# Changelog

#### 6.4.2-18 – Feb. 12, 2026

* <mark style="background-color:$warning;">**Breaking changes:**</mark> <mark style="background-color:$warning;"></mark><mark style="background-color:$warning;">if you use S3, set</mark> <mark style="background-color:$warning;"></mark><mark style="background-color:$warning;">`OZ_STATIC_S3_BUCKET_URL="None"`</mark> <mark style="background-color:$warning;"></mark><mark style="background-color:$warning;">to avoid breaking of the S3 connection.</mark>
* You can now add container to the existing folder using the `POST api/folders/{folder_id}/media` method.
* Improved performance of the **Collection** analysis.
* You can now trim a video if it is too long. Set the `OZ_FFMPEG_VIDEO_CROPPING_ENABLED` parameter to `true` to enable automatic trimming of videos longer than `OZ_VIDEO_DURATION_MAX`. If a video is trimmed, the corresponding records will be added to logs.
* If a container cannot be processed (error 14), we now save the corresponding order’s data to ease investigation.
* If a container is considered invalid, API logs now include the corresponding `folder_id` to simplify the search.
* Fixed folder deletion in local-local and local-s3 configurations to properly remove static files.

#### 6.4.1-40 – Dec. 24, 2025

* <mark style="background-color:$primary;">Implemented a new proprietary data format: OzCapsula Data Container.</mark>
* Instant API now can save static to S3 and JSON payload.
* Resolved the issue with occasional false rejections using videos received from Web SDK.
* The **Collection** analysis now ignores images tagged with `photo_id_back`.
* Internal improvements.

#### 6.4.0 – Nov. 24, 2025

{% hint style="info" %}
Only for SaaS.
{% endhint %}

* Updated API to support upcoming features.

#### 6.3.5 – Nov. 03, 2025

* Fixed bugs that could cause the `GET /api/folders/` request to return incorrect results.

#### 6.3.4 – Oct. 20, 2025

* Updated API to support upcoming features.
* Fixed bugs.

#### 6.3.3 – Sept. 29, 2025

* Resolved an issue with `POST /api/instant/folders/` and `POST /api/folders/` returning “500 Internal Server Error” when the video sent is corrupted. Now system returns “400 Bad Request”.
* Updated API to support upcoming features.

#### 6.3.0 – Aug 05, 2025

* <mark style="background-color:$primary;">**Updated API 6 to support Kazakhstan regulatory requirements**</mark>: added the functionality of extracting action shots from videos of a person performing gestures.
* You can remove admin rights from a CLIENT ADMIN user and change their role to CLIENT via `PATCH /api/users/{{user_id}}`.
* You can generate a service token for a user with the OPERATOR role.
* Security updates.

#### 6.2.5 – June 18, 2025 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Optimization and performance updates.

#### 6.2.3 – June 02, 2025 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Analyses can now be done in parallel with each other. To enable this feature, add the `OZ_ANALYSE_PARALLELED_CHECK_MEDIA_ENABLED` parameter to `config.py` and set it to `true` (the default value is `false`).
* For the instant mode, authorization can be disabled. Add the `OZ_AUTHORIZE_DISABLED_STATELESS` parameter to `config.py` and set it to `true` (the default value is `false`) to use instant API without authorization.
* Fixed the issue with MP4 videos that sometimes could not be played after downloading from SDK.
* We now return the correct error for the non-authorized requests.
* Fixed the bug with “spontaneous” error 500 that had been caused by too few frames in video. Added the check for the number of frames and more descriptive error messages.
* Performance, security, and installation updates.

#### 6.0.1 – Apr. 30, 2025 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

Please note: this version doesn't support the Kazakhstan regulatory requirements.

* Optimized storage and database.
* Implemented the [single request mode](https://doc.ozforensics.com/oz-knowledge/guides/developer-guide/api/oz-api/single-request) which involves creating a folder and executing analyses in a single request by attaching a part of the analysis in the payload.
* Implemented the [instant analysis mode](https://doc.ozforensics.com/oz-knowledge/guides/developer-guide/api/oz-api/instant-api-non-persistent-mode) without storing any data locally or in database. This mode can be used either with or without other API components.
* You can now combine working systems based on asynchronous method or celery worker (local processing, celery processing). Added S3 storage mechanics for each of the combinations.
* Implemented security updates.
* We no longer support RAR archives.
* We no longer support Active Directory. This functionality will be returned in the upcoming releases.
* Improved mechanics for calculating analysis time.
* Replaced the `is_admin` and `is_service` flags for the CLIENT role with new roles: CLIENT ADMIN and CLIENT SERVICE, respectively. Set the roles in `user_type`.
* To issue a service token for a user via `{{host}}/api/authorize/service_token/`, this user must have the CLIENT SERVICE role. You can also create a token for another user with this role: call `{{host}}/api/authorize/service_token/{user_id}`.
* Removed collection and person attributes from `COLLECTION.analysis`.
* We no longer store separate objects for each frame in `SHOTS_SET`. If you want to save an image from your video, consider enabling [best shot](https://doc.ozforensics.com/oz-knowledge/guides/developer-guide/api/oz-api/basic-scenarios/liveness/best-shot).
* We no longer support Podman for installation.
* Updated the API reference: [Oz API 6.0](https://apidoc.ozforensics.com/).
* Changed endpoints and parameters:

