---
title: Changes in AM 7.5.x
description: Previously, for journeys containing a Certificate Collector node, AM would throw an exception in the following scenario:
component: pingam
version: release-notes
page_id: pingam::changes-7.5
canonical_url: https://docs.pingidentity.com/pingam/release-notes/changes-7.5.html
section_ids:
  am_7_5: AM 7.5
  change-cert-collector-node: Change in behavior for journeys containing a Certificate Collector node
  change-padinputs: Default setting for AES key wrap encryption
  change-introspected: Change to OAuth 2.0 refresh token introspection response types
---

# Changes in AM 7.5.x

## AM 7.5

### Change in behavior for journeys containing a [Certificate Collector node](https://docs.pingidentity.com/auth-node-ref/8.1/certificate-collector.html)

Previously, for journeys containing a [Certificate Collector node](https://docs.pingidentity.com/auth-node-ref/8.1/certificate-collector.html), AM would throw an exception in the following scenario:

* You set the node's Certificate Collection Method property to `Either` or `Header`

* You specified an HTTP header name

* The certificate was missing from the browser (and from the request if `Either` was selected)

Now, in this scenario, the journey continues down the `Not Collected` path.

### Default setting for AES key wrap encryption

The system property `org.forgerock.openam.encryption.padshortinputs` is now `true` by default.

This property pads short inputs (less than 8 bytes). If you're using [AES key wrap encryption](https://docs.pingidentity.com/pingam/7.5/install-guide/prepare-aeswrap.html), do one of the following *before you upgrade* to AM 7.5:

* Check that any passwords encrypted with AES key wrap encryption are longer than eight characters. AM won't be able to decrypt shorter values.

* Set `org.forgerock.openam.encryption.padshortinputs` to `true` and re-save any short passwords to update the padding.

### Change to OAuth 2.0 refresh token introspection response types

Previously, introspecting a stateful refresh token returned some claims as an array containing a single string.

For consistency, the following claims are now returned as strings:

* `realm`

* `userName`

* `authGrantId`

* `clientID`