PingAccess

Release notes

These release notes summarize the changes in current and previous PingAccess Agent SDK for C updates.

The PingAccess Agent SDK for C no longer supports FreeBSD 8.

Version 1.4.1 - December 2024
  • Support for RHEL 7 will be deprecated in version 1.5.

  • Fixed an issue that caused agents to fail to contact the PingAccess engine about requests meant for the PingAccess reserved application if the root resource was anonymous.

  • Fixed an issue that caused errant form character blocking if XSS blocking was configured. This issue was applicable even if form blocking wasn’t configured.

Version 1.4 - October 2024
  • Added support for RHEL 9.

  • If you use a Web + API application, the vnd-pi-resource-cache PingAccess agent protocol (PAAP) header now contains an additional path so Web + API applications can cache both cookie and authorization header token-types. Learn more in the Cache multiple token-types for Web + API applications entry in the PingAccess 8.1 release notes.

  • Configure an agent to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without having to reach out to PingAccess for a decision. Added eight new properties to each agent:

    1. agent.request.block.xss.characters

    2. agent.request.block.uri.characters

    3. agent.request.block.query.characters

    4. agent.request.block.form.characters

    5. agent.request.block.xss.http.status

    6. agent.request.block.uri.http.status

    7. agent.request.block.query.http.status

    8. agent.request.block.form.http.status

      For large scale or more complex blocking decisions, it’s best practice for the agent to reach out to PingAccess for a decision.

  • Added a new configuration option to give protected applications better reliability without giving up the ability to perform CRL checking when the server is available: the agent.engine.configuration.checkCertRevocation.bestEffort property.

    This change provides better alignment between PingAccess, PingFederate, and PingAccess policy server CRL checking.

    To use the agent.engine.configuration.checkCertRevocation.bestEffort property, you must be using the native Windows SSL library, Secure Channel (Schannel).

Version 1.3 - June 2020
  • Added support for RHEL 8

  • Added agent inventory callback API

  • Removed support for RHEL 6

Version 1.2.1 - February 2020

Fixed a potential security issue.

Version 1.2 - June 2019

Fixed a potential security issue.

Version 1.1.5 - February 2019

Added support for FreeBSD 8

Version 1.1.4 - October 2018

Fixed potential security issues.

Version 1.1.3 - August 2018
  • Updated version of libcurl to fix an issue where libcurl was only checking the first SAN in the server certificate

  • Fixed a potential security issue

Version 1.1.2 - March 2017

Added support for:

  • SUSE Linux Enterprise Server 11 SP4 (x86_64)

  • SUSE Linux Enterprise Server 12 SP2 (x86_64)

Version 1.1.1 - January 2017
  • Established a workaround for a known issue in the Network Security Services library that results in a memory leak when the agent closes a HTTPS connection to a PingAccess policy server. For more information, see this KB article.

  • Fixed an issue where duplicate headers were included in the backend request to the PingAccess Engine, causing the agent to block the request for content.

Version 1.1 - November 2016

Added policy server failover support. Policy server failover support is only provided by the SDK when using the libcurl HTTP client.

Version 1.0.2 - September 2016
  • Fixed an issue where agents could not communicate with PingAccess servers using a certificate signed by a certificate authority because the CRL Distribution Point extension is missing. This issue is limited to agents on Windows deployments.

  • Addressed a potential security vulnerability. This issue is limited to Windows deployments.

Version 1.0.1 - May 2016

Fixed an issue with ZeroMQ policy cache where a terminated process could cause a condition that resulted in unexpected CPU utilization.

Version 1.0 - April 2016

Initial Release.