<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
    <channel>
        <title>Release Notes | PingAuthorize</title>
        <link>https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html</link>
        <description>Release Notes</description>
        <lastBuildDate>Tue, 30 Jun 2026 20:03:41 GMT</lastBuildDate>
        <docs>https://validator.w3.org/feed/docs/rss2.html</docs>
        <generator>https://github.com/jpmonette/feed</generator>
        <ttl>5</ttl>
        <copyright>Copyright 2026 Ping Identity. All rights reserved.</copyright>
        <item>
            <title><![CDATA[PingAuthorize 11.1.0.0 (June 2026)]]></title>
            <link>https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#pingauthorize-11-1-0-0-june-2026</link>
            <guid isPermaLink="false">https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#pingauthorize-11-1-0-0-june-2026</guid>
            <pubDate>Tue, 30 Jun 2026 12:00:00 GMT</pubDate>
            <description><![CDATA[

<div class="sectionbody">
<div class="sect2">
<h3 id="added-runtime-support-for-java-25"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#added-runtime-support-for-java-25"></a>Added runtime support for Java 25</h3>
<div class="paragraph">
<p><span class="ping_changetype-new">New</span>
<span class="ping_ticket">PAZ-21209</span></p>
</div>
<div class="paragraph">
<p>We added JRE support for Oracle JDK 25 and OpenJDK 25.</p>
</div>
<div class="admonitionblock important">
<table>
<tbody><tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
<div class="paragraph">
<p>Refer to the <a href="https://docs.pingidentity.com/pingauthorize/upgrading_pingauthorize/paz_upgrade_consids.html" class="xref page">upgrade considerations</a> for Java-related actions you must take when upgrading to Java 25.</p>
</div>
</td>
</tr>
</tbody></table>
</div>
</div>
<div class="sect2">
<h3 id="added-aws-iam-authentication-for-elasticache-and-s3"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#added-aws-iam-authentication-for-elasticache-and-s3"></a>Added AWS IAM authentication for ElastiCache and S3</h3>
<div class="paragraph">
<p><span class="ping_changetype-new">New</span>
<span class="ping_ticket">PAZ-21190</span></p>
</div>
<div class="paragraph">
<p>We added support for IAM Roles for Service Accounts (IRSA) with Amazon S3 deployment package and snapshot stores, and AWS KMS encryption. Omit static AWS access keys to use IRSA-projected credentials when running on Amazon EKS. Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_server_administration_guide/paz_amazons3_deploy_package.html" class="xref page">Adding an Amazon S3 deployment package store to PingAuthorize</a>.</p>
</div>
<div class="paragraph">
<p>We also added support for AWS Identity and Access Management (IAM) authentication for ElastiCache attribute and service caches. This removes the need to store Redis passwords in configuration files. Set <code class="codeph">use-iam-auth</code> to <code class="codeph">true</code> in your ElastiCache configuration to use short-lived IAM tokens instead of a static password. Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_server_administration_guide/paz_tf_attribute_cache_external.html" class="xref page">Configuring Trust Framework attribute caching for development</a> and <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_server_administration_guide/paz_tf_attribute_cache_embedded.html" class="xref page">Configuring Trust Framework attribute caching for production</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="added-custom-handling-for-non-2xx-http-service-responses"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#added-custom-handling-for-non-2xx-http-service-responses"></a>Added custom handling for non-2xx HTTP service responses</h3>
<div class="paragraph">
<p><span class="ping_changetype-new">New</span>
<span class="ping_ticket">PAZ-22196</span></p>
</div>
<div class="paragraph">
<p>We added the ability to pass non-2xx responses from HTTP services to policy evaluation as meaningful inputs, rather than treating them solely as failures. This allows policies to distinguish between expected service responses and genuine infrastructure errors, enabling more precise authorization decisions based on the full range of service outcomes.</p>
</div>
<div class="paragraph">
<p>Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_policy_administration_guide/paz_http_services.html#return_full_response" class="xref page">HTTP services</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="added-support-for-multiple-self-governance-system-usernames"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#added-support-for-multiple-self-governance-system-usernames"></a>Added support for multiple self-governance system usernames</h3>
<div class="paragraph">
<p><span class="ping_changetype-new">New</span>
<span class="ping_ticket">PAZ-20203</span></p>
</div>
<div class="paragraph">
<p>The <code class="codeph">--selfGovernanceSystemUsername</code> setup parameter now accepts a comma-separated list of usernames, allowing multiple self-governance administrators to manage the Policy Editor.</p>
</div>
<div class="paragraph">
<p>Learn more in <a href="https://docs.pingidentity.com/pingauthorize/installing_and_uninstalling_pingauthorize/paz_install_pe_noninteractive.html" class="xref page">Installing the Policy Editor non-interactively</a> and <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_policy_administration_guide/paz_self_gov.html" class="xref page">Self-governance</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="added-smtp-bearer-access-token-authentication"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#added-smtp-bearer-access-token-authentication"></a>Added SMTP bearer access token authentication</h3>
