--- title: New features description: For previous releases, the information could be outdated or superseded. component: pingidm version: 8.1 page_id: pingidm:release-notes:whats-new canonical_url: https://docs.pingidentity.com/pingidm/8.1/release-notes/whats-new.html keywords: ["Deployment", "Identities", "Compatibility", "Security"] section_ids: idm_8_1: IDM 8.1 wn-end-user-ui-810: IDM end-user UI wn-platform-admin-ui-810: Platform admin UI for standalone IDM wn-cluster-standby-mode: Cluster standby mode wn-user-agent-property-810: openidm.http.client.userAgent property wn-flowable-upgrade-720-810: Workflow engine upgrade wn-quartz-scheduler252-810: Quartz Scheduler upgraded to 2.5.2 wn-want-client-auth-810: wantClientAuth support for Jetty listeners enum_support: enum support wn-otel-logging-810: OpenTelemetry logging wn-otel-log-appender-810: OpenTelemetryAppender in logback.xml wn-sync-mappings-paging-810: Paging for the sync/mappings endpoint wn-task-scanner-exception-810: Improved task scanner exception handling wn-bc-fips-upgrade-810: Bouncy Castle FIPS upgrade wn-jetty-qos-handler-810: Jetty QoSHandler and configuration properties wn-jetty-qos-handler-metrics-810: Jetty QoSHandler metrics wn-sni-host-check-810: Jetty Server Name Indication (SNI) host check wn-jetty-metrics-810: Jetty thread pool and request metrics wn-atob-btoa-global-scripts-81: Base64 atob and btoa global script bindings wn-liveness-endpoint-810: Liveness endpoint wn-health-ready-endpoint-810: Readiness endpoint wn-connector-server-status-metric-810: Connector server status metric wn-pending-connector-request-metric-provisioner-tags-810: Pending connector request metric and provisioner metric tags idm_8_0_1: IDM 8.0.1 wn-enduser-ui-801: End-user UI install guide wn-bc-fips-upgrade-801: Bouncy Castle FIPS upgrade wn-sni-host-check-801: Jetty Server Name Indication (SNI) host check idm_8_0: IDM 8.0 wn-audit-watchedfields-wildcard-80: Wildcard support for activity audit watchedFields secure_rcs_access: Secure RCS access bouncy-castle-fips-1403-compliance: Bouncy Castle FIPS 140-3 compliance distributed-tracing-ot-80: Distributed tracing with OpenTelemetry jetty-12-support-80: Jetty 12 support new-array-comparison-80: Array comparison wn-logback: Logback java_21_support: Java 21 support new-health-endpoint-80: Audit-free health check new-icf-metrics-80: Additional metrics new-fs-automatic-encryption: Filesystem secret store automatic encryption secret-rotation-80: Store credentials as secrets wn-parameter-authorization-80: _api parameter requires authorization idm_7_5_2: IDM 7.5.2 improved_task_scanner_exception_handling: Improved task scanner exception handling idm_7_5_1: IDM 7.5.1 wn-parameter-authorization-751: _api parameter requires authorization secure_rcs_access_2: Secure RCS access new-array-comparison-751: Array comparison jetty-12-support-751: Jetty 12 support idm_7_5_0: IDM 7.5.0 connectors: Connectors whats-new-international-email: International email addresses custom-relationships: Custom relationship properties secret-rotation: Store credentials as secrets secret-versioning: Version file system secrets enhanced-signal-propagation: Enhanced signal propagation whats-new-flowable-upgrade-680-75: Workflow engine upgrade connect_to_ds_with_scriptedrest_sample_supports_client_credentials_grant_type: Connect to DS with ScriptedREST sample supports client_credentials grant type end_user_ui_supports_array_properties: End User UI supports array properties idm_7_4_3: IDM 7.4.3 improved_task_scanner_exception_handling_2: Improved task scanner exception handling idm_7_4_2: IDM 7.4.2 international_email_addresses: International email addresses secure_rcs_access_3: Secure RCS access new-array-comparison-742: Array comparison wn-parameter-authorization-74: _api parameter requires authorization jetty-12-support-74: Jetty 12 support java-17-support-74: Java 17 support idm_7_4_1: IDM 7.4.1 idm_7_4_0: IDM 7.4.0 whats-new-filesystem-secrets: Filesystem secret stores whats-new-msgraph-email-client: Microsoft Graph API email client whats-new-metrics: Additional metrics new-script-countonly: Script support for countOnly queries mtls-auth-to-ds: mTLS for authentication to DS idm_7_3_3: IDM 7.3.3 improved_task_scanner_exception_handling_3: Improved task scanner exception handling idm_7_3_2: IDM 7.3.2 international_email_addresses_2: International email addresses secure_rcs_access_4: Secure RCS access new-array-comparison-732: Array comparison wn-parameter-authorization-73: _api parameter requires authorization jetty-12-support-73: Jetty 12 support java-17-support-73: Java 17 support idm_7_3_1: IDM 7.3.1 whats-new-flowable-upgrade-680-73: Workflow engine upgrade end_user_ui_supports_array_properties_2: End User UI supports array properties idm_7_3_0: IDM 7.3.0 whats-new-bouncy-castle-fips: Support for Bouncy Castle FIPS whats-new-prop-based-secret-stores: Support for UTF-8 email addresses disable_delegated_administrator_sort_and_filter_while_searching: Disable delegated administrator sort and filter while searching workflows_now_support_javascript: Workflows now support JavaScript patch_operation_improvements: Patch operation improvements improvements_to_the_system_endpoint: Improvements