PingFederate 11.2.9 (April 2024)

Security PF-34720

Fixed a JSON injection vulnerability in REST datastores described in security advisory SECADV044.

Security PF-34896

Fixed a path traversal vulnerability in Runtime nodes described in security advisory SECADV044.

Security PF-35081

Fixed a Cross-Site Scripting vulnerability in the OpenID Connect Policy Management Editor described in security advisory SECADV044.

Fixed PF-33368

Fixed a defect that caused performance issues for PingFederate when third-party logging services were slow to consume logging events.

Fixed PF-34879

Fixed a defect that caused PingFederate to fail on startup when installed on a Red Hat Enterprise Linux (RHEL) server with OS-levels FIPS enabled.