---
title: PingAccess Agent SDK for C release notes
description: These release notes summarize the changes in current and previous PingAccess Agent SDK for C updates.
component: pingaccess
version: 8.3
page_id: pingaccess:agents_and_integrations:pa_sdk_for_rn
canonical_url: https://docs.pingidentity.com/pingaccess/8.3/agents_and_integrations/pa_sdk_for_rn.html
revdate: March 28, 2025
section_ids:
  agent-sdk-for-c-3-0-april-2025: Agent SDK for C 3.0 (April 2025)
  rhel-7-and-sles-12-deprecation: RHEL 7 and SLES 12 deprecation
  create-signed-jwts-for-agent-authentication: Create signed JWTs for agent authentication
  agent-sdk-for-c-1-4-1-december-2024: Agent SDK for C 1.4.1 (December 2024)
  rhel-7-deprecation: RHEL 7 deprecation
  fixed-an-issue-with-sending-requests-to-the-pingaccess-engine: Fixed an issue with sending requests to the PingAccess engine
  fixed-an-issue-with-form-character-blocking: Fixed an issue with form character blocking
  agent-sdk-for-c-1-4-october-2024: Agent SDK for C 1.4 (October 2024)
  added-support-for-rhel-9: Added support for RHEL 9
  cache-multiple-token-types-for-web-api-applications: Cache multiple token-types for Web + API applications
  block-bad-characters: Block bad characters
  ignore-crl-checking-if-revocation-server-is-unresponsive: Ignore CRL checking if revocation server is unresponsive
  agent-sdk-for-c-1-3-june-2020: Agent SDK for C 1.3 (June 2020)
  removed-support-for-rhel-6: Removed support for RHEL 6
  added-support-for-rhel-8: Added support for RHEL 8
  added-agent-inventory-callback-api: Added agent inventory callback API
  agent-sdk-for-c-1-2-1-february-2020: Agent SDK for C 1.2.1 (February 2020)
  fixed-a-potential-security-issue: Fixed a potential security issue
  agent-sdk-for-c-1-2-june-2019: Agent SDK for C 1.2 (June 2019)
  fixed-a-potential-security-issue-2: Fixed a potential security issue
  agent-sdk-for-c-1-1-5-february-2019: Agent SDK for C 1.1.5 (February 2019)
  added-support-for-freebsd-8: Added support for FreeBSD 8
  agent-sdk-for-c-1-1-4-october-2018: Agent SDK for C 1.1.4 (October 2018)
  fixed-potential-security-issues: Fixed potential security issues
  agent-sdk-for-c-1-1-3-august-2018: Agent SDK for C 1.1.3 (August 2018)
  updated-libcurl-version: Updated libcurl version
  fixed-a-potential-security-issue-3: Fixed a potential security issue
  agent-sdk-for-c-1-1-2-march-2017: Agent SDK for C 1.1.2 (March 2017)
  expanded-suse-linux-enterprise-support: Expanded SUSE Linux Enterprise support
  agent-sdk-for-c-1-1-1-january-2017: Agent SDK for C 1.1.1 (January 2017)
  workaround-for-network-security-services-library-known-issue: Workaround for Network Security Services library known issue
  fixed-issue-with-duplicate-headers-leading-to-blocked-requests: Fixed issue with duplicate headers leading to blocked requests
  agent-sdk-for-c-1-1-november-2016: Agent SDK for C 1.1 (November 2016)
  added-policy-server-failover-support: Added policy server failover support
  agent-sdk-for-c-1-0-2-september-2016: Agent SDK for C 1.0.2 (September 2016)
  fixed-missing-crl-distribution-point-extension: Fixed missing CRL Distribution Point extension
  addressed-potential-security-vulnerability-affecting-windows-deployments: Addressed potential security vulnerability affecting Windows deployments
  agent-sdk-for-c-1-0-1-may-2016: Agent SDK for C 1.0.1 (May 2016)
  fixed-zeromq-policy-cache-issue-with-terminated-processes: Fixed ZeroMQ policy cache issue with terminated processes
  agent-sdk-for-c-1-0-april-2016: Agent SDK for C 1.0 (April 2016)
  initial-release: Initial release
---

# PingAccess Agent SDK for C release notes

These release notes summarize the changes in current and previous PingAccess Agent SDK for C updates.

|   |                                                              |
| - | ------------------------------------------------------------ |
|   | The PingAccess Agent SDK for C no longer supports FreeBSD 8. |

## Agent SDK for C 3.0 (April 2025)

### RHEL 7 and SLES 12 deprecation

Info

As of Agent SDK for C 3.0, support for RHEL 7 and SLES 12 has been removed.

### Create signed JWTs for agent authentication

New PASDKC-197

The agent SDK for C now supports authenticating PingAccess agents to the engine nodes with a bearer token.

|   |                                                                                                                                                                                                                                                          |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | To use bearer token authentication, you must upgrade to PingAccess 8.2 or later and version 3.0 of either the PingAccess agent for NGINX, IIS, or Apache (RHEL or SLES). Compatibility for the Apache (Windows) agent will be added in a future release. |

After you configure a compatible PingAccess agent with the updated `agent.properties` file and select **Require Token Authentication** in the agent's configuration, the agent creates, signs, and sends a unique JWT for every authentication request.

|   |                                                                                                                   |
| - | ----------------------------------------------------------------------------------------------------------------- |
|   | The JWT expires after 2 minutes, so you must ensure you synchronize the agent and the PingAccess server's clocks. |

Learn more in the [PingAccess 8.2 release notes](https://docs.pingidentity.com/pingaccess/8.2/release_notes/pa_release_notes.html#configure-pingaccess-to-allow-agents-to-authenticate-with-a-bearer-token). You can find setup instructions in [Configuring PingAccess agents to use bearer token authentication](../../9.0/pingaccess_user_interface_reference_guide/pa_configuring_pa_agents_to_use_bearer_token_authn.html).