<div class="paragraph">
<p><span class="ping_changetype-new">New</span>
<span class="ping_ticket">DS-48730</span></p>
</div>
<div class="paragraph">
<p>The server now supports SMTP authentication by bearer access token. You can obtain a token through the OAuth 2.0 client credentials flow or configure a static token.</p>
</div>
</div>
<div class="sect2">
<h3 id="added-correlation-id-to-gateway-request-and-response-logs"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#added-correlation-id-to-gateway-request-and-response-logs"></a>Added correlation ID to gateway request and response logs</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">PAZ-22371</span></p>
</div>
<div class="paragraph">
<p>API security gateway request and response logs now include the correlation ID and request ID associated with each client request, enabling end-to-end correlation with policy decision and service logs.</p>
</div>
<div class="paragraph">
<p>Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_server_administration_guide/paz_manage_http_corr_ids.html" class="xref page">Managing HTTP correlation IDs</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="improved-policy-query-evaluation-performance"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#improved-policy-query-evaluation-performance"></a>Improved policy query evaluation performance</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">PAZ-20454</span></p>
</div>
<div class="paragraph">
<p>We improved policy query evaluation for requests with a large number of permutations. Request data is now parsed once per request rather than once per permutation, reducing processing overhead and improving response times.</p>
</div>
</div>
<div class="sect2">
<h3 id="added-pagination-to-the-deployment-package-list"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#added-pagination-to-the-deployment-package-list"></a>Added pagination to the deployment package list</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">PAZ-19361</span></p>
</div>
<div class="paragraph">
<p>The deployment package list in the Branch Manager now supports pagination, giving you access to the full package history in environments with more than 100 deployment packages.</p>
</div>
<div class="paragraph">
<p>Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_policy_administration_guide/paz_managing_deployment_packages.html" class="xref page">Deployment packages</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="expanded-scope-claim-format-support-in-contains-claim-pair-conditions"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#expanded-scope-claim-format-support-in-contains-claim-pair-conditions"></a>Expanded scope claim format support in Contains Claim Pair conditions</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">PAZ-22138</span></p>
</div>
<div class="paragraph">
<p>The <strong class="uicontrol">Contains Claim Pair</strong> and <strong class="uicontrol">Does Not Contain Claim Pair</strong> conditions now accept scope claims expressed as a JSON array of strings or a comma-delimited string, in addition to the existing space-delimited string format.</p>
</div>
<div class="paragraph">
<p>Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_policy_administration_guide/paz_conditions.html#condition_comparators" class="xref page">Conditions</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="simplified-trust-framework-element-creation"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#simplified-trust-framework-element-creation"></a>Simplified Trust Framework element creation</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">PAZ-22320</span></p>
</div>
<div class="paragraph">
<p>We’ve simplified the creation of Trust Framework elements. The <strong class="uicontrol">+</strong> button now opens the element’s definition form directly without an intermediate menu.</p>
</div>
</div>
<div class="sect2">
<h3 id="improved-access-control-rule-parsing-and-validation"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#improved-access-control-rule-parsing-and-validation"></a>Improved access control rule parsing and validation</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">DS-51399</span></p>
</div>
<div class="paragraph">
<p>We added a new mechanism for parsing and validating access control rules. The new parser runs alongside the existing one and might help identify problematic ACIs and provide more useful error messages for malformed rules.</p>
</div>
<div class="paragraph">
<p>All currently valid ACIs continue to be accepted and operate as before. The server raises an administrative alert upon encountering any ACIs not supported by the new parser.</p>
</div>
<div class="admonitionblock important">
<table>
<tbody><tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
<div class="paragraph">
<p>We plan to remove the existing parser in a future release. At that time, ACIs flagged by the new parser won’t be permitted.</p>
</div>
</td>
</tr>
</tbody></table>
</div>
</div>
<div class="sect2">
<h3 id="improved-connection-asymmetry-alarm-visibility"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#improved-connection-asymmetry-alarm-visibility"></a>Improved connection-asymmetry alarm visibility</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">DS-49225</span></p>
</div>
<div class="paragraph">
<p>You can now quickly identify peers causing topology connection-asymmetry alarms. The mirrored subtree manager monitor entry automatically includes the <code class="codeph">peer-inbound-only</code> and <code class="codeph">peer-outbound-only</code> attributes if any servers appear in only the inbound or outbound connection set. Connection-asymmetry alarm messages include the names of the peers involved.</p>
