Release Notes
These release notes summarize the changes in current and previous PingAccess agent for Internet Information Services (IIS) updates. Updated July 11, 2024.
Version History
- Version 1.5.0 – July 2024
-
Agent SDK for C version 1.4
-
If you use a Web + API application, the
vnd-pi-resource-cache
PingAccess agent protocol (PAAP) header now contains an additional path so Web + API applications can cache both cookie and authorization header token-types. For more information, see the Cache multiple token-types for Web + API applications entry in the PingAccess 8.1 release notes, and theagent.cache.defaultTokenType
property on the IIS agent configuration page.Existing agent environments ignore the new
vnd-pi-token-cache-oauth-ttl
header and additional paths in thevnd-pi-resource-cache
header.To see the performance boost, upgrade to PingAccess 8.1 and upgrade to the latest version of the IIS agent. Otherwise, continue to use an earlier agent version.
-
Configure the PingAccess agent for IIS to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without having to reach out to PingAccess for a decision. Added eight new properties to the agent:
-
agent.request.block.xss.characters
-
agent.request.block.uri.characters
-
agent.request.block.query.characters
-
agent.request.block.form.characters
-
agent.request.block.xss.http.status
-
agent.request.block.uri.http.status
-
agent.request.block.query.http.status
-
agent.request.block.form.http.status
Learn more in the IIS agent configuration page.
For large scale or more complex blocking decisions, it’s best practice for the agent to reach out to PingAccess for a decision.
-
-
Added a new configuration option to give protected applications better reliability without giving up the ability to perform CRL checking when the server is available: the
agent.engine.configuration.checkCertRevocation.bestEffort
property.
This change provides better alignment between PingAccess, PingFederate, and PingAccess policy server CRL checking. Learn more in IIS agent configuration.
-
- Version 1.4.4 - July 2021
-
Agent SDK for C version 1.3
-
Added agent inventory response
-
- Version 1.4.3 – December 2020
-
Agent SDK for C version 1.3
-
Updated the agent to only disable IIS caching when the agent modifies the response. This preserves performance while mitigating an IIS session swapping vulnerability.
-
- Version 1.4.2 – July 2020
-
Agent SDK for C version 1.3
-
Fixed an issue that caused intermittent application pool crashes.
-
- Version 1.4.1 – February 2020
-
Agent SDK for C version 1.2.1
-
Fixed a potential security issue
-
- Version 1.4 – June 2019
-
Agent SDK for C version 1.2.0
-
Added ability to set policy caching mechanism using a property in the
agent.properties
file -
Added ability to enable or disable agent processing for a request based on a note field
-
Fixed a potential security issue
-
- Version 1.3.2 – November 2018
-
Fixed a potential security issue
- Version 1.3 – January 2017
-
-
Added support for IIS 10 on Windows Server 2016
-
Updated to 1.1.1 of the PingAccess Agent SDK for C
-
Resolved issue with IIS Preload Enabled setting
-
- Version 1.2.1 – November 2016
-
-
Added support for the “Preload Enabled” setting in IIS
-
Security enhancements
-
- Version 1.2 – August 2016
-
Updated to 1.0.1 of the PingAccess Agent SDK for C
- Version 1.1.2 – February 2016
-
Addressed issue with custom request headers not being set when URL contains query string parameters
- Version 1.1.1 – September 2015
-
Addressed compatibility with the IIS plugin for WebSphere
- Version 1.1 – December 2014
-
-
Added Support for Microsoft Internet Information Services (IIS) 7.0 running on Windows Server 2008
-
Added Support for Microsoft Internet Information Services (IIS) 7.5 running on Windows Server 2008 R2
-
Added Support for Microsoft Internet Information Services (IIS) 8.0 running on Windows Server 2012 Datacenter Edition
-
Corrected a potential security issue related to caching (SECBL007). This security bulletin is available in the Ping Identity Support Portal (https://support.pingidentity.com/s/)
-
- Version 1.0 – July 2014
-
Initial Release