--- title: Agent SDK for C 1.4 (October 2024) description: New component: pingaccess version: 8.3 page_id: pingaccess:agents_and_integrations:pa_sdk_for_c_14_rn canonical_url: https://docs.pingidentity.com/pingaccess/8.3/agents_and_integrations/pa_sdk_for_c_14_rn.html revdate: July 18, 2024 section_ids: added-support-for-rhel-9: Added support for RHEL 9 cache-multiple-token-types-for-web-api-applications: Cache multiple token-types for Web + API applications block-bad-characters: Block bad characters ignore-crl-checking-if-revocation-server-is-unresponsive: Ignore CRL checking if revocation server is unresponsive --- # Agent SDK for C 1.4 (October 2024) ## Added support for RHEL 9 New Added support for RHEL 9. ## Cache multiple token-types for **Web + API** applications New PA-15516 If you use a **Web + API** application, the `vnd-pi-resource-cache` PingAccess agent protocol (PAAP) header now contains an additional path so **Web + API** applications can cache both cookie and authorization header token-types. Learn more in the **Cache multiple token-types for Web + API applications** entry in the [PingAccess 8.1 release notes](../release_notes/pa_81_rn.html). ## Block bad characters New PAA-251 Configure an agent to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without having to reach out to PingAccess for a decision. Added eight new properties to each agent: 1. `agent.request.block.xss.characters` 2. `agent.request.block.uri.characters` 3. `agent.request.block.query.characters` 4. `agent.request.block.form.characters` 5. `agent.request.block.xss.http.status` 6. `agent.request.block.uri.http.status` 7. `agent.request.block.query.http.status` 8. `agent.request.block.form.http.status` | | | | - | ------------------------------------------------------------------------------------------------------------------------------- | | | For large scale or more complex blocking decisions, it's best practice for the agent to reach out to PingAccess for a decision. | ## Ignore CRL checking if revocation server is unresponsive Improved PAA-265 Added a new configuration option to give protected applications better reliability without giving up the ability to perform CRL checking when the server is available: the `agent.engine.configuration.checkCertRevocation.bestEffort` property. This change provides better alignment between PingAccess, PingFederate, and PingAccess policy server CRL checking. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | To use the `agent.engine.configuration.checkCertRevocation.bestEffort` property, you must be using the native Windows SSL library, Secure Channel (Schannel). |