</div>
</div>
<div class="sect2">
<h3 id="reduced-server-startup-time-on-linux"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#reduced-server-startup-time-on-linux"></a>Reduced server startup time on Linux</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">DS-50645</span></p>
</div>
<div class="paragraph">
<p>To reduce server startup time when you run <code class="cmdname">start-server</code>, we reduced the number of Java processes that get created before starting the server. This change only applies to Linux and is enabled by default.</p>
</div>
<div class="admonitionblock important">
<table>
<tbody><tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
<div class="paragraph">
<p>In deployments that run multiple server instances per node, parallel server startups can increase short-term CPU load, because JVM initialization occurs at the same time across instances. This effect might be more noticeable with this improvement enabled.</p>
</div>
<div class="paragraph">
<p>To revert to the prior behavior, set the environment variable <code class="codeph">UNBOUNDID_FAST_START</code> to <code class="codeph">false</code>.</p>
</div>
</td>
</tr>
</tbody></table>
</div>
</div>
<div class="sect2">
<h3 id="improved-prometheus-metrics-output-format"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#improved-prometheus-metrics-output-format"></a>Improved Prometheus metrics output format</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">DS-51115</span></p>
</div>
<div class="paragraph">
<p>The Prometheus Monitoring HTTP Servlet Extension now groups metrics with the same name under common <code class="codeph">HELP</code> and <code class="codeph">TYPE</code> headers, which more closely follows the standard for annotating metric families in Prometheus.</p>
</div>
</div>
<div class="sect2">
<h3 id="upgraded-the-embedded-http-server-to-jetty-12"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#upgraded-the-embedded-http-server-to-jetty-12"></a>Upgraded the embedded HTTP server to Jetty 12</h3>
<div class="paragraph">
<p><span class="ping_changetype-info">Info</span>
<span class="ping_ticket">DS-51450</span></p>
</div>
<div class="paragraph">
<p>We upgraded the embedded HTTP server from Jetty 11 to Jetty 12. Most behavior is preserved, with the following exceptions:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>HTTP requests with unencoded reserved characters in path segments (for example, a literal forward slash in a distinguished name such as <code class="codeph">/directory/v1/sn=Sch/m*i^d</code>) now receive a <code class="msgph">400 Bad Request</code> response instead of being silently truncated at the reserved character. Clients using the Directory REST API, SCIM API, or any other HTTP servlet extension must percent-encode reserved characters in URL path segments. For example, encode a forward slash in an attribute value as <code class="codeph">%2F</code>, a caret as <code class="codeph">%5E</code>, and a question mark as <code class="codeph">%3F</code>. This requirement is specified in <a href="https://datatracker.ietf.org/doc/html/rfc3986" target="_blank" rel="noopener">RFC 3986</a> and is now enforced.</p>
</li>
<li>
<p>The <code class="codeph">Location</code> header in HTTP redirect responses now always contains an absolute URI as required by <a href="https://datatracker.ietf.org/doc/html/rfc7231" target="_blank" rel="noopener">RFC 7231</a>. Update any clients that relied on a relative URI in this header.</p>
</li>
</ul>
</div>
</div>
<div class="sect2">
<h3 id="removed-scim-1-1-support"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#removed-scim-1-1-support"></a>Removed SCIM 1.1 support</h3>
<div class="paragraph">
<p><span class="ping_changetype-info">Info</span>
<span class="ping_ticket">DS-49199</span></p>
</div>
<div class="paragraph">
<p>We removed SCIM 1.1 and related functionality from the server. Migrate any functionality to SCIM 2.0.</p>
</div>
<div class="admonitionblock important">
<table>
<tbody><tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
<div class="paragraph">
<p>If the server uses SCIM 1.1, you must remove the servlet extensions from all HTTP connection handlers before upgrading. For example:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-shell hljs" data-lang="shell">$ bin/dsconfig set-connection-handler-prop \
    --handler-name "HTTPS Connection Handler" \
    --remove http-servlet-extension:SCIM</code></pre>
</div>
</div>
</td>
</tr>
</tbody></table>
</div>
</div>
<div class="sect2">
<h3 id="updated-the-opencsv-library"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#updated-the-opencsv-library"></a>Updated the opencsv library</h3>
<div class="paragraph">
<p><span class="ping_changetype-info">Info</span>
<span class="ping_ticket">DS-51436</span></p>
</div>
<div class="paragraph">
<p>We updated the opencsv library from the abandoned <code class="filepath">net.sf.opencsv</code> 2.3 to the current <code class="filepath">com.opencsv</code> 5.10.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-502-errors-when-using-an-http-proxy-with-api-external-servers"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-502-errors-when-using-an-http-proxy-with-api-external-servers"></a>Fixed 502 errors when using an HTTP proxy with API external servers</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">PAZ-22700</span></p>
</div>
<div class="paragraph">
