PingCentral 2.2 (December 2024)

Improved PASS-7028

Previously, trusted OGNL expressions could only be assigned to applications one at a time. Now, a Select All checkbox is available to select all applications and assign the selected trusted OGNL expression to them.

Improved PASS-7029

Previously, PingCentral did not allow the signing and encryption certificate the same, which is allowed in PingFederate. When application owners tried to promote and upload the same certificate and use it for both the signing and encryption certificate, users received validation errors. Now, the same certificates can be used in PingCentral.

Improved PASS-7019

Spring Security has been upgraded from version 5.7.11 to prevent future false-positive scan alerts. Learn more about this upgrade in CVE-2024-22257: Possible Broken Access Control in Spring Security With Direct Use of AuthenticatedVoter in the Spring documentation.

Fixed PASS-7020

A number of third-party libraries have been updated to address Common Vulnerabilities and Exposures (CVEs) reported in these libraries. These CVEs were not exploitable, but they were updated to avoid unnecessary concerns.

Fixed PASS-7023

Previously, when upgrading from PingCentral 2.0.2 to 2.1.0, users received a warning message regarding their APIs. This issue has been resolved, and this message no longer displays when the upgrade is performed.

Fixed PASS-7026

Previously, when users tried to delete SAML applications, either through the PingCentral UI or API, and they selected the Delete from PingFederate in all environments option, the application was not deleted in PingFederate. This issue has been resolved and now works as expected.

Fixed PASS-7027

Previously, when syncing a PingCentral application with a server-side PingFederate application, data within the advancedEditPromotionJson field was being deleted. This issue has been resolved, and the data within that field is now preserved.