to the /system endpoint new_sync_mapping_configuration_fields: New sync mapping configuration fields idm_7_2_2: IDM 7.2.2 support_for_upgrading_ds_to_later_version_than_idm: Support for upgrading DS to later version than IDM idm_7_2_1: IDM 7.2.1 idm_7_2_0: IDM 7.2.0 property_based_secret_stores: Property-based secret stores activate-deactivate-tasks: Scanning tasks to activate and deactivate accounts whats-new-sendTemplate-cc-bcc: external/email endpoint improvements whats-new-workflow: Workflow improvements policy_validation_for_field_removal: Policy validation for field removal relationship_derived_virtual_properties_rdvp_improvements: Relationship-derived Virtual Properties (RDVP) improvements ad_password_synchronization_plugin_utc_timestamps: AD Password Synchronization Plugin UTC timestamps bootstrap_idm_without_stored_configuration: Bootstrap IDM without stored configuration api_version_header_warnings: API version header warnings reconciliation_enhancements: Reconciliation enhancements assignment_synchronization_optimization: Assignment synchronization optimization query_filtering_on_arrays: Query filtering on arrays additional_metrics: Additional metrics idm_7_1_6: IDM 7.1.6 idm_7_1_4: IDM 7.1.4 idm_7_1_2: IDM 7.1.2 idm_7_1: IDM 7.1 sample_connection_to_azure_ad_with_the_ms_graph_api_connector: Sample connection to Azure AD with the MS Graph API connector password_sync_plugins: Password sync plugins active_directory_password_synchronization_plugin_utc_timestamps: Active Directory Password Synchronization Plugin UTC timestamps active_directory_password_synchronization_plugin_infinite_loop_prevention: Active Directory Password Synchronization Plugin infinite loop prevention active_directory_password_synchronization_plugin_configurable_max_retries: Active Directory Password Synchronization Plugin configurable max retries active_directory_password_synchronization_plugin_search_filter: Active Directory Password Synchronization Plugin search filter support_for_am_bearer_tokens_in_the_ds_and_active_directory_password_synchronization_plugins: Support for AM Bearer Tokens in the DS and Active Directory Password Synchronization Plugins support_for_alternative_kba_answer_hashing: Support for alternative KBA answer hashing managed_object_default_values: Managed object default values support_for_rest_queries_on_array_properties_jdbc: Support for REST queries on array properties (JDBC) waitforcompletion_property_added_to_the_config_endpoint: waitForCompletion property added to the config endpoint api_endpoint_requires_admin_authentication: API endpoint requires admin authentication additional_query_types_in_jdbc_explicit_tables: Additional query types in JDBC explicit tables idm_7_0_4: IDM 7.0.4 idm_7_0_3: IDM 7.0.3 idm_7_0_2: IDM 7.0.2 idm_7_0_1: IDM 7.0.1 idm_7: IDM 7 password_sync_plugins_2: Password sync plugins active_directory_password_synchronization_plugin_utc_timestamps_2: Active Directory Password Synchronization Plugin UTC timestamps active_directory_password_synchronization_plugin_infinite_loop_prevention_2: Active Directory Password Synchronization Plugin infinite loop prevention active_directory_password_synchronization_plugin_configurable_max_retries_2: Active Directory Password Synchronization Plugin configurable max retries active_directory_password_synchronization_plugin_search_filter_2: Active Directory Password Synchronization Plugin search filter support_for_am_bearer_tokens_in_the_ds_and_active_directory_password_synchronization_plugins_2: Support for AM Bearer Tokens in the DS and Active Directory Password Synchronization Plugins access_configuration_over_rest: Access configuration over REST privilege_dynamic_filters: Privilege dynamic filters configurable_http_io_request_buffer: Configurable HTTP I/O request buffer filter_expanded_relationships: Filter expanded relationships deterministic_ecdsa_signatures_for_jwt: Deterministic ECDSA signatures for JWT debugging_information_for_groovy_scripts: Debugging information for Groovy scripts rest_api_versioning: REST API Versioning support_for_am_bearer_tokens: Support for AM bearer tokens notification_property_now_configurable: Notification property now configurable reconciliation_association_information: Reconciliation Association Information profile_completeness_endpoint: Profile completeness endpoint audit_logging_safelist: Audit logging safelist in_clause_for_queries: in clause for queries disposal_of_idle_poolable_connector_instances_icf: Disposal of idle poolable connector instances (ICF) separate_mapping_configuration_files: Separate mapping configuration files queued_sync_retry: Queued sync retry material_design_icon_added_to_managed_object_configuration: Material Design Icon added to managed object configuration additional_query_types_in_jdbc_explicit_tables_2: Additional query types in JDBC explicit tables config_properties_additions: config.properties additions archive: Archive security-advisories: Security advisories --- # New features For previous releases, the information could be outdated or superseded. ## IDM 8.1 ### IDM end-user UI A new IDM end-user UI is available from the [Backstage download site](https://backstage.forgerock.com/downloads). Deploy it behind a