<p>We fixed an issue where gateway API endpoint requests failed with <code class="msgph">502 Bad Gateway</code> when the API external server had an HTTP proxy external server configured.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-an-issue-with-scoped-caching"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-an-issue-with-scoped-caching"></a>Fixed an issue with scoped caching</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">PAZ-22768</span></p>
</div>
<div class="paragraph">
<p>We fixed an issue where missing inputs for cached attributes could cause policy evaluation to fail, even when the service call to resolve that attribute was successful.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-the-nodetach-option-for-start-server"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-the-nodetach-option-for-start-server"></a>Fixed the <code class="option">--nodetach</code> option for <code class="cmdname">start-server</code></h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">DS-51565</span></p>
</div>
<div class="paragraph">
<p>We fixed the <code class="codeph">--nodetach</code> option for <code class="cmdname">start-server</code> so that it correctly prevents the server from starting in a detached manner.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-a-tls-1-3-connection-termination-issue"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-a-tls-1-3-connection-termination-issue"></a>Fixed a TLS 1.3 connection termination issue</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">DS-51445</span></p>
</div>
<div class="paragraph">
<p>We fixed an issue that could cause a small percentage of LDAP connections secured with TLS 1.3 to be prematurely terminated.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-a-manage-profile-replace-profile-error"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-a-manage-profile-replace-profile-error"></a>Fixed a <code class="cmdname">manage-profile replace-profile</code> error</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">DS-51396</span></p>
</div>
<div class="paragraph">
<p>We fixed an issue where the <code class="cmdname">manage-profile replace-profile</code> tool could fail with a <code class="msgph">DirectoryNotEmptyException</code> during upgrades in environments where the logs directory was mounted as a separate volume. The failure was caused by the tool holding an internal lock on a background optimization file during the upgrade process. Now, the tool correctly releases these locks and skips migration of non-essential cache files.</p>
</div>
<div class="paragraph">
<p>We also fixed an issue where the <code class="cmdname">setup</code> tool didn’t always correctly apply the <code class="option">--optionCacheDirectory</code> argument.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-manage-profile-generate-profile-excluding-obscured-properties"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-manage-profile-generate-profile-excluding-obscured-properties"></a>Fixed <code class="cmdname">manage-profile generate-profile</code> excluding obscured properties</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">DS-51245</span></p>
</div>
<div class="paragraph">
<p>We fixed an issue where, after an upgrade, <code class="cmdname">manage-profile generate-profile</code> excluded <code class="cmdname">dsconfig</code> commands from the profile that set obscured properties.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-a-server-shutdown-delay-issue"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-a-server-shutdown-delay-issue"></a>Fixed a server shutdown delay issue</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">DS-51291</span></p>
</div>
<div class="paragraph">
<p>We fixed an issue where a large number of peer connections or unresponsive peers could cause excessively long server shutdown times.</p>
</div>
</div>
</div>
]]></description>
        </item>
        <item>
            <title><![CDATA[PingAuthorize 11.0.0.2 (March 2026)]]></title>
            <link>https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#pingauthorize-11-0-0-2-march-2026</link>
            <guid isPermaLink="false">https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#pingauthorize-11-0-0-2-march-2026</guid>
            <pubDate>Fri, 27 Mar 2026 12:00:00 GMT</pubDate>
            <description><![CDATA[

<div class="sectionbody">
<div class="sect2">
<h3 id="added-a-policy-query-logger-sdk-extension"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#added-a-policy-query-logger-sdk-extension"></a>Added a Policy Query Logger SDK extension</h3>
<div class="paragraph">
<p><span class="ping_changetype-new">New</span>
<span class="ping_ticket">PAZ-21778</span></p>
</div>
<div class="paragraph">
<p>We added a new Policy Query Logger extension to the Server SDK for customizing how policy query requests, responses, and permutations are logged. You can use this extension to:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>Define custom log formats and destinations.</p>
</li>
<li>
<p>Integrate with external logging systems.</p>
</li>
</ul>
</div>
<div class="paragraph">
<p>Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_server_administration_guide/paz_managing_sdk_extensions.html" class="xref page">Server SDK Extensions</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-an-issue-with-admin-console-icons-in-closed-environments"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-an-issue-with-admin-console-icons-in-closed-environments"></a>Fixed an issue with admin console icons in closed environments</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">DS-50165</span></p>
</div>
<div class="paragraph">
