PingAccess

PingAccess Agent SDK for C release notes

These release notes summarize the changes in current and previous PingAccess Agent SDK for C updates.

The PingAccess Agent SDK for C no longer supports FreeBSD 8.

Agent SDK for C 1.4.1 (December 2024)

RHEL 7 deprecation

Info

Support for RHEL 7 will be deprecated in version 1.5.

Fixed an issue with sending requests to the PingAccess engine

Fixed PASDKC-195

Fixed an issue that caused agents to fail to contact the PingAccess engine about requests meant for the PingAccess reserved application if the root resource was anonymous.

Fixed an issue with form character blocking

Fixed PASDKC-193

Fixed an issue that caused errant form character blocking if XSS blocking was configured. This issue was applicable even if form blocking wasn’t configured.

Agent SDK for C 1.4 (October 2024)

Added support for RHEL 9

New

Added support for RHEL 9.

Cache multiple token-types for Web + API applications

New PA-15516

If you use a Web + API application, the vnd-pi-resource-cache PingAccess agent protocol (PAAP) header now contains an additional path so Web + API applications can cache both cookie and authorization header token-types.

Learn more in the Cache multiple token-types for Web + API applications entry in the PingAccess 8.1 release notes.

Block bad characters

New PAA-251

Configure an agent to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without having to reach out to PingAccess for a decision.

Added eight new properties to each agent:

  1. agent.request.block.xss.characters

  2. agent.request.block.uri.characters

  3. agent.request.block.query.characters

  4. agent.request.block.form.characters

  5. agent.request.block.xss.http.status

  6. agent.request.block.uri.http.status

  7. agent.request.block.query.http.status

  8. agent.request.block.form.http.status

For large scale or more complex blocking decisions, it’s best practice for the agent to reach out to PingAccess for a decision.

Ignore CRL checking if revocation server is unresponsive

Improved PAA-265

Added a new configuration option to give protected applications better reliability without giving up the ability to perform CRL checking when the server is available: the agent.engine.configuration.checkCertRevocation.bestEffort property.

This change provides better alignment between PingAccess, PingFederate, and PingAccess policy server CRL checking.

To use the agent.engine.configuration.checkCertRevocation.bestEffort property, you must be using the native Windows SSL library, Secure Channel (Schannel).

Agent SDK for C 1.3 (June 2020)

Removed support for RHEL 6

Info

Removed support for RHEL 6.

Added support for RHEL 8

New

Added support for RHEL 8.

Added agent inventory callback API

New

Added agent inventory callback API.

Agent SDK for C 1.2.1 (February 2020)

Fixed a potential security issue

Security

Fixed a potential security issue.

Agent SDK for C 1.2 (June 2019)

Fixed a potential security issue

Security

Fixed a potential security issue.

Agent SDK for C 1.1.5 (February 2019)

Added support for FreeBSD 8

New

Added support for FreeBSD 8.

Agent SDK for C 1.1.4 (October 2018)

Fixed potential security issues

Security

Fixed potential security issues.

Agent SDK for C 1.1.3 (August 2018)

Updated libcurl version

Improved

Updated version of libcurl to fix an issue where libcurl was only checking the first SAN in the server certificate.

Fixed a potential security issue

Security

Fixed a potential security issue.

Agent SDK for C 1.1.2 (March 2017)

Expanded SUSE Linux Enterprise support

Improved

Added support for:

  • SUSE Linux Enterprise Server 11 SP4 (x86_64)

  • SUSE Linux Enterprise Server 12 SP2 (x86_64)

Agent SDK for C 1.1.1 (January 2017)

Workaround for Network Security Services library known issue

Info

Established a workaround for a known issue in the Network Security Services library that results in a memory leak when the agent closes a HTTPS connection to a PingAccess policy server. For more information, see this KB article.

Fixed issue with duplicate headers leading to blocked requests

Fixed

Fixed an issue where duplicate headers were included in the backend request to the PingAccess engine, causing the agent to block the request for content.

Agent SDK for C 1.1 (November 2016)

Added policy server failover support

New

Added policy server failover support. Policy server failover support is only provided by the SDK when using the libcurl HTTP client.

Agent SDK for C 1.0.2 (September 2016)

Fixed missing CRL Distribution Point extension

Fixed

Fixed an issue where agents could not communicate with PingAccess servers using a certificate signed by a certificate authority because the CRL Distribution Point extension is missing. This issue is limited to agents on Windows deployments.

Addressed potential security vulnerability affecting Windows deployments

Security

Addressed a potential security vulnerability. This issue is limited to Windows deployments.

Agent SDK for C 1.0.1 (May 2016)

Fixed ZeroMQ policy cache issue with terminated processes

Fixed

Fixed an issue with ZeroMQ policy cache where a terminated process could cause a condition that resulted in unexpected CPU utilization.

Agent SDK for C 1.0 (April 2016)

Initial release

Info

Initial release of the Agent SDK for C.