# Changelog

#### 6.5.0 – Apr. 12, 2026

* <mark style="background-color:$warning;">**Breaking changes**</mark><mark style="background-color:$warning;">: this version doesn’t support Celery.</mark>
* <mark style="background-color:$warning;">**Breaking changes**</mark><mark style="background-color:$warning;">: Renamed the</mark> <mark style="background-color:$warning;"></mark><mark style="background-color:$warning;">`oz_instant_save_artifacts_s3`</mark> <mark style="background-color:$warning;"></mark><mark style="background-color:$warning;">config parameter to</mark> <mark style="background-color:$warning;"></mark><mark style="background-color:$warning;">`OZ_INSTANT_SAVING_ARTIFACTS_ENABLED`</mark><mark style="background-color:$warning;">. If you use this parameter, please rename it</mark> <mark style="background-color:$warning;"></mark><mark style="background-color:$warning;">**manually**</mark><mark style="background-color:$warning;">.</mark>
* Added integration with OLAP.
* Improved performance under high load.
* Increased the total attachment size (`OZ_ATTACHMENT_MAX_SIZE`) from 10 MB to 24 MB.
* Resolved the issue with improper processing of `POST /api/folders/{{folder_id}}/media/request` that could result in incomplete responses with missing media files.
* Added timezone-safe handling for database records to ensure consistent timestamps regardless of the timezone used.
* OzCapsula now returns specific error codes for different container damage types instead of a generic "Invalid Data Container" error.
* Resolved API errors in multi-storage mode.
* Setting `OZ_STATIC_S3_BUCKET_URL` as an empty string no longer leads to the S3 misconfiguration error.
* Sending a container without media no longer causes a 500 error.
* Fixed the bug where Instant API could save artifacts to local storage when persistence was disabled.
* Fixed the bug where Instant API might create a database record when processing an invalid container.
* Fixed the bug with `time_created` and `time_updated` that might have appeared incorrect.
* Enhanced security.

#### 6.4.2-18 – Feb. 12, 2026

* <mark style="background-color:$warning;">**Breaking changes:**</mark> <mark style="background-color:$warning;"></mark><mark style="background-color:$warning;">if you use S3, set</mark> <mark style="background-color:$warning;"></mark><mark style="background-color:$warning;">`OZ_STATIC_S3_BUCKET_URL="None"`</mark> <mark style="background-color:$warning;"></mark><mark style="background-color:$warning;">to avoid breaking of the S3 connection.</mark> This is fixed in 6.5.0.
* You can now add container to the existing folder using the `POST api/folders/{folder_id}/media` method.
* Improved performance of the **Collection** analysis.
* You can now trim a video if it is too long. Set the `OZ_FFMPEG_VIDEO_CROPPING_ENABLED` parameter to `true` to enable automatic trimming of videos longer than `OZ_VIDEO_DURATION_MAX`. If a video is trimmed, the corresponding records will be added to logs.
* If a container cannot be processed (error 14), we now save the corresponding order’s data to ease investigation.
* If a container is considered invalid, API logs now include the corresponding `folder_id` to simplify the search.
* Fixed folder deletion in local-local and local-s3 configurations to properly remove static files.

#### 6.4.1-40 – Dec. 24, 2025

* <mark style="background-color:$primary;">Implemented a new proprietary data format: OzCapsula Data Container.</mark>
* Instant API now can save static and JSON payload to S3. To enable this functionality, set `oz_instant_save_artifacts_s3` to `true`.
* Resolved the issue with occasional false rejections using videos received from Web SDK.
* The **Collection** analysis now ignores images tagged with `photo_id_back`.
* Internal improvements.

#### 6.4.0 – Nov. 24, 2025

{% hint style="info" %}
Only for SaaS.
{% endhint %}

* Updated API to support upcoming features.

#### 6.3.5 – Nov. 03, 2025

* Fixed bugs that could cause the `GET /api/folders/` request to return incorrect results.

#### 6.3.4 – Oct. 20, 2025

* Updated API to support upcoming features.
* Fixed bugs.

#### 6.3.3 – Sept. 29, 2025

* Resolved an issue with `POST /api/instant/folders/` and `POST /api/folders/` returning “500 Internal Server Error” when the video sent is corrupted. Now system returns “400 Bad Request”.
* Updated API to support upcoming features.

