PingAuthorize 9.3.0.6 (August 2024)

Added support for a new signature algorithm

New

We added support for Elliptic Curve Digital Signature Algorithm (ECDSA)-encoded signatures for JWT tokens when using the Has Valid Signature For JWKS and Has Invalid Signature For JWKS attribute comparators. Learn more in Conditions.

Fixed a Policy Editor UI issue

Fixed PAZ-12736

We fixed an issue where, in some cases, when selecting a scenario in entity testing or in the Test Suite with a large number of scenarios already defined, the Policy Editor UI would repeatedly flicker.

Fixed a PingAuthorize Server performance issue

Fixed PAZ-13013

We fixed an issue where, when using PingAuthorize Server’s API security gateway in embedded PDP mode, policy decision logging could cause a memory leak and negatively impact the performance of long-running server instances.

Fixed an issue with PIP keystore service calls

Fixed PAZ-12014

We fixed an issue where, when making a service call with a policy information provider key store for MTLS configured and the Server (TLS) option set to None or Default, the service would incorrectly return a Client TLS certificate is required error.

Fixed an issue with HTTP service log messages

Fixed PAZ-12454

We fixed an issue where the status field of an HTTP service log message would include a status message, such as OK, rather than a status code.

Fixed error response handling in `APP WARN`

Fixed PAZ-10350

We fixed an issue where the HTTP Service Executor was not properly capturing error messages in the APP WARN logs for the policy information provider (PIP) endpoint.

Fixed an issue with HTTP service requests

Fixed PAZ-12145

We fixed an issue where, when making HTTP service calls, the policy decision point would incorrectly assign default values to the request body and content-type header.

PingAuthorize