--- title: PingDirectory suite of products 10.1.0.5 (February 2026) description: Fixed DS-50632 PingDirectory component: pingdirectory version: 10.1 page_id: pingdirectory:release_notes:pd_ds_rn_10105 canonical_url: https://docs.pingidentity.com/pingdirectory/10.1/release_notes/pd_ds_rn_10105.html llms_txt: https://docs.pingidentity.com/pingdirectory/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md section_ids: fixed-a-critical-ldap-request-issue: Fixed a critical LDAP request issue improved-expired-certificate-handling-for-tls-negotiation: Improved expired certificate handling for TLS negotiation fixed-an-issue-with-fips-compliant-server-upgrades: Fixed an issue with FIPS-compliant server upgrades fixed-an-issue-with-the-changelog-password-encryption-plugin: Fixed an issue with the Changelog Password Encryption plugin fixed-an-upgrade-issue-for-servers-without-a-userroot-backend: Fixed an upgrade issue for servers without a userRoot backend fixed-an-issue-with-performlocalcleanup-in-interactive-mode: Fixed an issue with --performLocalCleanup in interactive mode --- # PingDirectory suite of products 10.1.0.5 (February 2026) ## Fixed a critical LDAP request issue Fixed DS-50632 PingDirectory We fixed a critical server issue where some LDAP requests failed with a `ConcurrentModificationException` in the `AuthenticationInfo` module. | | | | - | ----------------------------------------------------------------------- | | | This issue was introduced in version 10.1.0.0. Update affected servers. | ## Improved expired certificate handling for TLS negotiation Fixed DS-49269, DS-49270 PingDirectory, PingDirectoryProxy, PingDataSync We fixed an issue that could cause the server to select an expired certificate when performing TLS negotiation with an external server that has a key manager provider and requests a client certificate chain. The server now presents an expired certificate only if the key store doesn't include any certificate chains with currently valid certificates. We also added the `ssl-cert-nickname` property to the external server configuration, which allows you to control which client certificate chain the server presents to that external server. If this property isn't configured, the server attempts to select an appropriate certificate chain automatically. ## Fixed an issue with FIPS-compliant server upgrades Fixed DS-50372 PingDirectory, PingDirectoryProxy, PingDataSync We fixed an issue with server upgrades failing for FIPS-compliant servers running in a Linux environment with native FIPS mode enabled. You can identify this upgrade failure by the following error message: `Error initializing update: Error determining build information for the server at /opt/PingDirectory: 1. Output from /opt/PingDirectory/bin/status -F was: .` ## Fixed an issue with the Changelog Password Encryption plugin Fixed DS-50457 PingDirectory We fixed an issue where the Changelog Password Encryption plugin didn't add encrypted attributes to the changelog for entries created with the Generate Password request control. ## Fixed an upgrade issue for servers without a `userRoot` backend Fixed DS-50541 PingDirectory We fixed an issue that caused upgrades for servers running version 10.0.0.x or later with no `userRoot` backend to fail. During an upgrade, the update tool tried to delete some configuration entries for inverted static group support that didn't exist. ## Fixed an issue with `--performLocalCleanup` in interactive mode Fixed DS-48553 PingDirectory, PingDirectoryProxy, PingDataSync Running `remove-defunct-server --performLocalCleanup` in interactive mode no longer attempts to establish a connection to another live server in the topology.