#### 6.3.0 – Aug 05, 2025

* <mark style="background-color:$primary;">**Updated API 6 to support Kazakhstan regulatory requirements**</mark>: added the functionality of extracting action shots from videos of a person performing gestures.
* You can remove admin rights from a CLIENT ADMIN user and change their role to CLIENT via `PATCH /api/users/{{user_id}}`.
* You can generate a service token for a user with the OPERATOR role.
* Enhanced security.

#### 6.2.5 – June 18, 2025 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Optimization and performance updates.

#### 6.2.3 – June 02, 2025 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Analyses can now be done in parallel with each other. To enable this feature, add the `OZ_ANALYSE_PARALLELED_CHECK_MEDIA_ENABLED` parameter to `config.py` and set it to `true` (the default value is `false`).
* For the instant mode, authorization can be disabled. Add the `OZ_AUTHORIZE_DISABLED_STATELESS` parameter to `config.py` and set it to `true` (the default value is `false`) to use instant API without authorization.
* Fixed the issue with MP4 videos that sometimes could not be played after downloading from SDK.
* We now return the correct error for the non-authorized requests.
* Fixed the bug with “spontaneous” error 500 that had been caused by too few frames in video. Added the check for the number of frames and more descriptive error messages.
* Performance, security, and installation updates.

#### 6.0.1 – Apr. 30, 2025 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

Please note: this version doesn't support the Kazakhstan regulatory requirements.

* Optimized storage and database.
* Implemented the [single request mode](https://doc.ozforensics.com/oz-knowledge/guides/developer-guide/api/oz-api/single-request) which involves creating a folder and executing analyses in a single request by attaching a part of the analysis in the payload.
* Implemented the [instant analysis mode](https://doc.ozforensics.com/oz-knowledge/guides/developer-guide/api/oz-api/instant-api-non-persistent-mode) without storing any data locally or in database. This mode can be used either with or without other API components.
* You can now combine working systems based on asynchronous method or celery worker (local processing, celery processing). Added S3 storage mechanics for each of the combinations.
* Enhanced security.
* We no longer support RAR archives.
* We no longer support Active Directory. This functionality will be returned in the upcoming releases.
* Improved mechanics for calculating analysis time.
* Replaced the `is_admin` and `is_service` flags for the CLIENT role with new roles: CLIENT ADMIN and CLIENT SERVICE, respectively. Set the roles in `user_type`.
* To issue a service token for a user via `{{host}}/api/authorize/service_token/`, this user must have the CLIENT SERVICE role. You can also create a token for another user with this role: call `{{host}}/api/authorize/service_token/{user_id}`.
* Removed collection and person attributes from `COLLECTION.analysis`.
* We no longer store separate objects for each frame in `SHOTS_SET`. If you want to save an image from your video, consider enabling [best shot](https://doc.ozforensics.com/oz-knowledge/guides/developer-guide/api/oz-api/basic-scenarios/liveness/best-shot).
* We no longer support Podman for installation.
* Updated the API reference: [Oz API 6.0](https://apidoc.ozforensics.com/).
* Changed endpoints and parameters:

| Deprecated Endpoint or Parameter                                                    | Replacement                                                                 |
| ----------------------------------------------------------------------------------- | --------------------------------------------------------------------------- |
| `PATCH users/{{user_id}}/` to change user password                                  | `POST /api/users/{{user_id}}/change-password`                               |
| `DELETE images\|media/<media_id>` to delete an image of a person from collection    | `DELETE collections/<collection_id>/persons/<person_id>/images/<media_id>/` |
| `image_id`, `video_id`, and `shots_set_id`                                          | `media_id`                                                                  |
| `analyse_id`                                                                        | `analysis_id`                                                               |
| `can_start_analyse_biometry`                                                        | `can_start_analysis_biometry`                                               |
| `can_start_analyse_collection`                                                      | `can_start_analysis_collection`                                             |
| `can_start_analyse_documents`                                                       | `can_start_analysis_documents`                                              |
| `can_start_analyse_quality`                                                         | `can_start_analysis_quality`                                                |
| `expire_date` in `{{host}}/api/authorize/auth` and `{{host}}/api/authorize/refresh` | `access_token.exp` from payload                                             |
| `session_id` in `{{host}}/api/authorize/auth` and `{{host}}/api/authorize/refresh`  | `token_id`                                                                  |

#### 5.3.1 – Dec. 24, 2024 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Improved the resource efficiency of server-based biometry analysis.

