Resolved issues

Ticket ID Description
PF-15892 Now administrators can configure the extended group contract for a custom identity store provisioner.
PF-23135 The $CurrentPingFedBaseURL value rendered in Velocity templates now uses the correct port when incoming requests are using virtual host names.
PF-25067 For backwards compatibility, administrators can now enable query string support for client-credential flows with the disallowQueryString configuration setting.
PF-25109 When a validation request is sent to /as/introspect.oauth2, if the response's "aud" parameter contains multiple values, then PingFederate formats the values as a JSON array instead of a space-separated string.
PF-25133 Resolved a potential upgrade issue affecting the administration console when multiple axis-saaj libraries are present.
PF-25159 Resolved an issue that impacted SAML message customization.
PF-25162 Updated the exclusion filter for samesite cookies for incompatible browsers.
PF-25187 When connecting PingFederate to PingOne for Enterprise, if administrators use an existing data store to complete the identity repository configuration, the PingFederate SAML 2.0 entity ID is no longer overwritten, which could have affected existing service provider connections.
PF-25201 Now user names with an apostrophe (for example, test'apos@example.com) are compatible with the identifier first adapter.
PF-25209 Resolved a potential issue that could have caused TLS handshakes to fail for client certificate authentication.
PF-25277 Resolved a cross-site scripting vulnerability in the Java Integration Kit for OpenToken. See security bulletin SECBL015 on the Ping Identity Support website.
PF-24367 The new collect support data tool lets administrators compile information about their PingFederate installation that Support can use to diagnose an issue.
PF-24570 PingFederate now automatically prunes mappings for deleted contract attributes from administration API responses.
PF-25435 The performance of configuration replication has been improved.