<p>The admin console now properly displays icons when running in an environment that doesn’t have access to the internet, such as a closed environment.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-a-server-startup-warning-related-to-slf4j"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-a-server-startup-warning-related-to-slf4j"></a>Fixed a server startup warning related to SLF4J</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">DS-50990</span></p>
</div>
<div class="paragraph">
<p>We resolved the following server startup warning: <code class="msgph">SLF4J(E): A service provider failed to instantiate: org.slf4j.spi.SLF4JServiceProvider: Provider org.slf4j.impl.PingSLF4JServiceProvider not found.</code></p>
</div>
</div>
</div>
]]></description>
        </item>
        <item>
            <title><![CDATA[PingAuthorize 11.0.0.1 (March 2026)]]></title>
            <link>https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#pingauthorize-11-0-0-1-march-2026</link>
            <guid isPermaLink="false">https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#pingauthorize-11-0-0-1-march-2026</guid>
            <pubDate>Thu, 05 Mar 2026 12:00:00 GMT</pubDate>
            <description><![CDATA[

<div class="sectionbody">
<div class="sect2">
<h3 id="version-increased-for-administrative-purposes"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#version-increased-for-administrative-purposes"></a>Version increased for administrative purposes</h3>
<div class="paragraph">
<p><span class="ping_changetype-info">Info</span></p>
</div>
<div class="paragraph">
<p>The PingAuthorize version number was incremented due to changes released for PingDirectory. There are no release notes for this version of PingAuthorize.</p>
</div>
</div>
</div>
]]></description>
        </item>
        <item>
            <title><![CDATA[PingAuthorize 11.0.0.0 (December 2025)]]></title>
            <link>https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#pingauthorize-11-0-0-0-december-2025</link>
            <guid isPermaLink="false">https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#pingauthorize-11-0-0-0-december-2025</guid>
            <pubDate>Tue, 16 Dec 2025 12:00:00 GMT</pubDate>
            <description><![CDATA[

<div class="sectionbody">
<div class="sect2">
<h3 id="converted-the-pingauthorize-admin-console-to-react"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#converted-the-pingauthorize-admin-console-to-react"></a>Converted the PingAuthorize admin console to React</h3>
<div class="paragraph">
<p><span class="ping_changetype-new">New</span>
<span class="ping_ticket">DS-44421</span></p>
</div>
<div class="paragraph">
<p>We’ve rebuilt the PingAuthorize admin console from AngularJS to a modern React-based interface. The updated console offers improved performance, accessibility, and maintainability while preserving familiar configuration and monitoring workflows.</p>
</div>
<div class="paragraph">
<p>In addition to this restyling, we’ve introduced:</p>
</div>
<div class="ulist">
<ul>
<li>
<p><strong>Read-only mode support</strong>: You can now place the admin console into read-only mode using the <code class="codeph">system.readOnly</code> configuration property, preventing changes to server configuration.</p>
</li>
<li>
<p><strong>Expert-level configuration</strong>: The admin console’s <code class="codeph">configuration.complexity</code> property now defaults to <code class="codeph">expert</code>, allowing you to view and create expert-level configuration objects.</p>
</li>
<li>
<p><strong>Configurable console name</strong>: You can now change the admin console’s displayed title using the <code class="codeph">branding.appName</code> configuration property.</p>
</li>
</ul>
</div>
<div class="admonitionblock note">
<table>
<tbody><tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
<div class="paragraph">
<p>The React-based admin console requires PingAuthorize Server 11.0 or later.</p>
</div>
</td>
</tr>
</tbody></table>
</div>
<div class="paragraph">
<p>Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_server_administration_guide/paz_using_admin_console.html" class="xref page">Using the PingAuthorize admin console</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="step-up-authentication-for-apis"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#step-up-authentication-for-apis"></a>Step-up authentication for APIs</h3>
<div class="paragraph">
<p><span class="ping_changetype-new">New</span>
<span class="ping_ticket">PAZ-17047</span></p>
</div>
<div class="paragraph">
<p>You can now force step-up authentication when users access sensitive resources. When authenticated users try to access higher-risk data, such as salary information, health records, or premium content, you can require a higher level of authentication and also set limits on the amount of time allowed since the last authentication event.</p>
</div>
<div class="paragraph">
<p>Use the new <strong class="uicontrol">Auth Challenge</strong> statement type to implement step-up authentication requirements in your policies. Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_policy_administration_guide/paz_step_up_auth.html" class="xref page">Step-up authentication for APIs</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="new-json-manipulation-functions-for-spel"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#new-json-manipulation-functions-for-spel"></a>New JSON manipulation functions for SpEL</h3>
<div class="paragraph">
<p><span class="ping_changetype-new">New</span>
<span class="ping_ticket">PAZ-17686</span></p>
</div>
<div class="paragraph">
<p>PingAuthorize now includes productized JSON data manipulation functions for SpEL, making it easier to query, filter, and transform JSON data directly within policies.</p>
</div>