#### 5.3.0 – Nov. 27, 2024 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* API can now extract action shots from videos of a person performing gestures. This is done to comply with the new Kazakhstan regulatory requirements for biometric identification.
* Created a new report template that also complies with the requirements mentioned above.
* If action shots are enabled, the thumbnails for the report are generated from them.

#### 5.2.0 – Sept. 06, 2024 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Updated the Postman collection. Please see the new collection [here](https://doc.ozforensics.com/oz-knowledge/guides/developer-guide/api/postman-collections#id-5.2) and at <https://apidoc.ozforensics.com/>.
* Added the new method to check the timezone settings: `GET {{host}}/api/config`
* Added parameters to the `GET {{host}}/api/event_sessions` method:
  * `time_created`
  * `time_created.min`
  * `time_created.max`
  * `time_updated`
  * `time_updated.min`
  * `time_updated.max`
  * `session_id`
  * `session_id.exclude`
  * `sorting`
  * `offset`
  * `limit`
  * `total_omit`
* If you create a folder using SHOT\_SET, the corresponding video will be in `media.video_url`.
* Fixed the bug with CLIENT ADMIN being unable to change passwords for users from their company.

#### 5.1.1 – July 16, 2024 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Security updates.

#### 5.1.0 – Mar. 20, 2024 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Face Identification 1:N is now live, significantly increasing the data processing capacity of the Oz API to find matches. Even huge face databases (containing millions of photos and more) are no longer an issue.
* The Liveness (QUALITY) analysis now ignores photos tagged with `photo_id`, `photo_id_front`, or `photo_id_back`, preventing these photos from causing the tag-related analysis error.

#### 5.0.1 –  July 16,  2024 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Security updates.

#### 5.0.0 – Nov. 17, 2023 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* You can now apply the Liveness (QUALITY) analysis to a single image.
* Fixed the bug where the Liveness analysis could finish with the SUCCESS result with no media uploaded.
* The default value for the `extract_best_shot` parameter is now True.
* RAR archives are no longer supported.
* By default, `analyses.results_media.results_data` now contain the `confidence_spoofing` parameter. However, if you need all three parameters for the backward compatibility, it is possible to change the response back to three parameters: `confidence_replay`, `confidence_liveness`, and `confidence_spoofing`.
* Updated the default PDF report template.
* The name of the PDF report now contains `folder_id`.

#### 4.0.8-patch1 – July 16, 2024 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Security updates.

#### 4.0.8 – May 22, 2023 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Set the autorotation of logs.
* Added the CLI command for user deletion.
* You can now switch off the video preview generation.
* The ADMIN access token is now valid for 5 years.
* Added the folder identifier `folder_id` to the report name.
* Fixed bugs and optimized the API work.

#### 4.0.2 – Sept. 13, 2022 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* For the sliced video, the system now deletes the unnecessary frames.
* Added new methods: GET and POST at `media/<media_id>/snapshot/`.
* Replaced the default report template.
* &#x20;The shot set preview now keeps images’ aspect ratio.
* ADMIN and OPERATOR receive `system_company` as a company they belong to.
* Added the `company_id` attribute to User, Folder, Analyse, Media.
* Added the Analysis `group_id` attribute.
* Added the `system_resolution` attribute to Folder and Analysis.
* The analysis `resolution_status` now returns the `system_resolution` value.
* Removed the PATCH method for collections.
* Added the `resolution_status` filter to Folder Analyses \[LIST] and `analyse.resolution_status` filter to Folder \[LIST].
* Added the audit log for Folder, User, Company.
* Improved the company deletion algorithm.
* Reforged the blacklist processing logic.
* Fixed a few bugs.

#### 3.33.0 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* The Photo Expert and KYC modules are now removed.
* The endpoint for the user password change is now `POST` users/user\_id/change-password instead of `PATCH`.

