PingCentral 3.1 (April 2026)
Administrators can now configure signature policies for SAML SP connections
New PASS-7155
Administrators can now configure signature policies for SP connections when they create templates and applications, and promote applications to PingCentral environments.
Previously, PingFederate administrators had to configure the signature policies after the applications were promoted to PingFederate, which interrupted their workflow and caused unnecessary delays in the process.
Note that signature policy configurations are only visible if the corresponding profiles and artifact binding are enabled in the underlying PingFederate SP connection. To learn more, refer to step 8 in Adding SAML application templates.
OpenJDK version requirements if using FIPS-compliant mode
Info PASS-7204
If the FIPS-compliant mode is enabled and OpenJDK 21 is being used, OpenJDK version 21.0.10 or higher is required.
Security vulnerability fixed
Fixed PASS-1323
We’ve fixed the client-side security vulnerability in DOM-based XSS in redirect URI definitions.
Apache Commons Compress updated
Fixed PASS-5852
The Apache Commons Compress has been updated to version 1.26, which resolved the security vulnerability that affected versions 1.0 to 1.21. You can find more information about the CVE-2021-36090 vulnerability on the National Vulnerability Database site.
Moment.js updated
Fixed PASS-6410
Moment.js has been updated to version 2.29.4, which resolved the path traversal vulnerability that affected versions 1.0.1 to 2.29.1. You can find more information about the CVE-2022-24785 vulnerability on the National Vulnerability Database site.
Option to download SAML IdP metadata issue fixed
Fixed PASS-7017
We’ve fixed the Promotion Details page so that it now displays the option to download the SAML IdP metadata if the application was promoted directly from the JSON file.
Swagger UI library updated
Fixed PASS-7021
The Swagger UI library has been updated from version 2.9.2 to 3.23.11 to prevent future false-positive scan alerts. You can find more information about the CVE-2019-17495 vulnerability on the National Vulnerability Database site.
Swagger.json fixed
Fixed PASS-7132
We’ve fixed the swagger.json endpoint, and it now returns information about the Admin API as expected.
API loading issues resolved
Fixed PASS-7163
We’ve fixed the issue where users encountered a continuous loading screen when they tried to access the API. The API now works as expected and returns a response.
H2 database updated
Fixed PASS-7070
The H2 database has been updated to version 2.2.220, which resolved the security vulnerability that affected version 2.1.210. You can find more information about the CVE-2022-45868 vulnerability on the National Vulnerability Database site.
Hibernate library updated
Fixed PASS-7172
The hibernate-ehcache library is no longer used, which resolved the security vulnerability. You can find more information about the CVE-2026-0603 vulnerability on the National Vulnerability Database site.
Socket Appender in Apache Log4j updated
Fixed PASS-7174
The Socket Appender in Apache Log4j has been updated to version 2.25.3, which resolved the security vulnerability that affected versions 2.0-beta9 through 2.25.2. You can find more information about the CVE-2025-68161 vulnerability on the National Vulnerability Database site.