PingFederate 11.0.1 (January 2022)

New features and enhancements

Rolling grace period for refresh tokens

Improved

When PingFederate rotates a refresh token, if the client fails to get the new token, now PingFederate can accept the previous token for the short period that you specify with the Refresh Token Rolling Grace Period setting.

Performance improvement

Info

Improved performance of the administrative console when a large number of OAuth clients are stored in LDAP or JDBC datastores.

URL region of the PingOne home button

Info PingOne

When configuring the URL of the PingOne home button in the PingFederate administrative console, now pf.pingone.admin.url.region in run.properties supports Canada as a region.

AWS CloudHSM client

Info

PingFederate can be successfully integrated with AWS CloudHSM client version 3.4.4.

Resolved issues

Resolved a potential security vulnerability

Security PF-30450

Resolved a potential security vulnerability that is described in security bulletin SECBL021.

Updated Apache Log4j2

Security PF-30536

Resolved a potential security vulnerability by updating Apache Log4j2 to version 2.17.1.

Authenticating PingDirectory users

Fixed PF-30557 PingDirectory

Resolved an issue that allowed PingDirectory users to authenticate with expired passwords.

Certificate revocation list checks

Fixed PF-30637

Resolved an issue that caused certificate revocation list (CRL) checks to return "issuer not found in trusted CAs store" even though the issuer certificate is present.

PingFederate Server