PingAccess

PingAccess Agent SDK for C release notes

These release notes summarize the changes in current and previous PingAccess Agent SDK for C updates. Updated July 18, 2024.

The PingAccess Agent SDK for C no longer supports FreeBSD 8.

Agent SDK for C 1.4 (July 2024)

Added support for RHEL 9

New

Added support for RHEL 9.

Cache multiple token-types for Web + API applications in Apache and IIS agent deployments

New PA-15516

If you use a Web + API application, the vnd-pi-resource-cache PingAccess agent protocol (PAAP) header now contains an additional path so Web + API applications can cache both cookie and authorization header token-types. For more information, see the Cache multiple token-types for Web + API applications entry in the PingAccess 8.1 release notes, and the agent.cache.defaultTokenType property on the desired agent configuration page.

Existing agent environments ignore the new vnd-pi-token-cache-oauth-ttl header and additional paths in the vnd-pi-resource-cache header.

To see the performance boost, upgrade to PingAccess 8.1 and upgrade to the latest version of the agent. Otherwise, continue to use an earlier agent version.

Block bad characters in Apache and IIS agent deployments

New PAA-251

Configure a PingAccess Apache agent or the PingAccess agent for IIS to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without having to reach out to PingAccess for a decision.

Added eight new properties to each agent:

  1. agent.request.block.xss.characters

  2. agent.request.block.uri.characters

  3. agent.request.block.query.characters

  4. agent.request.block.form.characters

  5. agent.request.block.xss.http.status

  6. agent.request.block.uri.http.status

  7. agent.request.block.query.http.status

  8. agent.request.block.form.http.status

Learn more in the configuration page for your agent:

For large scale or more complex blocking decisions, it’s best practice for the agent to reach out to PingAccess for a decision.

Configure the IIS agent to ignore CRL checking if revocation server is unresponsive

Improved PAA-265

Added a new configuration option to give protected applications better reliability without giving up the ability to perform CRL checking when the server is available: the agent.engine.configuration.checkCertRevocation.bestEffort property.

This change provides better alignment between PingAccess, PingFederate, and PingAccess policy server CRL checking. Learn more in IIS agent configuration.

Agent SDK for C 1.3 (June 2020)

Removed support for RHEL 6

Info

Removed support for RHEL 6.

Added support for RHEL 8

New

Added support for RHEL 8.

Added agent inventory callback API

New

Added agent inventory callback API.

Agent SDK for C 1.2.1 (February 2020)

Fixed a potential security issue

Security

Fixed a potential security issue.

Agent SDK for C 1.2 (June 2019)

Fixed a potential security issue

Security

Fixed a potential security issue.

Agent SDK for C 1.1.5 (February 2019)

Added support for FreeBSD 8

New

Added support for FreeBSD 8.

Agent SDK for C 1.1.4 (October 2018)

Fixed potential security issues

Security

Fixed potential security issues.

Agent SDK for C 1.1.3 (August 2018)

Updated libcurl version

Improved

Updated version of libcurl to fix an issue where libcurl was only checking the first SAN in the server certificate.

Fixed a potential security issue

Security

Fixed a potential security issue.

Agent SDK for C 1.1.2 (March 2017)

Expanded SUSE Linux Enterprise support

Improved

Added support for:

  • SUSE Linux Enterprise Server 11 SP4 (x86_64)

  • SUSE Linux Enterprise Server 12 SP2 (x86_64)

Agent SDK for C 1.1.1 (January 2017)

Workaround for Network Security Services library known issue

Info

Established a workaround for a known issue in the Network Security Services library that results in a memory leak when the agent closes a HTTPS connection to a PingAccess policy server. For more information, see this KB article.

Fixed issue with duplicate headers leading to blocked requests

Fixed

Fixed an issue where duplicate headers were included in the backend request to the PingAccess engine, causing the agent to block the request for content.

Agent SDK for C 1.1 (November 2016)

Added policy server failover support

New

Added policy server failover support. Policy server failover support is only provided by the SDK when using the libcurl HTTP client.

Agent SDK for C 1.0.2 (September 2016)

Fixed missing CRL Distribution Point extension

Fixed

Fixed an issue where agents could not communicate with PingAccess servers using a certificate signed by a certificate authority because the CRL Distribution Point extension is missing. This issue is limited to agents on Windows deployments.

Addressed potential security vulnerability affecting Windows deployments

Security

Addressed a potential security vulnerability. This issue is limited to Windows deployments.

Agent SDK for C 1.0.1 (May 2016)

Fixed ZeroMQ policy cache issue with terminated processes

Fixed

Fixed an issue with ZeroMQ policy cache where a terminated process could cause a condition that resulted in unexpected CPU utilization.

Agent SDK for C 1.0 (April 2016)

Initial release

Info

Initial release of the Agent SDK for C.