standalone Nginx server or as a Docker container built from the included `Dockerfile`. Learn more in [Install the end-user UI](../setup-guide/idm-enduser-ui.html). ### Platform admin UI for standalone IDM Standalone IDM now supports the Platform admin UI, the same UI used in Ping Identity Platform and PingOne Advanced Identity Cloud deployments. Download it as a separate artifact from the [Backstage download site](https://backstage.forgerock.com/downloads) and deploy it behind a standalone Nginx server or as a Docker container built from the included `Dockerfile`. Learn more in [Install the Platform admin UI for standalone IDM](../setup-guide/platform-admin-ui.html). ### Cluster standby mode You can configure IDM instances to boot in standby mode, where they don't process schedules, clustered reconciliation, or queued sync operations. Use the `openidm/cluster/active` endpoint to transition nodes between active and standby states on demand. Learn more in: * [Cluster standby mode](../install-guide/cluster-standby.html) * [Cluster activation endpoint](../rest-api-reference/endpoints/rest-cluster-active.html) ### `openidm.http.client.userAgent` property The `openidm.http.client.userAgent` property lets you customize the `User-Agent` header sent with [HTTP client](../setup-guide/http-client-config.html#new-user-agent-property) requests. If not specified, the default `"PingIdentity"` value is used. Request-level headers take precedence over both the IDM configuration and the default value. Learn more in [External REST configuration properties](../external-services-guide/external-rest.html#external-rest-properties-user-agent). ### Workflow engine upgrade The Flowable embedded workflow engine has been upgraded to [version 7.2.0](https://github.com/flowable/flowable-engine/releases/tag/flowable-7.2.0). If you're upgrading from a previous version of IDM and use workflow, this upgrade requires one or more incremental [upgrade scripts](../upgrade-guide/update-repo.html#upgrade-existing-repository). ### Quartz Scheduler upgraded to 2.5.2 The embedded Quartz Scheduler has been upgraded from version 2.3.2 to 2.5.2. This upgrade doesn't require any configuration change. ### `wantClientAuth` support for Jetty listeners A new setting, `wantClientAuth`, is available for `webserver.listener-*.json` configuration files to allow the server to request a client certificate during the TLS handshake without requiring it. This enables support for mixed traffic, allowing clients with or without certificates to connect on the same port. If a client provides a certificate, it must be valid; otherwise, the handshake fails. Learn more: * [Enable mixed client authentication](../security-guide/chap-connections.html#mixed-client-auth) * [Jetty property reference](../install-guide/idm-config-properties-jetty.html#jetty-property-reference) ### `enum` support Support for [managed object schema enumerations](../objects-guide/creating-modifying-managed-objects.html#enum-managed-object) in string and number attributes. To make an attribute an enumeration, add `"enum" : [ "one", "two", "three" ]` to the attribute. ### OpenTelemetry logging IDM now supports OpenTelemetry logging, which allows you to export logs in the [OpenTelemetry Protocol (OTLP)](https://github.com/open-telemetry/opentelemetry-proto/tree/main/docs) to an [OpenTelemetry collector](https://opentelemetry.io/docs/collector/). This is an evolving feature ([1](appendix-interface-stability.html#interface-stability)). Learn more in [OpenTelemetry logging](../monitoring-guide/opentelemetry-logging.html). ### `OpenTelemetryAppender` in `logback.xml` IDM now supports the `OpenTelemetryAppender` in the `logback.xml` configuration file. This appender writes formatted JSON logs to a collector using the OTLP protocol. Learn more in [Log appenders](../monitoring-guide/server-logs.html#log-appenders). ### Paging for the `sync/mappings` endpoint The `sync/mappings` endpoint now supports paging to better display large numbers of mappings. You can retrieve results in manageable chunks by using the `_pageSize` parameter with either cookie-based (`_pagedResultsCookie`) or offset-based (`_pagedResultsOffset`) paging. Learn more in [Paging synchronization mapping results](../synchronization-guide/mappings.html#sync-mapping-paging). ### Improved task scanner exception handling If the task scanner encounters a task that results in an exception, it now aborts only that task and continues processing the remaining tasks. Previously, the scanner would abort the entire process when any task caused an exception. ### Bouncy Castle FIPS upgrade The `bc-fips-2.1.2` library is now available. Learn more in [Download the Bouncy Castle libraries](../security-guide/security-bouncy-castle-fips.html#download-bouncy-castle-libraries). ### Jetty QoSHandler and configuration properties IDM now includes the [Jetty QoSHandler](https://jetty.org/docs/jetty/12/programming-guide/server/http.html#handler-use-qos) to limit the number of active concurrent requests. The handler is configured to use all but two threads to ensure requests to critical endpoints are always handled. New QoSHandler configuration properties are available in `webserver.json` to control the maximum number