<div class="paragraph">
<p>This release introduces the following functions:</p>
</div>
<div class="ulist">
<ul>
<li>
<p><code class="codeph">data_associateByKey</code>: Joins two JSON arrays or objects based on a shared key, allowing you to enrich one data set with related information from another.</p>
</li>
<li>
<p><code class="codeph">data_containsKey</code>: Filters a JSON collection to return only objects that contain a specific key.</p>
</li>
</ul>
</div>
<div class="paragraph">
<p>By providing native support for common JSON operations, these functions improve policy clarity, consistency, and performance while reducing reliance on custom expressions.</p>
</div>
<div class="paragraph">
<p>Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_policy_administration_guide/paz_spel_example_functions.html" class="xref page">SpEL processing examples</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="added-support-for-rsassa-pss-signing-algorithms"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#added-support-for-rsassa-pss-signing-algorithms"></a>Added support for RSASSA-PSS signing algorithms</h3>
<div class="paragraph">
<p><span class="ping_changetype-new">New</span>
<span class="ping_ticket">PAZ-19054</span></p>
</div>
<div class="paragraph">
<p>The ID Token Validator and JWT Access Token Validator now support the PS256, PS384, and PS512 signing algorithms for OIDC-based logins to the PingAuthorize admin console or Policy Editor.</p>
</div>
<div class="paragraph">
<p>Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_server_administration_guide/paz_access_token_val_types.html" class="xref page">Access token validator types</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="added-http-metrics-to-the-periodic-stats-logger"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#added-http-metrics-to-the-periodic-stats-logger"></a>Added HTTP metrics to the Periodic Stats Logger</h3>
<div class="paragraph">
<p><span class="ping_changetype-new">New</span>
<span class="ping_ticket">PAZ-17947</span></p>
</div>
<div class="paragraph">
<p>We’ve added support for HTTP metrics in the Periodic Stats Logger, offering deeper insights into HTTP request flow and PingAuthorize Server performance. When enabled, the server captures detailed statistics at rolling 1-minute, 5-minute, and 15-minute intervals to help monitor short-term spikes and longer-term trends.</p>
</div>
<div class="paragraph">
<p>Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_server_administration_guide/paz_enable_http_metrics_stats_logger.html" class="xref page">Enabling HTTP metrics in the Periodic Stats Logger</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="standardized-url-decoding-behavior"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#standardized-url-decoding-behavior"></a>Standardized URL decoding behavior</h3>
<div class="paragraph">
<p><span class="ping_changetype-info">Info</span>
<span class="ping_ticket">PAZ-20178</span></p>
</div>
<div class="paragraph">
<p>We’ve standardized URL decoding behavior:</p>
</div>
<div class="ulist">
<ul>
<li>
<p><strong>Policy evaluation</strong>: The PingAuthorize Server now decodes the incoming request URL, including the path and query parameters, exactly once before policy evaluation.</p>
</li>
<li>
<p><strong>Request forwarding</strong>: The PingAuthorize Server now forwards the original, unmodified request URL to the backend resource server.</p>
</li>
</ul>
</div>
<div class="admonitionblock important">
<table>
<tbody><tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
<div class="paragraph">
<p>Backend resource servers must now perform their own URL decoding in accordance with <a href="https://datatracker.ietf.org/doc/html/rfc3986" target="_blank" rel="noopener">RFC-3986</a>. If your resource servers previously relied on PingAuthorize to forward fully-decoded request URLs, now these servers might fail to process encoded URLs correctly. You must update these servers to handle encoded URLs or deploy a proxy to decode traffic before it reaches the server.</p>
</div>
</td>
</tr>
</tbody></table>
</div>
</div>
<div class="sect2">
<h3 id="documented-the-monitor-history-plugin"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#documented-the-monitor-history-plugin"></a>Documented the Monitor History plugin</h3>
<div class="paragraph">
<p><span class="ping_changetype-info">Info</span>
<span class="ping_ticket">PAZ-18453</span></p>
</div>
<div class="paragraph">
<p>We’ve added documentation for the PingAuthorize Server’s Monitor History plugin, a server component designed to help analyze performance issues and server crashes. This new documentation details how to:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>Capture the server state leading up to a crash or restart.</p>
</li>
<li>
<p>View Java Virtual Machine (JVM) stack traces to identify blocked or stuck threads.</p>
</li>
<li>
<p>Monitor resource usage and work queue depth over time.</p>
</li>
</ul>
</div>
<div class="paragraph">
<p>Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_server_administration_guide/paz_using_monitor_history_plugin.html" class="xref page">Using the Monitor History plugin</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="aws-java-sdk-upgrade"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#aws-java-sdk-upgrade"></a>AWS Java SDK upgrade</h3>
<div class="paragraph">
<p><span class="ping_changetype-info">Info</span>
<span class="ping_ticket">PAZ-18383</span></p>
</div>
<div class="paragraph">
<p>We’ve upgraded to AWS Java SDK v2. This upgrade changes the default behavior for Amazon S3 connections to use virtual-hosted-style URLs, disabling legacy path-style access by default.</p>