| Deprecated Endpoint or Parameter                                                    | Replacement                                                                 |
| ----------------------------------------------------------------------------------- | --------------------------------------------------------------------------- |
| `PATCH users/{{user_id}}/` to change user password                                  | `POST /api/users/{{user_id}}/change-password`                               |
| `DELETE images\|media/<media_id>` to delete an image of a person from collection    | `DELETE collections/<collection_id>/persons/<person_id>/images/<media_id>/` |
| `image_id`, `video_id`, and `shots_set_id`                                          | `media_id`                                                                  |
| `analyse_id`                                                                        | `analysis_id`                                                               |
| `can_start_analyse_biometry`                                                        | `can_start_analysis_biometry`                                               |
| `can_start_analyse_collection`                                                      | `can_start_analysis_collection`                                             |
| `can_start_analyse_documents`                                                       | `can_start_analysis_documents`                                              |
| `can_start_analyse_quality`                                                         | `can_start_analysis_quality`                                                |
| `expire_date` in `{{host}}/api/authorize/auth` and `{{host}}/api/authorize/refresh` | `access_token.exp` from payload                                             |
| `session_id` in `{{host}}/api/authorize/auth` and `{{host}}/api/authorize/refresh`  | `token_id`                                                                  |

#### 5.3.1 – Dec. 24, 2024 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Improved the resource efficiency of server-based biometry analysis.

#### 5.3.0 – Nov. 27, 2024 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* API can now extract action shots from videos of a person performing gestures. This is done to comply with the new Kazakhstan regulatory requirements for biometric identification.
* Created a new report template that also complies with the requirements mentioned above.
* If action shots are enabled, the thumbnails for the report are generated from them.

#### 5.2.0 – Sept. 06, 2024 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Updated the Postman collection. Please see the new collection [here](https://doc.ozforensics.com/oz-knowledge/guides/developer-guide/api/postman-collections#id-5.2) and at <https://apidoc.ozforensics.com/>.
* Added the new method to check the timezone settings: `GET {{host}}/api/config`
* Added parameters to the `GET {{host}}/api/event_sessions` method:
  * `time_created`
  * `time_created.min`
  * `time_created.max`
  * `time_updated`
  * `time_updated.min`
  * `time_updated.max`
  * `session_id`
  * `session_id.exclude`
  * `sorting`
  * `offset`
  * `limit`
  * `total_omit`
* If you create a folder using SHOT\_SET, the corresponding video will be in `media.video_url`.
* Fixed the bug with CLIENT ADMIN being unable to change passwords for users from their company.

#### 5.1.1 – July 16, 2024 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Security updates.

#### 5.1.0 – Mar. 20, 2024 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Face Identification 1:N is now live, significantly increasing the data processing capacity of the Oz API to find matches. Even huge face databases (containing millions of photos and more) are no longer an issue.
* The Liveness (QUALITY) analysis now ignores photos tagged with `photo_id`, `photo_id_front`, or `photo_id_back`, preventing these photos from causing the tag-related analysis error.

#### 5.0.1 –  July 16,  2024 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Security updates.

#### 5.0.0 – Nov. 17, 2023 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* You can now apply the Liveness (QUALITY) analysis to a single image.
* Fixed the bug where the Liveness analysis could finish with the SUCCESS result with no media uploaded.
* The default value for the `extract_best_shot` parameter is now True.
* RAR archives are no longer supported.
* By default, `analyses.results_media.results_data` now contain the `confidence_spoofing` parameter. However, if you need all three parameters for the backward compatibility, it is possible to change the response back to three parameters: `confidence_replay`, `confidence_liveness`, and `confidence_spoofing`.
* Updated the default PDF report template.
* The name of the PDF report now contains `folder_id`.

#### 4.0.8-patch1 – July 16, 2024 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Security updates.

#### 4.0.8 – May 22, 2023 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Set the autorotation of logs.
* Added the CLI command for user deletion.
* You can now switch off the video preview generation.
* The ADMIN access token is now valid for 5 years.
* Added the folder identifier `folder_id` to the report name.
* Fixed bugs and optimized the API work.