of requests and the amount of time a request can remain in the handler's queue: `maxQueueSize` and `maxRequestSuspendTime`. Learn more in [Jetty QoSHandler](../install-guide/idm-config-properties-jetty.html#config-jetty-qos-handler) and in [Jetty property reference](../install-guide/idm-config-properties-jetty.html#jetty-property-reference). ### Jetty QoSHandler metrics IDM's [metric collection endpoints](../monitoring-guide/metrics.html) now include [Jetty QoSHandler](../install-guide/idm-config-properties-jetty.html#config-jetty-qos-handler) metrics. Learn more about the [API](../monitoring-guide/api-metrics.html#api-jetty-qos-queue-count) and [Prometheus](../monitoring-guide/prometheus-metrics.html#prometheus-jetty-qos-queue-count) metrics that track the QoSHandler queue. ### Jetty Server Name Indication (SNI) host check A new setting, `sniHostCheckEnabled`, is available in the `webserver.listener-*.json` configuration files to control the Jetty SNI host check. Although not recommended for security reasons, disabling this check might be necessary in certain proxy configurations, such as SSL pass-through. Learn more in [Disable SNI host check](../security-guide/chap-connections.html#sni-host-check). ### Jetty thread pool and request metrics IDM's [metric collection endpoints](../monitoring-guide/metrics.html) now include Jetty thread pool and request metrics. Learn more in [API Jetty metrics](../monitoring-guide/api-metrics.html#api-jetty-metric-names) and [Prometheus Jetty metrics](../monitoring-guide/prometheus-metrics.html#prometheus-jetty-metric-names). ### Base64 `atob` and `btoa` global script bindings IDM now includes `atob` (Base64-decode) and `btoa` (Base64-encode) as global script bindings. This update provides common JavaScript utilities for Base64 operations, mitigating potential class-loading issues associated with using native Java packages or classes for these functions. Learn more in: * [Global utility functions](../scripting-guide/scripting-func-ref.html#global-utility-functions) * [Example script eval Base64 encode/decode](../rest-api-reference/endpoints/rest-scripts.html#script-base64-example) ### Liveness endpoint A new liveness endpoint, `openidm/health/live`, is available to indicate whether the IDM instance is running. This endpoint can be used in containerized environments, such as Kubernetes, to determine when to restart a container. The endpoint returns a `200 OK` status when IDM's required bundles are installed and started. Otherwise, it returns a `503 Service Unavailable` status. Learn more in [Liveness probe](../install-guide/system-healthcheck.html#liveness-probe). ### Readiness endpoint A new [readiness endpoint](../install-guide/system-healthcheck.html#readiness-probe), `openidm/health/ready`, is available to indicate whether the IDM instance is ready. This endpoint can be used in containerized environments, such as Kubernetes, to determine when a container is ready to accept traffic. The endpoint returns an HTTP `503` status code when the health check readiness state is `TEMPORARILY_UNAVAILABLE`, `CRITICAL`, or `HEALTHCHECK_UNKNOWN`. ### Connector server status metric A new metric is available to monitor the status of connector servers. This metric indicates whether a connector server is running (`1`) or not running (`0`), providing a way to track connector server health without making a POST call to the `system?_action=testConnectorServers` endpoint. * [API metric](../monitoring-guide/prometheus-metrics.html#prometheus-metric-names): `icf_connector_server_availability.rcsName.rcsType` * [Prometheus metric](../monitoring-guide/prometheus-metrics.html#prometheus-metric-names): `idm_icf_connector_server_availability` ### Pending connector request metric and provisioner metric tags IDM's [metric collection endpoints](../monitoring-guide/metrics.html) include a new metric to monitor the number of pending connector requests over the configured limit. The provisioner service also includes `connector_type`, `bundle_version`, and `location` metric tags. | | | | - | ------------------------------------------------------------------------------------------------------------ | | | Pending request gauges won't register until the associated `RequestType` has been invoked at least one time. | * [API metric](../monitoring-guide/api-metrics.html#icf-pending-provisioner-metric): `icf_pending.{connector-type}.{bundle-version}.{location}` * [Prometheus metric](../monitoring-guide/prometheus-metrics.html#idm-icf-pending-metric): `idm_icf_pending{bundle_version="{bundle_version}",connector="{connector}",connector_type="{connector_type}",location="{location}",operation="{operation}",system_identifier="{system_identifier}"}` ## IDM 8.0.1 ### End-user UI install guide The IDM end-user UI is available as a standalone downloadable artifact (`PingIDM-Enduser-UI-8.1.0.zip`) from the [Backstage download site](https://backstage.forgerock.com/downloads). For IDM 8.0.x deployments, use the end-user UI 8.1.0 artifact. Learn more in [Install the end-user UI](../setup-guide/idm-enduser-ui.html). ### Bouncy Castle FIPS upgrade The `bc-fips-2.1.2` library is now available. Learn more in [Download the Bouncy Castle