</div>
<div class="paragraph">
<p>If your Amazon S3 deployment package stores require path-style access (for example, <code class="codeph">https://s3.amazonaws.com/<span class="var">&lt;bucket-name&gt;</span></code>), enable the <strong class="uicontrol">Use Path Style Access</strong> option in the PingAuthorize S3 store configuration to maintain connectivity.</p>
</div>
<div class="paragraph">
<p>Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_server_administration_guide/paz_amazons3_deploy_package.html" class="xref page">Adding an Amazon S3 deployment package store to PingAuthorize</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="enhanced-flexibility-for-policy-query-requests"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#enhanced-flexibility-for-policy-query-requests"></a>Enhanced flexibility for policy query requests</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">PAZ-19611</span></p>
</div>
<div class="paragraph">
<p>We’ve enhanced the <code class="codeph">/query</code> endpoint of the JSON PDP API to support more expressive and open-ended authorization queries:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>You can now include up to two unbound attributes per request for broader discovery scenarios.</p>
</li>
<li>
<p>You can now include up to three multivalued attributes per request for complex batch-style evaluations.</p>
</li>
<li>
<p>You can now resolve query attributes dynamically using other query attributes. For example, the system can first resolve a list of resources and then, for each resource, resolve the list of actions applicable to it.</p>
</li>
</ul>
</div>
<div class="paragraph">
<p>Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_server_administration_guide/paz_json_pdp_api_flow.html#json_pdp_query_requests" class="xref page">Query requests</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="improved-handling-of-null-values-in-redis"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#improved-handling-of-null-values-in-redis"></a>Improved handling of null values in Redis</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">PAZ-19569</span></p>
</div>
<div class="paragraph">
<p>We’ve enhanced the Redis attribute cache to handle missing or null values more gracefully, with improved validation and clearer logging to simplify troubleshooting and improve system stability.</p>
</div>
</div>
<div class="sect2">
<h3 id="added-more-control-over-response-timestamp-precision"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#added-more-control-over-response-timestamp-precision"></a>Added more control over response timestamp precision</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">PAZ-20713</span></p>
</div>
<div class="paragraph">
<p>We’ve added a new Policy Decision Service configuration property, <code class="codeph">use-microseconds-timestamp</code>, which allows you to enforce microsecond-precision timestamps for <code class="codeph">governance-engine</code> API responses. This option improves compatibility with clients that expect legacy timestamp formats.</p>
</div>
<div class="paragraph">
<p>Learn more in <a href="https://docs.pingidentity.com/pingauthorize/pingauthorize_server_administration_guide/paz_json_pdp_api_flow.html#json_pdp_response" class="xref page">JSON PDP API response format</a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="enabled-default-condition-short-circuiting-in-the-policy-editor"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#enabled-default-condition-short-circuiting-in-the-policy-editor"></a>Enabled default condition short-circuiting in the Policy Editor</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">PAZ-18291</span></p>
</div>
<div class="paragraph">
<p>Compound conditions in the Policy Editor now short-circuit by default, matching the existing behavior of the PingAuthorize Server. This ensures that policy evaluation stops as soon as a condition is met, improving performance and providing a consistent experience between policy testing and decision runtime.</p>
</div>
</div>
<div class="sect2">
<h3 id="optimized-setup-behavior-for-modern-jvms"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#optimized-setup-behavior-for-modern-jvms"></a>Optimized <code class="cmdname">setup</code> behavior for modern JVMs</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">DS-50603</span></p>
</div>
<div class="paragraph">
<p>For new installations, <code class="cmdname">bin/setup</code> no longer sets the JVM option <code class="codeph">ConcGCThreads</code>, allowing modern JVMs to select the optimal value automatically.</p>
</div>
</div>
<div class="sect2">
<h3 id="improved-policy-query-performance"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#improved-policy-query-performance"></a>Improved policy query performance</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">PAZ-13111</span></p>
</div>
<div class="paragraph">
<p>We’ve improved the performance of policy queries by applying an optimization pass that significantly reduces the size of internal policy structures.</p>
</div>
</div>
<div class="sect2">
<h3 id="added-server-out-files-to-csd-archives"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#added-server-out-files-to-csd-archives"></a>Added <code class="filepath">server.out</code> files to CSD archives</h3>
<div class="paragraph">
<p><span class="ping_changetype-improved">Improved</span>
<span class="ping_ticket">SUPP-441</span></p>
</div>
<div class="paragraph">
<p>To add details about the server state before shutdown, the <code class="cmdname">collect-support-data</code> tool now includes up to five of the latest timestamped <code class="filepath">server.out</code> files in the CSD archive.</p>
