Release notes
These release notes summarize the changes in current and previous PingAccess Agent SDK for C updates.
The PingAccess Agent SDK for C no longer supports FreeBSD 8. |
- Version 1.4.1 - December 2024
-
-
Support for RHEL 7 will be deprecated in version 1.5.
-
Fixed an issue that caused agents to fail to contact the PingAccess engine about requests meant for the PingAccess reserved application if the root resource was anonymous.
-
Fixed an issue that caused errant form character blocking if XSS blocking was configured. This issue was applicable even if form blocking wasn’t configured.
-
- Version 1.4 - October 2024
-
-
Added support for RHEL 9.
-
If you use a Web + API application, the
vnd-pi-resource-cache
PingAccess agent protocol (PAAP) header now contains an additional path so Web + API applications can cache both cookie and authorization header token-types. Learn more in the Cache multiple token-types for Web + API applications entry in the PingAccess 8.1 release notes. -
Configure an agent to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without having to reach out to PingAccess for a decision. Added eight new properties to each agent:
-
agent.request.block.xss.characters
-
agent.request.block.uri.characters
-
agent.request.block.query.characters
-
agent.request.block.form.characters
-
agent.request.block.xss.http.status
-
agent.request.block.uri.http.status
-
agent.request.block.query.http.status
-
agent.request.block.form.http.status
For large scale or more complex blocking decisions, it’s best practice for the agent to reach out to PingAccess for a decision.
-
-
Added a new configuration option to give protected applications better reliability without giving up the ability to perform CRL checking when the server is available: the
agent.engine.configuration.checkCertRevocation.bestEffort
property.This change provides better alignment between PingAccess, PingFederate, and PingAccess policy server CRL checking.
To use the
agent.engine.configuration.checkCertRevocation.bestEffort
property, you must be using the native Windows SSL library, Secure Channel (Schannel).
-
- Version 1.3 - June 2020
-
-
Added support for RHEL 8
-
Added agent inventory callback API
-
Removed support for RHEL 6
-
- Version 1.2.1 - February 2020
-
Fixed a potential security issue.
- Version 1.2 - June 2019
-
Fixed a potential security issue.
- Version 1.1.5 - February 2019
-
Added support for FreeBSD 8
- Version 1.1.4 - October 2018
-
Fixed potential security issues.
- Version 1.1.3 - August 2018
-
-
Updated version of libcurl to fix an issue where libcurl was only checking the first SAN in the server certificate
-
Fixed a potential security issue
-
- Version 1.1.2 - March 2017
-
Added support for:
-
SUSE Linux Enterprise Server 11 SP4 (x86_64)
-
SUSE Linux Enterprise Server 12 SP2 (x86_64)
-
- Version 1.1.1 - January 2017
-
-
Established a workaround for a known issue in the Network Security Services library that results in a memory leak when the agent closes a HTTPS connection to a PingAccess policy server. For more information, see this KB article.
-
Fixed an issue where duplicate headers were included in the backend request to the PingAccess Engine, causing the agent to block the request for content.
-
- Version 1.1 - November 2016
-
Added policy server failover support. Policy server failover support is only provided by the SDK when using the libcurl HTTP client.
- Version 1.0.2 - September 2016
-
-
Fixed an issue where agents could not communicate with PingAccess servers using a certificate signed by a certificate authority because the CRL Distribution Point extension is missing. This issue is limited to agents on Windows deployments.
-
Addressed a potential security vulnerability. This issue is limited to Windows deployments.
-
- Version 1.0.1 - May 2016
-
Fixed an issue with ZeroMQ policy cache where a terminated process could cause a condition that resulted in unexpected CPU utilization.
- Version 1.0 - April 2016
-
Initial Release.