libraries](../security-guide/security-bouncy-castle-fips.html#download-bouncy-castle-libraries). ### Jetty Server Name Indication (SNI) host check A new setting, `sniHostCheckEnabled`, is available in the `webserver.listener-*.json` configuration files to control Jetty's SNI host check. Although not recommended for security reasons, disabling this check might be necessary in certain proxy configurations, such as SSL pass-through. Learn more in [Disable SNI host check](../security-guide/chap-connections.html#sni-host-check). ## IDM 8.0 ### Wildcard support for activity audit `watchedFields` The `watchedFields` property in `conf/audit.json` now accepts a wildcard value (`["*"]`), which tells IDM to track changes to all managed object fields without listing them individually. Learn more in [Monitor specific activity log changes](../audit-guide/activity-log-watch-fields.html). ### Secure RCS access You can create stricter RCS authorization and access rules. To enable authorization for RCS, add an appropriate role to the static-user mapping used for the RCS subject and write the appropriate access rules to permit this role to be granted access to the `openicf` servlet on the path (pattern) corresponding to the RCS name used in the RCS configuration. Learn more in [Secure RCS access](../auth-guide/authorization-and-roles.html#secure-openicf-access). ### Bouncy Castle FIPS 140-3 compliance You can configure PingIDM to meet Federal Information Processing Standard (FIPS) 140-3 compliance standards. Learn more in [FIPS 140-3 compliance](../security-guide/security-bouncy-castle-fips.html). ### Distributed tracing with OpenTelemetry You can run a distributed trace in PingIDM using OpenTelemetry and export the data to an external trace collector for telemetry storage and visualization. Learn more in [Distributed tracing](../monitoring-guide/distributed-tracing.html). ### Jetty 12 support The embedded Jetty web server supports Jetty 12. Instead of `jetty.xml`, the updated configuration uses a `webserver.json` for global settings and a `webserver.listener-*.json` to detect changes. Learn more in [Embedded Jetty configuration](../install-guide/appendix-jetty.html). | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | When serving SSL requests, Jetty 12 checks that the incoming host header matches the server certificate's subject and returns a `400 Bad Request` error on a mismatch. If you're upgrading to IDM 8.0, you must ensure your IDM server certificate subject matches the host name used by your deployment. | ### Array comparison You can choose how synchronization detects managed object array changes using *unordered* or *ordered* comparison using the configuration property `comparison` in the schema. Unordered JSON array comparison ignores the order of elements and can negate the need for certain custom scripts within mappings. Learn more about [managed object schema properties](../objects-guide/appendix-managed-objects.html#managed-object-property-config-properties) and [array comparison](../synchronization-guide/chap-implicit-live-sync.html#array-comparison). ### Logback IDM now uses Logback to generate server logs. Learn more in [Server logs](../monitoring-guide/server-logs.html). ### Java 21 support You can run IDM with Java 21. Learn more in [Java requirements](before-you-install.html#prerequisites-java). ### Audit-free health check To verify the current server state without generating audit logs, use the new `openidm/health` endpoint. Learn more in [Audit-free health check](../install-guide/system-healthcheck.html#audit-free-health-check). ### Additional metrics New metrics are available for [ICF operations](../monitoring-guide/api-metrics.html#new-icf-metrics). ### Filesystem secret store automatic encryption You can [configure automatic encryption](../security-guide/secret-stores-filesystem.html#fs-automatic-encryption) of your filesystem secret store. ### Store credentials as secrets You can store credentials for many services as secrets. The list of supported services has been expanded to include: * [Prometheus](../security-guide/secret-stores.html#secret-rotation-prometheus) * [Hikari connection pooling datasource](../security-guide/secret-stores.html#secret-rotation-hikari) * [External email services that use the MS Graph API](../external-services-guide/email.html#secret-rotation-email) * [HTTP client proxy](../setup-guide/http-client-config.html) Learn more in [Secret stores](../security-guide/secret-stores.html). ### `_api` parameter requires authorization Requests passing the `_api` parameter now require authorization. Learn more in [Common REST](../crest/about-crest.html#api-authorize-example). ## IDM 7.5.2 This release includes updates to ICF connectors, updates to dependency libraries, bug fixes, and the following feature: ### Improved task scanner exception handling If the task scanner encounters a task that results in an exception, it now aborts only that task and continues processing the remaining tasks. Previously, the scanner would abort the entire process when any task caused an exception. ## IDM 7.5.1 ### `_api` parameter requires authorization Requests passing the `_api` parameter now require authorization. Learn more in [Common