PingAccess

PingAccess Agent SDK for C release notes

These release notes summarize the changes in current and previous PingAccess Agent SDK for C updates.

The PingAccess Agent SDK for C no longer supports FreeBSD 8.
Version 3.0 - April 2025

  • As of Agent SDK for C 3.0, support for RHEL 7 and SLES 12 has been removed.

  • The Agent SDK for C now supports authenticating PingAccess agents to the engine nodes with a bearer token.

    To use bearer token authentication, you must upgrade to PingAccess 8.2 and either the PingAccess agent for Apache (RHEL) or the PingAccess agent for Apache (SLES) 3.0.

    Compatibility for the other agent types will be added in a future release.

    After you configure a compatible PingAccess agent with the updated agent.properties file and select Require Token Authentication in the agent’s configuration, the agent creates, signs, and sends a unique JWT for every authentication request.

    The JWT expires after 2 minutes, so you must ensure you synchronize the agent and the PingAccess server’s clocks.

    Learn more in the PingAccess 8.2 release notes. You can find setup instructions in Configuring PingAccess agents to use bearer token authentication.

Version 1.4.1 - December 2024

  • Support for RHEL 7 will be deprecated in the next version.

  • Fixed an issue that caused agents to fail to contact the PingAccess engine about requests meant for the PingAccess reserved application if the root resource was anonymous.

  • Fixed an issue that caused errant form character blocking if XSS blocking was configured. This issue was applicable even if form blocking wasn’t configured.

Version 1.4 - October 2024

  • Added support for RHEL 9.

  • If you use a Web + API application, the vnd-pi-resource-cache PingAccess agent protocol (PAAP) header now contains an additional path so Web + API applications can cache both cookie and authorization header token-types. Learn more in the Cache multiple token-types for Web + API applications entry in the PingAccess 8.1 release notes.

  • Configure an agent to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without having to reach out to PingAccess for a decision. Added eight new properties to each agent:

    1. agent.request.block.xss.characters

    2. agent.request.block.uri.characters

    3. agent.request.block.query.characters

    4. agent.request.block.form.characters

    5. agent.request.block.xss.http.status

    6. agent.request.block.uri.http.status

    7. agent.request.block.query.http.status

    8. agent.request.block.form.http.status

    For large scale or more complex blocking decisions, it’s best practice for the agent to reach out to PingAccess for a decision.

  • Added a new configuration option to give protected applications better reliability without giving up the ability to perform CRL checking when the server is available: the agent.engine.configuration.checkCertRevocation.bestEffort property.

    This change provides better alignment between PingAccess, PingFederate, and PingAccess policy server CRL checking.

    To use the agent.engine.configuration.checkCertRevocation.bestEffort property, you must be using the native Windows SSL library, Secure Channel (Schannel).
Version 1.3 - June 2020

  • Added support for RHEL 8

  • Added agent inventory callback API

  • Removed support for RHEL 6

Version 1.2.1 - February 2020

Fixed a potential security issue.

Version 1.2 - June 2019

Fixed a potential security issue.

Version 1.1.5 - February 2019

Added support for FreeBSD 8

Version 1.1.4 - October 2018

Fixed potential security issues.

Version 1.1.3 - August 2018

  • Updated version of libcurl to fix an issue where libcurl was only checking the first SAN in the server certificate

  • Fixed a potential security issue

Version 1.1.2 - March 2017

Added support for:

  • SUSE Linux Enterprise Server 11 SP4 (x86_64)

  • SUSE Linux Enterprise Server 12 SP2 (x86_64)

Version 1.1.1 - January 2017

  • Established a workaround for a known issue in the Network Security Services library that results in a memory leak when the agent closes a HTTPS connection to a PingAccess policy server. For more information, see this KB article.

  • Fixed an issue where duplicate headers were included in the backend request to the PingAccess Engine, causing the agent to block the request for content.

Version 1.1 - November 2016

Added policy server failover support. Policy server failover support is only provided by the SDK when using the libcurl HTTP client.

Version 1.0.2 - September 2016

  • Fixed an issue where agents could not communicate with PingAccess servers using a certificate signed by a certificate authority because the CRL Distribution Point extension is missing. This issue is limited to agents on Windows deployments.

  • Addressed a potential security vulnerability. This issue is limited to Windows deployments.

Version 1.0.1 - May 2016

Fixed an issue with ZeroMQ policy cache where a terminated process could cause a condition that resulted in unexpected CPU utilization.

Version 1.0 - April 2016

Initial Release.