PingFederate 11.2.8 (December 2023)

Configurable option to turn on/off plugin creation and initialization during PingFederate startup.

New PF-34640

Added the ConfigurePluginsOnStartup variable to the config-store file.

Default value of true creates and initializes plugins during startup. false prevents creation and initialization of plugins, which can reduce startup time.

Improved OGNL expression logging

Improved PF-34050

The administrator audit log file (admin.log) now logs any OGNL expression tests performed and the expression variables used with an event type of TEST_EXPRESSION.

For more information, see Administrator audit logging

Resolved a vulnerability in the Initial Setup Wizard

Security PF-34646

Fixed a Server-Side Request Forgery vulnerability in the Initial Setup Wizard described in security advisory SECADV041.

PingFederate systematically adds server-side sort control

Fixed PF-33466

You can now turn off server-side sorting using a configuration option.

Updating OAuth clients with dynamic client registration

Fixed PF-34146

Fixed a defect where an OAuth client created with dynamic client registration (DCR) couldn’t be updated with DCR after it was modified with the administrative console.

Unable to deobfuscate chunked grant value with character length of 682

Fixed PF-34839

Fixed a defect where PingFederate was unable to deobfuscate grant attributes for a small group of users in OAuth flows.

PingFederate Server