#### 3.32.1 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Provided log for the Celery app.

#### 3.32.0 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Added filters to the Folder \[LIST] request parameters: `analyse.time_created`, `analyse.results_data` for the Documents analysis, `results_data` for the Biometry analysis, `results_media_results_data` for the QUALITY analysis. To enable filters, set the `with_results_media_filter` query parameter to `True`.

#### 3.31.0 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Added a new attribute for users – `is_active` (default `True`). If `is_active == False`, any user operation is blocked.
* Added a new exception code (1401 with status code 401) for the actions of the blocked users.

#### 3.30.0 <a href="#h.1ukr1nhgtu2h" id="h.1ukr1nhgtu2h"></a>

* Added shots sets preview.
* You can now save a shots set archive to a disk (with the `original_local_path`, `original_url` attributes).
* A new original\_info attribute is added to store md5, size, and mime-type of a shots set
* Fixed `ReportInfo` for shots sets.

#### 3.29.0 <a href="#h.57go6yeagtyv" id="h.57go6yeagtyv"></a>

* Added health check at GET `api/healthcheck.`

#### 3.28.1 <a href="#h.lx44qi3ojpq4" id="h.lx44qi3ojpq4"></a>

* Fixed the shots set thumbnail URL.

#### 3.28.0 <a href="#h.v3026llghh84" id="h.v3026llghh84"></a>

* Now, the first frame of shots set becomes this shots set's thumbnail URL.

#### 3.27.0 <a href="#h.f1zm0vp7rjxj" id="h.f1zm0vp7rjxj"></a>

* Modified the retry policy – the default max count of analysis attempts is increased to 3 and jitter configuration introduced.
* Changed the callback algorithm.
* Refactored and documented the command line tools.
* Refactored modules.

#### 3.25.0 <a href="#h.hq5qdij1begy" id="h.hq5qdij1begy"></a>

* Changed the delete personal information endpoint and method from `delete_pi` to `/pi` and from POST to DELETE, respectively.

#### 3.23.1 <a href="#h.7jpn8ypehdkf" id="h.7jpn8ypehdkf"></a>

* Improved the delete personal information algorithm.
* It is now forbidden to add media to cleaned folders.

#### 3.23.0 <a href="#h.5oaf0kic55jm" id="h.5oaf0kic55jm"></a>

* Changed the authorize/restore endpoint name from `auth` to `auth_restore`.
* Added a new tag – `video_selfie_oneshot`.
* Added the password validation setting (`OZ_PASSWORD_POLICY`).
* Added `auth`, `rest_unauthorized`, `rps_with_token` throttling (use `OZ_THROTTLING_RATES` in configuration. Off by default).
* User permissions are now used to access static files (`OZ_USE_PERMISSIONS_FOR_STATIC` in configuration, false by default).
* Added a new folder endpoint – `/delete_pi`. It clears all personal information from a folder and analyses related to this folder.

#### 3.22.2 <a href="#h.xmbuocnsbw7c" id="h.xmbuocnsbw7c"></a>

* Fixed a bug with no error while trying to synchronize empty collections.
* If persons are uploaded, the analyse collection TFSS request is sent.

#### 3.22.0 <a href="#h.7n524iv30eea" id="h.7n524iv30eea"></a>

* Added the `fields_to_check` parameter to document analysis (by default, all fields are checked).
* Added the `double_page`\_spread parameter to document analysis (`True` by default).

#### 3.21.3 <a href="#h.s4bkrryds81f" id="h.s4bkrryds81f"></a>

* Fixed collection synchronization.

#### 3.21.0 <a href="#h.ybp5fis7hif" id="h.ybp5fis7hif"></a>

* Authorization token can be now refreshed by `expire_token`.

#### 3.20.1 <a href="#h.62a04f5hjp51" id="h.62a04f5hjp51"></a>

* Added support for application/x-gzip.

#### 3.20.0 <a href="#h.46z6l4i4zxul" id="h.46z6l4i4zxul"></a>

* Renamed shots\_set.images to shots\_set.frames.

#### 3.18.0 <a href="#h.y2sn9t8vn4gy" id="h.y2sn9t8vn4gy"></a>

* Added user sessions API.
* Users can now change a folder owner (limited by permissions).
* Changed dependencies rules.
* Changed the access\_token prolongation policy to fix bug of prolongation before checking the expiration permission.

