PingAccess 7.0.8 (August 2024)
Fixed a security vulnerability with URL-encoded characters
Security PA-15776
Added the pa.uri.canonicalize parameter to the Configuration file reference to fix a security vulnerability. Learn more in an upcoming security advisory.
Opt out of automatic URL encoding
Improved PA-15697
By default, redirect rules and rejection handlers automatically URL encode the admin input redirect URL. This could cause unexpected behavior if an application targeted by a redirect requires the URL to follow a specific format.
You can now opt out of automatic URL encoding by deselecting the Encode URL check box on a specific application resource logout or redirect response generator, redirect rule, redirect authentication challenge response generator, or redirect rejection handler. Learn more in:
Set response headers for OAuth errors
Improved PA-15764
Added the oauth.error.headers and oauth.error.header.Content-Security-Policy parameters to the Configuration file reference.
Fixed issues with query parameter behavior due to automatic URL encoding
Fixed PA-15696
Fixed an issue with automatically URL encoding target redirect URLs that sometimes disrupted query parameter sort order or added a trailing = to the end of single value query parameters. This issue affected redirect rules, redirect rejection handlers, redirect virtual resources, logout virtual resources, and redirect authentication challenge policy response generators.