PingFederate 11.3.5 (February 2024)
Resolved issues
Rest datastore security vulnerability
Security PF-34720
Fixed a JSON injection vulnerability in REST datastores described in security advisory SECADV044.
Runtime nodes security vulnerability
Security PF-34896
Fixed a path traversal vulnerability in Runtime nodes described in security advisory SECADV044.
OpenID Connect policy management editor security vulnerability
Security PF-35081
Fixed a Cross-Site Scripting vulnerability in the OpenID Connect Policy Management Editor described in security advisory SECADV044.
GET SAML request signature processing error
Fixed PF-34641
Fixed a defect where SAML request using HTTP GET method with multiple signature-related parameters encoded in the RelayState parameter were causing errors in processing signature validation.
NPE notification error
Fixed PF-34813
Fixed a defect that caused PingFederate to issue null pointer exception (NPE) errors when querying the token endpoint.
Reencyption causes connection or client to fail on engine
Fixed PF-34409
Fixed a defect where changes made on the administrative console were not replicated to the engine during reencryption.
JMX registration failure for imported archives
Fixed PF-34796
Fixed a defect that caused the JMX monitoring to fail to register archive files that are imported to PingFederate.
Content type changes if well_known endpoint response is too large
Fixed PF-34865
Fixed a defect that caused the content-type of a response from the well_known endpoint to change from JSON to HTML if a response is too large.
RHEL 8 using OS-level FIPS causes PingFederate failure
Fixed PF-34879
Fixed a defect that caused PingFederate to fail on startup when installed on a Red Hat Enterprise Linux (RHEL) server with OS-levels FIPS enabled.