REST](../crest/about-crest.html#api-authorize-example). ### Secure RCS access You can create stricter RCS authorization and access rules. To enable authorization for RCS, add an appropriate role to the static-user mapping used for the RCS subject and write the appropriate access rules to permit this role to be granted access to the `openicf` servlet on the path (pattern) corresponding to the RCS name used in the RCS configuration. Learn more in [Secure RCS access](../auth-guide/authorization-and-roles.html#secure-openicf-access). ### Array comparison You can choose how synchronization detects managed object array changes using *unordered* or *ordered* comparison using the configuration property `comparison` in the schema. Unordered JSON array comparison ignores the order of elements and can negate the need for certain custom scripts within mappings. Learn more about [managed object schema properties](../objects-guide/appendix-managed-objects.html#managed-object-property-config-properties) and [array comparison](../synchronization-guide/chap-implicit-live-sync.html#array-comparison). ### Jetty 12 support The embedded Jetty web server supports Jetty 12. ## IDM 7.5.0 ### Connectors Connectors continue to be updated and released outside of IDM. To stay up-to-date with new features and versions, check out the [ICF Release notes](https://docs.pingidentity.com/openicf/connector-release-notes/preface.html). Although not bundled in this release of IDM, the two newest connectors are available to download from [Backstage](https://backstage.forgerock.com/downloads/): * [PingOne connector documentation](https://docs.pingidentity.com/openicf/connector-reference/pingone.html) * [Webex connector documentation](https://docs.pingidentity.com/openicf/connector-reference/webex.html) ### International email addresses IDM now supports [international email addresses](https://en.wikipedia.org/wiki/International_email). This feature is only available for supporting SMTP providers. For more information, refer to [International email addresses](../external-services-guide/email.html#international-email-address). ### Custom relationship properties You can create custom relationship properties in the [admin UI](../objects-guide/relationships-custom.html) or with the [REST API](../rest-api-reference/endpoints/rest-schema.html). ### Store credentials as secrets You can store credentials for a number of services as secrets. The supported services include: * [DS using mTLS](../install-guide/external-ds.html#secret-rotation-mtls) * [rsFilter](../security-guide/secret-stores.html#secret-rotation-rsfilter) * [Email service](../security-guide/secret-stores.html#secret-rotation-email) * [Connectors with encrypted credentials](../security-guide/secret-stores.html#secret-rotation-connectors) For more information, refer to [Secret stores](../security-guide/secret-stores.html). ### Version file system secrets You can have multiple versions of secrets stored in a file system secret store. For more information, refer to [Filesystem secret stores](../security-guide/secret-stores-filesystem.html). ### Enhanced signal propagation Managed objects can now receive relationship graph topology change signals through the `SignalPropagationCalculator` class that is active by default. Learn more in [Enhanced signal propagation](../objects-guide/managed-object-virtual-properties.html#virtual-properties-enhanced-signal-propagation). ### Workflow engine upgrade The Flowable embedded workflow engine has been upgraded to [version 6.8.0](https://github.com/flowable/flowable-engine/releases/tag/flowable-6.8.0). If you are upgrading from a previous version of IDM and use workflow, this upgrade requires one or more incremental upgrade scripts. For more information, refer to [Upgrade an existing repository](../upgrade-guide/update-repo.html#upgrade-existing-repository). ### [Connect to DS with ScriptedREST](../samples-guide/scripted-rest-with-dj.html) sample supports `client_credentials` grant type The customizer script for the [Connect to DS with ScriptedREST](../samples-guide/scripted-rest-with-dj.html) sample now includes OAuth capabilities for the `client_credentials` grant type. ### End User UI supports array properties Array properties now display in the End User UI. ## IDM 7.4.3 This release includes updates to ICF connectors, updates to dependency libraries, bug fixes, and the following feature: ### Improved task scanner exception handling If the task scanner encounters a task that results in an exception, it now aborts only that task and continues processing the remaining tasks. Previously, the scanner would abort the entire process when any task caused an exception. ## IDM 7.4.2 ### International email addresses IDM now supports [international email addresses](https://en.wikipedia.org/wiki/International_email). This feature is available only for supporting SMTP providers. For more information, refer to [International email addresses](../external-services-guide/email.html#international-email-address). ### Secure RCS access You can create stricter RCS authorization and access rules. To enable authorization for RCS, add an appropriate role to the static-user mapping used for the RCS subject and write the appropriate access rules to permit