PingAuthorize 10.1.0.0 (June 2024)
Make real-time data calls to relational databases
New
We added a new Database service type, enabling you to use relational databases as policy information points (PIP) during policy development. Services retrieve information from external data sources for use in context-aware authorization decisions. Now, you can dynamically query and transform such information from relational databases. Learn more in Database services.
Implement third-party decision log publishers with the PingData Server SDK
New
We added a new Policy Decision Logger extension to the Server SDK for developing third-party decision log publishers. This extension enables you to configure custom decision logging behavior and log destinations. You can extend the provided PolicyDecisionLogger API in the Server SDK to implement your custom logic. Learn more in Managing Server SDK Extensions and the doc/getting-started directory in your SDK download.
Map decision request headers to Trust Framework attributes
New
We added the ability to map headers of incoming JSON PDP API requests to Trust Framework attributes. PingAuthorize uses these mappings to dynamically populate attribute values with the values of incoming request headers, enabling you to leverage header data as decision context in request bodies. Learn more in Configuring policy request header mappings.
Determine whether service call results were retrieved from cache
New
We added the ability, for any call to external services with caching enabled, to determine whether the result of that call was retrieved from the cache. Learn more in Service caching.
Enable Camel service connections with the command line
New
We added the ability to enable Camel service connections in the Policy Editor with the command line. To ensure that Camel is used with the appropriate permissions and security controls, Camel services are disabled by default in the Policy Editor. Now, instead of manually updating the Policy Editor’s configuration, you can enable Camel service connections with the --enableCamelService option in non-interactive setup mode. Learn more in Enabling Camel service connections.
Enable JSON formatting for default Policy Editor loggers
New
We added support for the dropwizard-json-logging library to the default Policy Editor loggers. Now, you can add this library in the Policy Editor’s configuration.yml file to each logger stream you wish to enable JSON formatting for. The availability of this library does not impact the application’s default configuration. Learn more in Enabling JSON formatting for Policy Editor logs.
Added support for new platforms
New
We added support for Rocky Linux 9.3 and Red Hat Enterprise Linux 9.3. Learn more in System requirements.
Improved database service security
Improved
To address the possibility of remote code execution attacks with H2 database services, we made the database driver allow list configurable and unlisted H2 by default. Learn more in Database services.
Updated default configuration archive maximum
Info
To mitigate the performance impact of large archives, we updated the configuration archive to keep a maximum of 100 previous configurations by default
Fixed an issue with creating copies of policies
Fixed PAZ-12150
We fixed an issue where, in some cases, copying a policy created a redundant instance of that policy.
Fixed an issue with Library statement duplication
Fixed PAZ-9092
We fixed an issue where copying a rule containing a Library statement would create a new instance of that statement instead of reusing the existing one.
Fixed an issue with saving LDAP services
Fixed PAZ-12017
We fixed an issue where, after enabling caching for an LDAP service, specifying a Time to Live (TTL), and clicking Save, the specified TTL disappeared from the UI and backend configuration.
Fixed an issue with HTTP service requests
Fixed PAZ-12145
We fixed an issue where, when making HTTP service calls, the policy decision point would incorrectly assign default values to the request body and the content-type header.
Fixed an issue with self-governance decision requests
Fixed PAZ-3306
We fixed an issue where, when using an imported policy snapshot, self-governance decision requests were missing values in the action field.
Fixed an issue with Policy Query API responses
Fixed PAZ-12245
We fixed an issue where, when sending a Policy Query API request with an unbounded attribute in the query array, the system would return a 500 error status code if the unbounded attribute’s value was resolved to an empty collection.
Fixed an issue with the CLI tools reference
Fixed PAZ-3469
We fixed an issue where the CLI tools reference page was incorrectly titled Configuration Reference. Now, the page is correctly titled CLI Tools Reference.
Fixed an issue with the comparators list
Fixed PAZ-11768
We fixed an issue where, when creating rules in the Policy Editor, the comparators list extended outside of the list area, preventing you from scrolling through the list.
Fixed an issue with unnamed Trust Framework elements
Fixed PAZ-12150
We fixed an issue where a user could leave new elements defined in the Trust Framework unnamed, giving them a default name of Untitled. Now, you must specify a name for such elements before saving them.
Fixed an issue with copying Policy Editor elements
Fixed PAZ-12150
We fixed an issue where Policy Editor elements created as copies would inherit the version ID of the original element. As a result, copies of elements would persist in the Policy Editor UI after being deleted but would return 404 errors when selected. Now, copies of Policy Editor elements have distinct version IDs.