#### 4.0.2 – Sept. 13, 2022 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* For the sliced video, the system now deletes the unnecessary frames.
* Added new methods: GET and POST at `media/<media_id>/snapshot/`.
* Replaced the default report template.
* &#x20;The shot set preview now keeps images’ aspect ratio.
* ADMIN and OPERATOR receive `system_company` as a company they belong to.
* Added the `company_id` attribute to User, Folder, Analyse, Media.
* Added the Analysis `group_id` attribute.
* Added the `system_resolution` attribute to Folder and Analysis.
* The analysis `resolution_status` now returns the `system_resolution` value.
* Removed the PATCH method for collections.
* Added the `resolution_status` filter to Folder Analyses \[LIST] and `analyse.resolution_status` filter to Folder \[LIST].
* Added the audit log for Folder, User, Company.
* Improved the company deletion algorithm.
* Reforged the blacklist processing logic.
* Fixed a few bugs.

#### 3.33.0 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* The Photo Expert and KYC modules are now removed.
* The endpoint for the user password change is now `POST` users/user\_id/change-password instead of `PATCH`.

#### 3.32.1 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Provided log for the Celery app.

#### 3.32.0 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Added filters to the Folder \[LIST] request parameters: `analyse.time_created`, `analyse.results_data` for the Documents analysis, `results_data` for the Biometry analysis, `results_media_results_data` for the QUALITY analysis. To enable filters, set the `with_results_media_filter` query parameter to `True`.

#### 3.31.0 <a href="#h.lit7e6vfzfmh" id="h.lit7e6vfzfmh"></a>

* Added a new attribute for users – `is_active` (default `True`). If `is_active == False`, any user operation is blocked.
* Added a new exception code (1401 with status code 401) for the actions of the blocked users.

#### 3.30.0 <a href="#h.1ukr1nhgtu2h" id="h.1ukr1nhgtu2h"></a>

* Added shots sets preview.
* You can now save a shots set archive to a disk (with the `original_local_path`, `original_url` attributes).
* A new original\_info attribute is added to store md5, size, and mime-type of a shots set
* Fixed `ReportInfo` for shots sets.

#### 3.29.0 <a href="#h.57go6yeagtyv" id="h.57go6yeagtyv"></a>

* Added health check at GET `api/healthcheck.`

#### 3.28.1 <a href="#h.lx44qi3ojpq4" id="h.lx44qi3ojpq4"></a>

* Fixed the shots set thumbnail URL.

#### 3.28.0 <a href="#h.v3026llghh84" id="h.v3026llghh84"></a>

* Now, the first frame of shots set becomes this shots set's thumbnail URL.

#### 3.27.0 <a href="#h.f1zm0vp7rjxj" id="h.f1zm0vp7rjxj"></a>

* Modified the retry policy – the default max count of analysis attempts is increased to 3 and jitter configuration introduced.
* Changed the callback algorithm.
* Refactored and documented the command line tools.
* Refactored modules.

#### 3.25.0 <a href="#h.hq5qdij1begy" id="h.hq5qdij1begy"></a>

* Changed the delete personal information endpoint and method from `delete_pi` to `/pi` and from POST to DELETE, respectively.

#### 3.23.1 <a href="#h.7jpn8ypehdkf" id="h.7jpn8ypehdkf"></a>

* Improved the delete personal information algorithm.
* It is now forbidden to add media to cleaned folders.

#### 3.23.0 <a href="#h.5oaf0kic55jm" id="h.5oaf0kic55jm"></a>

* Changed the authorize/restore endpoint name from `auth` to `auth_restore`.
* Added a new tag – `video_selfie_oneshot`.
* Added the password validation setting (`OZ_PASSWORD_POLICY`).
* Added `auth`, `rest_unauthorized`, `rps_with_token` throttling (use `OZ_THROTTLING_RATES` in configuration. Off by default).
* User permissions are now used to access static files (`OZ_USE_PERMISSIONS_FOR_STATIC` in configuration, false by default).
* Added a new folder endpoint – `/delete_pi`. It clears all personal information from a folder and analyses related to this folder.

#### 3.22.2 <a href="#h.xmbuocnsbw7c" id="h.xmbuocnsbw7c"></a>

* Fixed a bug with no error while trying to synchronize empty collections.
* If persons are uploaded, the analyse collection TFSS request is sent.

#### 3.22.0 <a href="#h.7n524iv30eea" id="h.7n524iv30eea"></a>

* Added the `fields_to_check` parameter to document analysis (by default, all fields are checked).
* Added the `double_page`\_spread parameter to document analysis (`True` by default).

#### 3.21.3 <a href="#h.s4bkrryds81f" id="h.s4bkrryds81f"></a>

* Fixed collection synchronization.

