PingFederate 11.3.3 (November 2023)

Security PF-34645

Fixed a potential security vulnerability described in security advisory SECADV040.

New PF-34440

PingFederate now supports using the Partitioned attribute to address third-party cookie issues with the iframe-based login widgets in Google Chrome.

Fixed PF-34322

Fixed an issue that was returning a 404 error if the /idp/startSLO.ping endpoint was hit while a virtual issuer was configured. You can now configure virtual issuers with a context path.

Fixed PF-34504

Clients that maintain a JWKS endpoint can now use private key JWT based authentication when requesting an access token.

Fixed PF-34606

Checking for existing but expired grants with DynamoDB no longer causes a null pointer exception error (NPE).

Fixed PF-34545

Fixed an issue preventing PingFederate from closing connections after receiving a 401 or 403 response from PingOne MFA.

Fixed PF-33466

You can now turn off server-side sorting for LDAP requests related to outbound provisioning, which can improve performance in some environments.

Configure this option using the ProvisionWithServerSort parameter in the com.pingidentity.common.util.ldap.LDAPUtil.xml file.

Fixed PF-34433

You can now copy and paste a policy contract below a selector node.

Fixed PF-34536

Fixed an issue where decryption of an encrypted SAML element could fail if a KeyName was specified.

Security PF-34646

Fixed a Server-Side Request Forgery vulnerability in the Initial Setup Wizard described in security advisory SECADV041.

Fixed PF-34077

We fixed a defect that caused PingFederate to check every certificate when loading certificate-related pages in the administrative interface, which slowed down performance.

Improved