PingFederate Server

PingFederate 12.2.6 (November 2025)

Resolved issues

PingFailoverAppender race condition

Fixed PF-37816

We’ve fixed a defect where a race condition could cause the PingFailoverAppender to get stuck in a failed state without switching back to its primary appender.

Virtual hostname accuracy in email notifications

Fixed PF-37964

We’ve fixed a defect where a template variable incorrectly used the primary PingFederate base URL instead of the virtual hostname in some email notifications.

URL validation for RelayState

Fixed PF-38028

We’ve fixed a defect where PingFederate would reject requests with valid, non-encoded relay state values.

Apache Commons BeanUtils and Commons Compress

Fixed PF-38029

PingFederate now uses the Apache Commons BeanUtils library version 1.11.0 and the Apache Commons Compress library version 1.26.1.

HTML flow login and Authentication API

Fixed PF-38039

We’ve fixed a defect that could potentially allow a user to access an HTML browser sign-on page when the Authentication API redirectless mode is used.

Learn more in PingFederate unexpected template rendering in redirectless mode in the Ping Identity Support Knowledge Base.

LDAP account lockout

Fixed PF-38043

We’ve fixed a defect where PingFederate could incorrectly lock user accounts during an LDAP connectivity failure with Active Directory. This fix applies to all LDAP datastore types except for Generic LDAP.

IdP Adapter duplicate attribute sources

Fixed PF-38060

We’ve fixed a defect that caused IdP adapters to duplicate attribute sources when an SP connection was updated using the Admin API.

Corrected null SaasGuid

Fixed PF-38244

We’ve fixed a provisioning defect where disabled users weren’t provisioned once their account was enabled and the Provision Disabled Users setting was set to false.