Blend Release Notes 7/17/26

Posted 2 days ago by Kelly Chen

K
Kelly Chen Admin

(Note: you can download the Release Notes PDF in the Release Notes PDFs section in Help Center)


For this release, we anticipate the following introductions in your environments. Major features are documented in the Blend Knowledge Base accessible at help.blend.com. If that resource does not answer your question, please reach out to Blend Support.


Announcements (3)

(New) mTLS Certificate Update

Blend is transitioning mTLS certificate issuance from DigiCert (a public certificate authority) to Blend's own private certificate authority. This change is driven by DigiCert's planned removal of client authentication support from public TLS certificates, effective March 1, 2027. This transition also eliminates the need for frequent certificate rotations, the new root certificate will only need to be updated approximately every 10 years. Lenders using Blend-issued mTLS certificates will need to update their configuration before August 31, 2026 to avoid disruption.


Who is affected? 

This affects mTLS certificates across the following integration categories:

  • Pricing - client-auth certs for pricing service integrations

  • Fees - client-auth certs for payment-api-commerce/fees integrations

  • API / Partner integrations - client-auth certs for partner API connections

  • Mortgage Origination (MOR) - client-auth certs for MOR integrations

  • LOS Integrations - client-auth certs for loan origination system integrations

  • Consumer Banking - client-auth certs for consumer banking integration

  • Customer Portal - client-auth certs for the Blend Customer Portal

  • Talkuments - client-auth certs for document integration


Note: If your organization issues its own mTLS certificates and provides them to Blend, no action is required on your part.


What You Need to Do: Add Blend's new security certificate to your system's trusted client certificate list. Please contact Blend Support for the certificate and setup instructions.


Deadline: August 31, 2026


If you have questions or need assistance, please reach out to support@blend.com.


SAML Key Encryption Update Required

We are deprecating support for RSA 1.5 (RSA_PKCS1_PADDING) key encryption for SAML assertions, which will be fully removed by October 1st, 2026. This change is driven by a Node.js 22+ security fix for the Marvin Attack vulnerability (CVE-2023-46809), which removes support for RSA 1.5 padding in the decryption path, meaning any SAML assertions still using this method will fail to decrypt. IdP administrators must update their SAML key encryption method from RSA 1.5 to RSA-OAEP (xmlenc#rsa-oaep-mgf1p) in their Identity Provider's SAML integration or Service Provider (SP) connection settings by October to avoid disruption to borrower SAML-based authentication. This update is typically carried out by your institution's IT team. If you have questions or need assistance, please reach out to your Blend representative or open a support ticket.


Note: Update steps may vary depending on your IdP (e.g., Okta, Azure AD, PingFederate, OneLogin, etc.). Refer to your IdP's documentation or contact their support team for specific instructions.


Encompass Lower Environment Migration

ICE is in the process of migrating customers’ Encompass lower environments over a period of time. If you are scheduled for migration, please be aware of the following important steps to ensure continued connectivity with Blend:


What You Need to Do:

Notify Blend Support at least 10 days in advance of your scheduled migration. This lead time is necessary for Blend to prepare and reestablish connectivity between your Encompass Beta and Blend Beta environments.


If you have received a migration notification from ICE and do not intend to delay the migration, please notify Blend Support immediately to ensure your systems remain connected.


For additional details, please refer to ICE's official documentation here:

R2T to UAT Migration Details


Maintenance Announcements (0)

There are no new maintenance announcements.


Preview Environments (Test/Dev/Beta) (5)


Production Environments (Prod) (6)

0 Votes


0 Comments

Login to post a comment