this role to be granted access to the `openicf` servlet on the path (pattern) corresponding to the RCS name used in the RCS configuration. Learn more in [Secure RCS access](../auth-guide/authorization-and-roles.html#secure-openicf-access). ### Array comparison You can choose how synchronization detects managed object array changes using *unordered* or *ordered* comparison using the configuration property `comparison` in the schema. Unordered JSON array comparison ignores the order of elements and can negate the need for certain custom scripts within mappings. Learn more about [managed object schema properties](../objects-guide/appendix-managed-objects.html#managed-object-property-config-properties) and [array comparison](../synchronization-guide/chap-implicit-live-sync.html#array-comparison). ### `_api` parameter requires authorization Requests passing the `_api` parameter now require authorization. Learn more in [Common REST](../crest/about-crest.html#api-authorize-example). ### Jetty 12 support The embedded Jetty web server supports Jetty 12. ### Java 17 support This IDM release requires Java 17. Learn more in [Embedded Jetty configuration](../install-guide/appendix-jetty.html). ## IDM 7.4.1 * The Flowable embedded workflow engine has been upgraded to version 6.8.0. * End user UI supports array properties. * SalesForce connector supports `client_credentials` and `refresh_token` grant types. ## IDM 7.4.0 ### Filesystem secret stores You can now configure secret stores to use filesystem secret stores. Filesystem secret stores use a directory containing many files, each storing a single secret. For more information, refer to [Filesystem secret stores](../security-guide/secret-stores-filesystem.html). ### Microsoft Graph API email client In addition to the SMTP client, you can now configure the outbound email service to use the new MS Graph API Client. | | | | - | ---------------------------------------------------------------------------------- | | | Use of the new email client requires a properly configured Microsoft Azure tenant. | For more information, refer to [Outbound email service](../external-services-guide/email.html). ### Additional metrics New metrics are available for [livesync](../monitoring-guide/api-metrics.html#new-livesync-metric) and [scheduler functions](../monitoring-guide/api-metrics.html#api-scheduler-metric-names). For example requests, refer to [Scheduler metrics](../schedules-guide/schedule-metrics.html). ### Script support for `countOnly` queries Queries within scripts now support the `_countOnly` parameter. ### mTLS for authentication to DS If you're using IDM with a DS repository, ForgeRock recommends using mTLS to authenticate to DS to better facilitate credential rotation. Refer to [Configure mTLS](../install-guide/external-ds.html#external-ds-mtls). ## IDM 7.3.3 This release includes updates to ICF connectors, updates to dependency libraries, bug fixes, and the following feature: ### Improved task scanner exception handling If the task scanner encounters a task that results in an exception, it now aborts only that task and continues processing the remaining tasks. Previously, the scanner would abort the entire process when any task caused an exception. ## IDM 7.3.2 ### International email addresses IDM now supports [international email addresses](https://en.wikipedia.org/wiki/International_email). This feature is available only for supporting SMTP providers. For more information, refer to [International email addresses](../external-services-guide/email.html#international-email-address). ### Secure RCS access You can create stricter RCS authorization and access rules. To enable authorization for RCS, add an appropriate role to the static-user mapping used for the RCS subject and write the appropriate access rules to permit this role to be granted access to the `openicf` servlet on the path (pattern) corresponding to the RCS name used in the RCS configuration. Learn more in [Secure RCS access](../auth-guide/authorization-and-roles.html#secure-openicf-access). ### Array comparison You can choose how synchronization detects managed object array changes using *unordered* or *ordered* comparison using the configuration property `comparison` in the schema. Unordered JSON array comparison ignores the order of elements and can negate the need for certain custom scripts within mappings. Learn more about [managed object schema properties](../objects-guide/appendix-managed-objects.html#managed-object-property-config-properties) and [array comparison](../synchronization-guide/chap-implicit-live-sync.html#array-comparison). ### `_api` parameter requires authorization Requests passing the `_api` parameter now require authorization. Learn more in [Common REST](../crest/about-crest.html#api-authorize-example). ### Jetty 12 support The embedded Jetty web server supports Jetty 12. ### Java 17 support This IDM release requires Java 17. Learn more in [Embedded Jetty configuration](../install-guide/appendix-jetty.html). ## IDM 7.3.1 ### Workflow engine upgrade The Flowable embedded workflow engine has been upgraded to [version 6.8.0](https://github.com/flowable/flowable-engine/releases/tag/flowable-6.8.0). If you're upgrading from a