#### 3.21.0 <a href="#h.ybp5fis7hif" id="h.ybp5fis7hif"></a>

* Authorization token can be now refreshed by `expire_token`.

#### 3.20.1 <a href="#h.62a04f5hjp51" id="h.62a04f5hjp51"></a>

* Added support for application/x-gzip.

#### 3.20.0 <a href="#h.46z6l4i4zxul" id="h.46z6l4i4zxul"></a>

* Renamed shots\_set.images to shots\_set.frames.

#### 3.18.0 <a href="#h.y2sn9t8vn4gy" id="h.y2sn9t8vn4gy"></a>

* Added user sessions API.
* Users can now change a folder owner (limited by permissions).
* Changed dependencies rules.
* Changed the access\_token prolongation policy to fix bug of prolongation before checking the expiration permission.

#### 3.16.0 <a href="#h.jrmvqtdm8sri" id="h.jrmvqtdm8sri"></a>

* Move `oz_collection_binding` (collection synchronization functional) to `oz_core`.

#### 3.15.3 <a href="#h.vuhxpkscwrom" id="h.vuhxpkscwrom"></a>

* Simplified the shots sets functionality. One archive keeps one shot set.

#### 3.15.2 <a href="#h.xz5jhmky5tni" id="h.xz5jhmky5tni"></a>

* Improved the document sides recognition for the docker version.

#### 3.15.1 <a href="#h.p7wrd2xevglo" id="h.p7wrd2xevglo"></a>

* Moved the orientation tag check to liveness at quality analysis.

#### 3.15.0 <a href="#h.17hmnlitpctq" id="h.17hmnlitpctq"></a>

* Added a default report template for Admin and Operator.

#### 3.14.0 <a href="#h.812yocde4qsx" id="h.812yocde4qsx"></a>

* Updated the biometric model.

#### 3.13.2 <a href="#h.hzhtfp3fbebk" id="h.hzhtfp3fbebk"></a>

* A new ShotsSet object is not created if there are no photos for it.
* Updated the data exchange format for the documents' recognition module.

#### 3.13.1 <a href="#h.3n9rtd9zj6j9" id="h.3n9rtd9zj6j9"></a>

* You can’t delete a Collection if there are associated analyses with Collection Persons.

#### 3.13.0 <a href="#h.yukywxfunm2n" id="h.yukywxfunm2n"></a>

* Added time marks to analysis: `time_task_send_to_broker`, `time_task_received`, `time_task_finished.`

#### 3.12.0 <a href="#h.lhumgvizng1f" id="h.lhumgvizng1f"></a>

* Added a new authorization engine. You can now connect with Active Directory by LDAP (settings configuration required).

#### 3.11.0 <a href="#h.kevln9zcv2sg" id="h.kevln9zcv2sg"></a>

* A new type of media in Folders – "shots\_set".
* You can’t delete a CollectionPerson if there are analyses associated with it.

#### 3.10.0 <a href="#h.rdxxf8z7idsg" id="h.rdxxf8z7idsg"></a>

* Renamed the folder field `resolution_suggest` to `operator_status`.
* Added a folder text field `operator_comment`.
* The folder fields `operator_status` and `operator_comment` can be edited only by Admin, Operator, Client Service, Client Operator, and Client Admin.
* Only Admin and Client Admin can delete folder, folder media, report template, report template attachments, reports, and analyses (within their company).

#### 3.9.0 <a href="#h.mf4sucdx592a" id="h.mf4sucdx592a"></a>

* Fixed a deletion error: when report author is deleted, their reports get deleted as well.

#### 3.8.1 <a href="#h.mue5vngx68ut" id="h.mue5vngx68ut"></a>

* Client can now view only their own profile.

#### 3.8.0 <a href="#h.m8czk7ozgmtl" id="h.m8czk7ozgmtl"></a>

* Client Operator can now edit only their profile.
* Client can't delete own folders, media, reports, or analyses anymore.
* Client Service can now create Collection Person and read reports within their company.

#### 3.7.1 <a href="#h.3gzq7jkbr9ei" id="h.3gzq7jkbr9ei"></a>

* Client, Client Admin, Client Operator have read access to users profiles only in their company.
* A/B testing is now available.
* Added support for expiration date header.
* Added document recognition module Standalone/Dockered binding support.

#### 3.7.0 <a href="#h.3fq2tdr2s1ks" id="h.3fq2tdr2s1ks"></a>

* Added a new role of Client Operator (like Client Admin without permissions for company and account management).
* Client Admin and Client Operator can change the analysis status.
* Only Admin and Client Admin (for their company) can create, update and delete operations for Collection and CollectionPerson models from now on.
* Added a check for user permissions to report template when creating a folder report.
* Collection creation now returns status code 201 instead of 200.