#### 3.16.0 <a href="#h.jrmvqtdm8sri" id="h.jrmvqtdm8sri"></a>

* Move `oz_collection_binding` (collection synchronization functional) to `oz_core`.

#### 3.15.3 <a href="#h.vuhxpkscwrom" id="h.vuhxpkscwrom"></a>

* Simplified the shots sets functionality. One archive keeps one shot set.

#### 3.15.2 <a href="#h.xz5jhmky5tni" id="h.xz5jhmky5tni"></a>

* Improved the document sides recognition for the docker version.

#### 3.15.1 <a href="#h.p7wrd2xevglo" id="h.p7wrd2xevglo"></a>

* Moved the orientation tag check to liveness at quality analysis.

#### 3.15.0 <a href="#h.17hmnlitpctq" id="h.17hmnlitpctq"></a>

* Added a default report template for Admin and Operator.

#### 3.14.0 <a href="#h.812yocde4qsx" id="h.812yocde4qsx"></a>

* Updated the biometric model.

#### 3.13.2 <a href="#h.hzhtfp3fbebk" id="h.hzhtfp3fbebk"></a>

* A new ShotsSet object is not created if there are no photos for it.
* Updated the data exchange format for the documents' recognition module.

#### 3.13.1 <a href="#h.3n9rtd9zj6j9" id="h.3n9rtd9zj6j9"></a>

* You can’t delete a Collection if there are associated analyses with Collection Persons.

#### 3.13.0 <a href="#h.yukywxfunm2n" id="h.yukywxfunm2n"></a>

* Added time marks to analysis: `time_task_send_to_broker`, `time_task_received`, `time_task_finished.`

#### 3.12.0 <a href="#h.lhumgvizng1f" id="h.lhumgvizng1f"></a>

* Added a new authorization engine. You can now connect with Active Directory by LDAP (settings configuration required).

#### 3.11.0 <a href="#h.kevln9zcv2sg" id="h.kevln9zcv2sg"></a>

* A new type of media in Folders – "shots\_set".
* You can’t delete a CollectionPerson if there are analyses associated with it.

#### 3.10.0 <a href="#h.rdxxf8z7idsg" id="h.rdxxf8z7idsg"></a>

* Renamed the folder field `resolution_suggest` to `operator_status`.
* Added a folder text field `operator_comment`.
* The folder fields `operator_status` and `operator_comment` can be edited only by Admin, Operator, Client Service, Client Operator, and Client Admin.
* Only Admin and Client Admin can delete folder, folder media, report template, report template attachments, reports, and analyses (within their company).

#### 3.9.0 <a href="#h.mf4sucdx592a" id="h.mf4sucdx592a"></a>

* Fixed a deletion error: when report author is deleted, their reports get deleted as well.

#### 3.8.1 <a href="#h.mue5vngx68ut" id="h.mue5vngx68ut"></a>

* Client can now view only their own profile.

#### 3.8.0 <a href="#h.m8czk7ozgmtl" id="h.m8czk7ozgmtl"></a>

* Client Operator can now edit only their profile.
* Client can't delete own folders, media, reports, or analyses anymore.
* Client Service can now create Collection Person and read reports within their company.

#### 3.7.1 <a href="#h.3gzq7jkbr9ei" id="h.3gzq7jkbr9ei"></a>

* Client, Client Admin, Client Operator have read access to users profiles only in their company.
* A/B testing is now available.
* Added support for expiration date header.
* Added document recognition module Standalone/Dockered binding support.

#### 3.7.0 <a href="#h.3fq2tdr2s1ks" id="h.3fq2tdr2s1ks"></a>

* Added a new role of Client Operator (like Client Admin without permissions for company and account management).
* Client Admin and Client Operator can change the analysis status.
* Only Admin and Client Admin (for their company) can create, update and delete operations for Collection and CollectionPerson models from now on.
* Added a check for user permissions to report template when creating a folder report.
* Collection creation now returns status code 201 instead of 200.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://doc.ozforensics.com/oz-knowledge/guides/developer-guide/api/oz-api/changelog.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.