PingFederate 12.1.1 (July 2024)

Resolved issues

Axis1 patch

Security PF-35631

Included a patch to address multiple vulnerabilities related to Apache Axis1.

Refresh token rolls when configured not to roll

Fixed PF-35166

Fixed a defect that caused PingFederate to roll refresh tokens when Refresh Token Rolling Policy is disabled but Refresh Token Rolling Interval has a value.

Provisioning group changes continue after user changes failure

Fixed PF-35304

Fixed a defect that caused the provisioner to propagate group updates even if user updates didn’t finish.

OAuth client only validates one access token manager when `aud` parameter included

Fixed PF-35737

Fixed a defect that caused PingFederate to validate only the first OAuth client access token manager it found when Validate Against All Eligible Access Token Managers was checked, and the aud parameter was included in the request.

Custom adapter not returning IPv4 addresses

Fixed PF-35783

Fixed a defect where PingFederate failed to return IPv4 addresses in a custom adapter request using the request.getRemoteAddr() method.

Context SRI attribute mapping failure

Fixed PF-35800

Fixed a defect that caused PingFederate to fail to map new attributes added to an existing access token manager to the Context SRI.

Error message after user session expires

Fixed PF-35815

Fixed a defect that caused PingFederate to present an error message when user tries to sign on again after a session expires due to inactivity.

PingFederate Server