## Agent SDK for C 1.4.1 (December 2024)

### RHEL 7 deprecation

Info

Support for RHEL 7 will be deprecated in the next version.

### Fixed an issue with sending requests to the PingAccess engine

Fixed PASDKC-195

Fixed an issue that caused agents to fail to contact the PingAccess engine about requests meant for the PingAccess reserved application if the root resource was anonymous.

### Fixed an issue with form character blocking

Fixed PASDKC-193

Fixed an issue that caused errant form character blocking if XSS blocking was configured. This issue was applicable even if form blocking wasn't configured.

## Agent SDK for C 1.4 (October 2024)

### Added support for RHEL 9

New

Added support for RHEL 9.

### Cache multiple token-types for **Web + API** applications

New PA-15516

If you use a **Web + API** application, the `vnd-pi-resource-cache` PingAccess agent protocol (PAAP) header now contains an additional path so **Web + API** applications can cache both cookie and authorization header token-types.

Learn more in the **Cache multiple token-types for Web + API applications** entry in the [PingAccess 8.1 release notes](../release_notes/pa_81_rn.html).

### Block bad characters

New PAA-251

Configure an agent to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without having to reach out to PingAccess for a decision.

Added eight new properties to each agent:

1. `agent.request.block.xss.characters`

2. `agent.request.block.uri.characters`

3. `agent.request.block.query.characters`

4. `agent.request.block.form.characters`

5. `agent.request.block.xss.http.status`

6. `agent.request.block.uri.http.status`

7. `agent.request.block.query.http.status`

8. `agent.request.block.form.http.status`

|   |                                                                                                                                 |
| - | ------------------------------------------------------------------------------------------------------------------------------- |
|   | For large scale or more complex blocking decisions, it's best practice for the agent to reach out to PingAccess for a decision. |

### Ignore CRL checking if revocation server is unresponsive

Improved PAA-265

Added a new configuration option to give protected applications better reliability without giving up the ability to perform CRL checking when the server is available: the `agent.engine.configuration.checkCertRevocation.bestEffort` property.

This change provides better alignment between PingAccess, PingFederate, and PingAccess policy server CRL checking.

|   |                                                                                                                                                               |
| - | ------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | To use the `agent.engine.configuration.checkCertRevocation.bestEffort` property, you must be using the native Windows SSL library, Secure Channel (Schannel). |

## Agent SDK for C 1.3 (June 2020)

### Removed support for RHEL 6

Info

Removed support for RHEL 6.

### Added support for RHEL 8

New

Added support for RHEL 8.

### Added agent inventory callback API

New

Added agent inventory callback API.

## Agent SDK for C 1.2.1 (February 2020)

### Fixed a potential security issue

Security

Fixed a potential security issue.

## Agent SDK for C 1.2 (June 2019)

### Fixed a potential security issue

Security

Fixed a potential security issue.

## Agent SDK for C 1.1.5 (February 2019)

### Added support for FreeBSD 8

New

Added support for FreeBSD 8.

## Agent SDK for C 1.1.4 (October 2018)

### Fixed potential security issues

Security

Fixed potential security issues.

## Agent SDK for C 1.1.3 (August 2018)

### Updated libcurl version

Improved

Updated version of libcurl to fix an issue where libcurl was only checking the first SAN in the server certificate.

### Fixed a potential security issue

Security

Fixed a potential security issue.

## Agent SDK for C 1.1.2 (March 2017)

### Expanded SUSE Linux Enterprise support

Improved

Added support for:

* SUSE Linux Enterprise Server 11 SP4 (x86\_64)

* SUSE Linux Enterprise Server 12 SP2 (x86\_64)

## Agent SDK for C 1.1.1 (January 2017)

### Workaround for Network Security Services library known issue

Info

Established a workaround for a [known issue](https://bugzilla.mozilla.org/show_bug.cgi?id=1202413) in the Network Security Services library that results in a memory leak when the agent closes a HTTPS connection to a PingAccess policy server. For more information, see [this KB article](https://support.pingidentity.com/s/article/Workaround-for-PingAccess-Apache-Agent-3rd-party-library-memory-leak).

### Fixed issue with duplicate headers leading to blocked requests

Fixed

Fixed an issue where duplicate headers were included in the backend request to the PingAccess engine, causing the agent to block the request for content.

## Agent SDK for C 1.1 (November 2016)

### Added policy server failover support

New

Added policy server failover support. Policy server failover support is only provided by the SDK when using the libcurl HTTP client.

## Agent SDK for C 1.0.2 (September 2016)

### Fixed missing `CRL Distribution Point` extension

Fixed

Fixed an issue where agents could not communicate with PingAccess servers using a certificate signed by a certificate authority because the `CRL Distribution Point` extension is missing. This issue is limited to agents on Windows deployments.

### Addressed potential security vulnerability affecting Windows deployments

Security

Addressed a potential security vulnerability. This issue is limited to Windows deployments.

## Agent SDK for C 1.0.1 (May 2016)

### Fixed ZeroMQ policy cache issue with terminated processes

Fixed

Fixed an issue with ZeroMQ policy cache where a terminated process could cause a condition that resulted in unexpected CPU utilization.

## Agent SDK for C 1.0 (April 2016)

### Initial release

Info

Initial release of the Agent SDK for C.