</div>
</div>
<div class="sect2">
<h3 id="improved-expired-certificate-handling-for-tls-negotiation"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#improved-expired-certificate-handling-for-tls-negotiation"></a>Improved expired certificate handling for TLS negotiation</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">DS-49269, DS-49270</span></p>
</div>
<div class="paragraph">
<p>We’ve fixed an issue that could cause the server to select an expired certificate when performing TLS negotiation with an external server that has a key manager provider and requests a client certificate chain.</p>
</div>
<div class="paragraph">
<p>The server now presents an expired certificate only if the key store doesn’t include any certificate chains with currently valid certificates.</p>
</div>
<div class="paragraph">
<p>We’ve also added the <code class="codeph">ssl-cert-nickname</code> property to the external server configuration, which allows you to control which client certificate chain the server presents to that external server. If this property isn’t configured, the server attempts to automatically select an appropriate certificate chain.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-array-handling-in-spel"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-array-handling-in-spel"></a>Fixed array handling in SpEL</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">PAZ-12964</span></p>
</div>
<div class="paragraph">
<p>We’ve fixed an issue where a SpEL expression returning an array (such as from the <code class="codeph">.split()</code> function) would cause a <code class="codeph">PROCESSING_ERROR</code>. These results are now correctly handled as collections.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-an-issue-with-deployment-package-deletion"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-an-issue-with-deployment-package-deletion"></a>Fixed an issue with deployment package deletion</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">PAZ-5577</span></p>
</div>
<div class="paragraph">
<p>We’ve fixed an issue where deployment packages actively deployed to a deployment package store could be deleted. Now, to delete a deployment package, you must first deploy a different package to the relevant store.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-an-issue-with-policy-dependency-pagination"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-an-issue-with-policy-dependency-pagination"></a>Fixed an issue with policy dependency pagination</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">PAZ-18631</span></p>
</div>
<div class="paragraph">
<p>We’ve fixed an issue where the Policy Editor’s <code class="codeph">/dependencies</code> endpoint returned extraneous data, leading to incorrect pagination. The endpoint now reports only valid child policies, ensuring consistent and accurate results.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-an-issue-with-http-service-timeouts"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-an-issue-with-http-service-timeouts"></a>Fixed an issue with HTTP service timeouts</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">PAZ-20345</span></p>
</div>
<div class="paragraph">
<p>We’ve fixed an issue where HTTP Service calls would incorrectly time out after 10 seconds, even when a longer request timeout was configured.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-a-policy-editor-startup-issue"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-a-policy-editor-startup-issue"></a>Fixed a Policy Editor startup issue</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">PAZ-19762</span></p>
</div>
<div class="paragraph">
<p>We’ve fixed an issue in the admin point application configuration that could prevent the Policy Editor from starting properly.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-inconsistent-url-decoding"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-inconsistent-url-decoding"></a>Fixed inconsistent URL decoding</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">PAZ-20178</span></p>
</div>
<div class="paragraph">
<p>We’ve fixed an issue where inconsistent URL decoding could allow double-URL-encoded requests to bypass path-based access controls in API security gateway mode.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-an-issue-with-profile-replacement-in-topologies"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-an-issue-with-profile-replacement-in-topologies"></a>Fixed an issue with profile replacement in topologies</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">DS-50197</span></p>
</div>
<div class="paragraph">
<p>We’ve fixed an issue where using the <code class="cmdname">manage-profile</code> tool to replace a profile would fail if the new profile and original profile each contained topology external servers with identical names.</p>
</div>
</div>
<div class="sect2">
<h3 id="fixed-an-issue-with-performlocalcleanup-in-interactive-mode"><a class="anchor" href="https://docs.pingidentity.com/pingauthorize/release_notes/paz_release_notes_legacy_home.html#fixed-an-issue-with-performlocalcleanup-in-interactive-mode"></a>Fixed an issue with <code class="codeph">--performLocalCleanup</code> in interactive mode</h3>
<div class="paragraph">
<p><span class="ping_changetype-fixed">Fixed</span>
<span class="ping_ticket">DS-48553</span></p>
</div>
<div class="paragraph">
<p>Running <code class="cmdname">remove-defunct-server --performLocalCleanup</code> in interactive mode no longer attempts to establish a connection to another live server in the topology.</p>
</div>
</div>
</div>
]]></description>
        </item>
    </channel>
</rss>