--- title: PingAuthorize 9.3.0.0 (June 2023) description: New component: pingauthorize version: 9.3 page_id: pingauthorize:release_notes:paz_release_notes_93 canonical_url: https://docs.pingidentity.com/pingauthorize/9.3/release_notes/paz_release_notes_93.html revdate: February 5, 2025 section_ids: exercise-fine-grained-control-over-policy-editor-changes-using-self-governance: Exercise fine-grained control over Policy Editor changes using self-governance simpler-oauth-token-handling-for-pips-using-http-services: Simpler OAuth token handling for PIPs using HTTP services copy-policy-editor-entities-for-faster-configuration: Copy Policy Editor entities for faster configuration new-authorization-comparators-for-ip-subnet-ranges: New authorization comparators for IP subnet ranges added-a-property-that-lets-you-control-servlet-information: Added a property that lets you control servlet information apache-camel-services-have-been-removed: Apache Camel services have been removed validate-token-signatures-and-claims-in-policy: Validate token signatures and claims in policy better-control-over-statements-in-decision-outcomes: Better control over statements in decision outcomes add-parent-resolvers-to-attributes-more-quickly: Add parent resolvers to attributes more quickly better-targeting-for-regex-replace-attributes: Better targeting for regex-replace-attributes clarified-warn-logs-by-migrating-slow-methods: Clarified WARN logs by migrating slow methods more-resilient-audit-logging-in-the-policy-editor: More resilient audit logging in the Policy Editor timeouts-improved-for-replication-enable-and-remove-defunct-server-operations: Timeouts improved for replication enable and remove defunct server operations improved-how-a-backup-of-the-config-backend-is-handled: Improved how a backup of the config backend is handled added-a-missing-field-value-in-policy-editor-audit-logging: Added a missing field value in Policy Editor audit logging fixed-the-add-statement-list-display: Fixed the Add Statement list display corrected-the-linking-behavior-for-identity-properties: Corrected the linking behavior for Identity Properties fixed-a-nullpointerexception-for-uris-without-hosts: Fixed a NullPointerException for URIs without hosts --- # PingAuthorize 9.3.0.0 (June 2023) ## Exercise fine-grained control over Policy Editor changes using self-governance New Build self-governance policies to manage access to your Policy Editor entities and operations. This allows you to protect against unauthorized or accidental application policy changes. For more information, see [Self-governance](../pingauthorize_policy_administration_guide/paz_self_gov.html). ## Simpler OAuth token handling for PIPs using HTTP services New To reduce configuration complexity and time to production when connecting to HTTP services that require OAuth authentication, configure the Client Credentials flow to handle tokens directly from a token endpoint. For more information, see [HTTP services](../pingauthorize_policy_administration_guide/paz_http_services.html). ## Copy Policy Editor entities for faster configuration New To build your authorization logic more quickly and accurately, you can make editable copies of many of your Policy Editor entities, including items in the Trust Framework, Policy Manager, and Library. For more information, see [Copying Policy Editor entities](../pingauthorize_policy_administration_guide/paz_entity_copy.html). ## New authorization comparators for IP subnet ranges New With the new **In CIDR Block** and **Not In CIDR Block** comparators, you can check whether a user's IP address is in, or not in, a defined subnet range. These comparators make it easier to add network information checks to your zero trust policies. IPv4 and IPv6 addresses are supported. For more information, see [Conditions](../pingauthorize_policy_administration_guide/paz_conditions.html). ## Added a property that lets you control servlet information New Added the `include-servlet-information-in-error-pages` configuration property to give you control over whether servlet information gets printed on HTTP error pages or remains hidden (by default). ## Apache Camel services have been removed Info To enhance overall security for PingAuthorize, Camel services have been removed from the default configuration. If your policies depend upon Camel, see [Apache Camel availability](../_orphan_files/paz_camel_availability.html) for more information. ## Validate token signatures and claims in policy Improved You can now validate JWT signatures and claims in the authorization layer, adding defense in depth and allowing you to build policy and rule logic around genuine tokens. Enhances support for PDP API use cases. For more information, see [Conditions](../pingauthorize_policy_administration_guide/paz_conditions.html). ## Better control over statements in decision outcomes Improved You now have more control over whether statements are included in decision outcomes and the way statements propagate through decision evaluations. This makes it easier to provide information in decision responses, such as reasons for both `permit` and `deny` decisions and risk evaluation feedback. For more information, see [Statements](../pingauthorize_policy_administration_guide/paz_advice.html). ## Add parent resolvers to attributes more quickly Improved To reduce the number of clicks needed to add a parent resolver to a Trust Framework attribute, we added the **[icon: plus, set=fa]Add Parent Resolver** button. ## Better targeting for `regex-replace-attributes` Improved We added the ability to target individual attributes using the `regex-replace-attributes` statement for a more precise modification of the payload. For more information, see [Regex Replace Attributes](../pingauthorize_policy_administration_guide/paz_regex_replace_attrs.html). ## Clarified `WARN` logs by migrating slow methods Improved We made `WARN` logging easier to interpret by changing the logging level for slow methods from `WARN` to `DEBUG`. ## More resilient audit logging in the Policy Editor Improved We updated the default configuration for the `decision-audit` log to make audit logging more resilient. ## Timeouts improved for replication enable and remove defunct server operations Improved Improved various timeouts for replication enable and remove defunct server operations to scale with the size of the topology. Smaller sized topologies should not be impacted by these changes. ## Improved how a backup of the config backend is handled Improved If during a backup of the config backend, a file is deleted from the `config/archived-configs` directory, that deleted file will now be ignored instead of causing the backup to fail. ## Added a missing field value in Policy Editor audit logging Fixed PAZ-7026 We fixed an audit logging issue where `ADMIN_POINT_AUDIT` was not logging the `operation` field. ## Fixed the **Add Statement** list display Fixed PAZ-801 We fixed a display issue where the **Add Statement** drop-down list was running off of the page and couldn't be fully accessed. ## Corrected the linking behavior for **Identity Properties** Fixed PAZ-4247 We fixed an issue where clicking the linked **Identity Properties** in **Identity Classes** or **Identity Providers** didn't open the **Identity Properties** editor. ## Fixed a NullPointerException for URIs without hosts Fixed PAZ-7826 We fixed an issue where JSON response bodies containing URIs without hosts would produce a `NullPointerException` when PingAuthorize was configured in gateway mode.