphaConsentForm flag has been removed.
  • Author and Preview the Consent Form Without Guesswork: Every string the Consent Form shows is now configurable and translatable, and a live preview pane renders the real form as you edit it. Translation fields cover the opt-out notice label, the implications title and message, the success screen, the GPC prompt, and the close button. You can also configure which identity fields (email, phone, name) the form requests and whether each is required — fields stay optional until the user starts typing.
  • Global Privacy Control Prompts on the Consent Form: When a visitor's browser sends a Global Privacy Control signal, the Consent Form now opts them out automatically and shows a banner inviting them to optionally add their identity to escalate the opt-out into a full privacy request. The banner text is configurable and translatable.
  • Find Consent Form Opt-Outs in Reporting: Consent Form opt-outs now appear as their own source in the Request Manager filter and in consent reporting, so compliance teams can find and label them.
  • Set Consent From Your Mobile App Code: The Janus mobile SDK now exposes a public setConsent() method on iOS, Android, and Flutter, so developers can update a user's consent from their own code and optionally save it back to Fides.
  • Bug Fixes:
    • Looking up a user's consent now returns records across all properties instead of silently hiding records tied to a named property when none is specified. A property selector was added to the lookup.
    • Server-generated consent strings now populate the disclosed-vendors section, so the precomputed accept-all and reject-all strings match what the consent SDK produces in the browser.
    • The built-in opt-out policy used by the Consent Form is now correctly treated as a consent policy rather than an erasure policy. Includes a database migration.

Astralis

Real-time data access, usage, and retention policy enforcement across your infrastructure. Astralis embeds governance directly into data pipelines and AI workflows, preventing misuse before it happens and generating an always-on audit trail for regulatory and AI governance.

  • Privacy Assessments Rebuilt End to End: The privacy assessments experience has been rebuilt. Reviewers can see where each answer came from and how confident the system is, confirm answers, review each section, and formally sign off. The detail view shows a progress card, a provenance bar that segments answers by source, a section-by-section accordion with an evidence drawer, per-question confidence callouts, and a sign-off readiness card. The list view adds grouped cards, sorting, search, and live status, with a toggle to a reporting table whose columns (stage, risk, system, approver, reviewer, respondent, dates) filter on the server so a filtered view can be shared by URL. Risk now spans five levels: No Risk, Low, Medium, High, and Critical. Gated by the privacyAssessments feature flag (off in production by default); the risk indicator is additionally gated by alphaAssessmentRiskIndicator. Includes database migrations.
  • Generate One Assessment per Processing Purpose: Assessments can now be generated per purpose, producing a single assessment that spans every system sharing that purpose, instead of one per system. The generation dialog lets you choose the scope and shows how many assessments the run will create. Gated by the privacyAssessments feature flag (off in production by default). Includes a database migration.
  • Questionnaires Confirm Partially Derived Answers: When an assessment answer was only partly derived from your Fides data, the questionnaire now asks the respondent to confirm or expand on it instead of treating the derived value as final. Replies are merged with the derived value rather than overwriting it. Gated by the privacyAssessments feature flag (off in production by default).
  • Purposes View Moved to the Live Taxonomy: The Purposes view now reads from the global purpose API and drops the de-scoped governance and risk features that were not in use.
  • Bug Fixes:
    • Assessment pages now show a clear error page with the real status (such as a 403) instead of a generic try again prompt.
    • The Critical and No Risk levels are now selectable in the assessments risk filter.
    • The questionnaire chat drawer no longer shows stale message history after being closed and reopened.
    • Evidence drawer field and section names now read in plain language.
    • Assessment generation uses less memory by scoping each prompt to the relevant declaration.
    • The default assessment model is now Claude Opus 4.7, ahead of the retirement of the previous model, so generation keeps working.
    • The privacy questionnaire Slack bot replies faster after removing redundant calls and an artificial delay.

Integrations

  • New Integration: Adobe Commerce: You can now fulfill access requests against Adobe Commerce (Magento) customer, address, order, and cart data. The connector authenticates with OAuth1.
  • OAuth1 Authentication for SaaS Connectors: SaaS integrations can now authenticate using an OAuth1 strategy, used by the new Adobe Commerce connector.
  • Bug Fixes:
    • The Saleor connector now supports wildcard domains in its allowed values.
    • The Splash connector now supports configurable retry-after headers and rate limiting.
    • The dataset Visual Editor no longer loses its state on page refresh, and breadcrumbs consistently use the dataset key.
    • The Test Dataset page's Save button is no longer wrongly disabled, and its reachability alert no longer overlaps other content.
    • The edit-dataset page no longer shows a stale dataset from a previously viewed integration.

Fides core

  • Bug Fixes:
    • The password-reset invalidation check no longer fails on a timezone mismatch, so resetting a password reliably invalidates older reset tokens.
    • Creating a user no longer silently flips a disabled account to pending-invite when email invites are on. A new skip-invite option controls this, and a failed invite dispatch now returns an error instead of appearing to succeed.
    • Changing a user's email now resets that email's verified status.
    • Custom fonts (Basier Square, Basier Square Mono, Eliza) render again across the Admin UI.
    • Scheduled tasks now register correctly for workers started through the base Fides entrypoint.
  • Security:
    • starlette upgraded to 1.2.1, which also fixed a bcrypt error on identity values longer than 72 bytes.
    • The bundled system pip was removed from the base image to clear two CVEs.
    • PyJWT upgraded to address four CVEs.
    • Tornado upgraded to fix a flaw that could leak SSL or proxy credentials between requests.

Database schema & data changes

  • SQLAlchemy upgraded from 1.4 to 2.0. The backend ORM was upgraded, with follow-on fixes for async throughput and connection-pool handling. No customer-facing API change.
  • New privacy request action types (data portability, restriction of processing, automated decision, complaint, correction).
  • New columns and tracking for duplicate detection's auto-deny source.
  • New audit-log action for marking a manual task complete with justification.
  • New audit-log action for admin identity attestation on privacy requests.
  • New configuration to generate assessments per processing purpose.
  • Assessment detail view, sign-off readiness, table-view reporting, and five-level risk grading.
  • Consent Form opt-out policy converted from an erasure policy to a consent policy.
  • DSR encryption key moved from Redis to Postgres for durability, with lazy backfill for existing requests.
Release Notes2.87.0