---
title: PingAccess agent for NGINX release notes
description: These release notes summarize the changes in current and previous PingAccess agent for NGINX updates.
component: pingaccess
version: 9.0
page_id: pingaccess:agents_and_integrations:pa_nginx_agent_rn
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/agents_and_integrations/pa_nginx_agent_rn.html
revdate: August 19, 2025
section_ids:
  pingaccess-agent-for-nginx-3-0-may-2025: PingAccess agent for NGINX 3.0 (May 2025)
  agent-sdk-for-c-compatibility: Agent SDK for C compatibility
  authenticate-the-pingaccess-agent-for-nginx-with-a-bearer-token: Authenticate the PingAccess agent for NGINX with a bearer token
  pingaccess-agent-for-nginx-2-2-december-2024: PingAccess agent for NGINX 2.2 (December 2024)
  agent-sdk-for-c-compatibility-2: Agent SDK for C compatibility
  rhel-7-deprecation: RHEL 7 deprecation
  cache-multiple-token-types-for-web-api-applications: Cache multiple token-types for Web + API applications
  block-bad-characters-in-nginx-agent-deployments: Block bad characters in NGINX agent deployments
  pingaccess-agent-for-nginx-2-1-1-november-2020: PingAccess agent for NGINX 2.1.1 (November 2020)
  agent-sdk-for-c-compatibility-3: Agent SDK for C compatibility
  fixed-issues-that-occurred-after-a-request-header-modification: Fixed issues that occurred after a request header modification
  pingaccess-agent-for-nginx-2-1-july-2020: PingAccess agent for NGINX 2.1 (July 2020)
  agent-sdk-for-c-compatibility-4: Agent SDK for C compatibility
  added-agent-inventory-callback-api: Added agent inventory callback API
  pingaccess-agent-for-nginx-2-0-2-february-2020: PingAccess agent for NGINX 2.0.2 (February 2020)
  agent-sdk-for-c-compatibility-5: Agent SDK for C compatibility
  set-the-max-size-of-the-received-response-header: Set the max size of the received response header
  pingaccess-agent-for-nginx-2-0-1-june-2019: PingAccess agent for NGINX 2.0.1 (June 2019)
  agent-sdk-for-c-compatibility-6: Agent SDK for C compatibility
  fixed-a-potential-security-issue: Fixed a potential security issue
  pingaccess-agent-for-nginx-2-0-february-2019: PingAccess agent for NGINX 2.0 (February 2019)
  use-the-nginx-http-stack-to-communicate-with-pingaccess-policy-servers: Use the NGINX HTTP stack to communicate with PingAccess policy servers
  fixed-a-potential-security-issue-2: Fixed a potential security issue
  pingaccess-agent-for-nginx-1-1-1-july-2017: PingAccess agent for NGINX 1.1.1 (July 2017)
  start-or-stop-nginx-using-the-systemctl-command: Start or stop NGINX using the systemctl command
  fixed-ssl-connectivity-issue: Fixed SSL connectivity issue
  pingaccess-agent-for-nginx-1-1-march-2017: PingAccess agent for NGINX 1.1 (March 2017)
  nginx-certification-requirements: NGINX certification requirements
  pingaccess-agent-for-nginx-1-0-january-2017: PingAccess agent for NGINX 1.0 (January 2017)
  initial-release: Initial release
---

# PingAccess agent for NGINX release notes

These release notes summarize the changes in current and previous PingAccess agent for NGINX updates.

## PingAccess agent for NGINX 3.0 (May 2025)

### Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 3.0.

### Authenticate the PingAccess agent for NGINX with a bearer token

New PASDKC-199

Authenticate PingAccess agents to the engine nodes with a stronger authentication method.

|   |                                                                                                                   |
| - | ----------------------------------------------------------------------------------------------------------------- |
|   | To use this feature, you must upgrade to PingAccess 8.2 or later and the PingAccess agent for NGINX 3.0 or later. |

Learn more in the [PingAccess 8.2 release notes](https://docs.pingidentity.com/pingaccess/8.3/release_notes/pa_release_notes.html#configure-pingaccess-to-allow-agents-to-authenticate-with-a-bearer-token). You can find setup instructions in [Configuring PingAccess agents to use bearer token authentication](../pingaccess_user_interface_reference_guide/pa_configuring_pa_agents_to_use_bearer_token_authn.html) and [Agent SDK for C 3.0 (April 2025)](pa_sdk_for_c_rn.html#sdk-for-c-30).

## PingAccess agent for NGINX 2.2 (December 2024)

### Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.4.1.

### RHEL 7 deprecation

Info

Support for RHEL 7 will be deprecated in version 1.5.

### Cache multiple token-types for **Web + API** applications

New PA-15516

If you use a **Web + API** application, the `vnd-pi-resource-cache` PingAccess agent protocol (PAAP) header now contains an additional path so **Web + API** applications can cache both cookie and authorization header token-types. Learn more in the **Cache multiple token-types for Web + API applications** entry in the PingAccess 8.1 release notes, and the `agent.cache.defaultTokenType` property on the NGINX agent configuration page.

|   |                                                                                                                                                                                                                                                                                                                         |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | Existing agent environments ignore the new `vnd-pi-token-cache-oauth-ttl` header and additional paths in the `vnd-pi-resource-cache` header.To see the performance boost, upgrade to PingAccess 8.1 or later and upgrade to the latest version of the NGINX agent. Otherwise, continue to use an earlier agent version. |

### Block bad characters in NGINX agent deployments

New PAA-251

Configure the PingAccess agent for NGINX to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without reaching out to PingAccess for a decision.

Added eight new properties to the agent:

1. `agent.request.block.xss.characters`

2. `agent.request.block.uri.characters`

3. `agent.request.block.query.characters`

4. `agent.request.block.form.characters`

5. `agent.request.block.xss.http.status`

6. `agent.request.block.uri.http.status`

7. `agent.request.block.query.http.status`

8. `agent.request.block.form.http.status`

Learn more in the [NGINX agent configuration](pa_nginx_agent_config.html) page.

|   |                                                                                                                                 |
| - | ------------------------------------------------------------------------------------------------------------------------------- |
|   | For large scale or more complex blocking decisions, it's best practice for the agent to reach out to PingAccess for a decision. |

## PingAccess agent for NGINX 2.1.1 (November 2020)

### Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.3.

### Fixed issues that occurred after a request header modification

Fixed PAA-203

Fixed an issue that caused an invalid memory access and sometimes caused crashes after a request header modification by another NGINX module.

## PingAccess agent for NGINX 2.1 (July 2020)

### Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.3.

### Added agent inventory callback API

New PAA-177

Added agent inventory callback API.

## PingAccess agent for NGINX 2.0.2 (February 2020)

### Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.2.1.

### Set the max size of the received response header

New PAA-161

Added a configuration property to set the maximum size of the response header that can be received from a PingAccess policy server.

## PingAccess agent for NGINX 2.0.1 (June 2019)

### Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.2.0.

### Fixed a potential security issue

Security

Fixed a potential security issue.

## PingAccess agent for NGINX 2.0 (February 2019)

### Use the NGINX HTTP stack to communicate with PingAccess policy servers

Improved

The PingAccess Agent for NGINX now leverages the built-in, event-driven HTTP stack in NGINX to communicate with PingAccess policy servers. Previously, the agent used its own HTTP client (implemented with libcurl) to communicate with PingAccess policy servers. In certain cases, this architecture lead to poor scalability. By using NGINX's built-in, event-driven HTTP stack, the agent is able to achieve superior scalability over previous versions.

### Fixed a potential security issue

Security

Fixed a potential security issue.

## PingAccess agent for NGINX 1.1.1 (July 2017)

### Start or stop NGINX using the `systemctl` command

New

Added support for starting and stopping NGINX using the `systemctl` command.

### Fixed SSL connectivity issue

Fixed

Resolved issue with SSL connectivity.

## PingAccess agent for NGINX 1.1 (March 2017)

### NGINX certification requirements

Improved

Updated the agent to meet NGINX certification requirements.

## PingAccess agent for NGINX 1.0 (January 2017)

### Initial release

Info

Initial release of the PingAccess agent for NGINX.