previous version of IDM and use workflow, this upgrade requires one or more incremental upgrade scripts. For more information, refer to [Upgrade an existing repository](../upgrade-guide/update-repo.html#upgrade-existing-repository). ### End User UI supports array properties Array properties now display in the End User UI. ## IDM 7.3.0 ### Support for Bouncy Castle FIPS IDM now supports the use of Bouncy Castle FIPS as a security provider. Bouncy Castle FIPS is useful when dealing with government data, where meeting the FIPS 140-2 security requirement is necessary for regulatory compliance. For information on how to configure Bouncy Castle, refer to [FIPS 140-3 compliance](../security-guide/security-bouncy-castle-fips.html). ### Support for UTF-8 email addresses IDM now supports UTF-8 (non-ASCII/international) characters in email addresses, such as **zoƫ@example.com**. When sending emails to these type of addresses, the configured SMTP server must also support UTF-8. ### Disable delegated administrator sort and filter while searching You can now disable delegated administrator sort and filter while searching resource collections in the End User UI. For more information, refer to [Disable sort and filter for resource collections](../auth-guide/delegated-admin.html#disable_sort_and_filter_for_resource_collections). ### Workflows now support JavaScript IDM workflows now support JavaScript in addition to Groovy. For more information about scripting workflows, refer to [BPMN 2.0 and workflow tools](../workflow-guide/about-workflow-tools.html). ### Patch operation improvements It is now possible to patch the root of an object. The only supported patch operations on the root of an object are `remove` and `replace`. ### Improvements to the /system endpoint `/system` endpoints now support specifying additional fields when also using `*`. This allows callers to get fields that are not returned by default. ### New sync mapping configuration fields New sync mapping configuration fields, `defaultSourceFields` and `defaultTargetFields`, allow specifying which fields to use for read and query requests made on source and target resource collections. ## IDM 7.2.2 This release includes updates to ICF connectors, updates to dependency libraries, bug fixes, and the following new feature: ### Support for upgrading DS to later version than IDM Upgrading to DS 7.3 is now supported. For more information, refer to [Supported repositories](before-you-install.html#prerequisites-repositories). ## IDM 7.2.1 This release includes updates to ICF connectors, updates to dependency libraries, and bug fixes. ## IDM 7.2.0 This release of PingIDM software includes the following new features: ### Property-based secret stores IDM now supports *property-based secret stores* and can read keys and trusted certificates from properties that contain keys in Privacy-Enhanced Mail (PEM) format. For more information, see [Property secret stores](../security-guide/secret-stores-property.html). ### Scanning tasks to activate and deactivate accounts The default IDM configuration now includes two scanning tasks that *activate* and *deactivate* a user's `accountStatus`, based on their `activeDate` and `inactiveDate`. For more information, see [Activate and deactivate accounts](../schedules-guide/activate-deactivate-tasks.html). ### `external/email` endpoint improvements You can now use `cc` and `bcc` parameters with the `sendTemplate` action. For more information, see: * [openidm.action](../scripting-guide/scripting-func-ref.html#function-action) * [Outbound email service](../external-services-guide/email.html) ### Workflow improvements The Flowable embedded workflow engine has been upgraded to version 6.6.0. This upgrade fixes the issue with [native email tasks](https://github.com/flowable/flowable-engine/issues/2343) previously mentioned in the [Workflow Guide](../workflow-guide/preface.html). ### Policy validation for field removal You can now [validate field removal](../objects-guide/policies-over-REST.html#_validate_field_removal) using the policy action `validateProperty`. ### Relationship-derived Virtual Properties (RDVP) improvements [Relationship-derived Virtual Properties](../objects-guide/managed-object-virtual-properties.html#relationship-derived-virtual-properties) now include reference fields with details of the referenced relationship. ### AD Password Synchronization Plugin UTC timestamps The latest version of the Active Directory password synchronization plugin (v1.7.0) uses UTC timestamps for logs. ### Bootstrap IDM without stored configuration Previously, the property `openidm.fileinstall.enabled` also controlled the configs being loaded on startup. Therefore, to disable file monitoring, you had to first start IDM with it enabled in order to load the configs into the repository, and then restart IDM with it disabled. The new setting `openidm.config.bootstrap.enabled` (which defaults to `true`), allows file monitoring to be disabled, and the bootstrap process will load the configuration into the repository. For more information, see [Disable automatic configuration updates](../security-guide/disabling-auto-config-updates.html). ### API version header warnings IDM can now [log warnings](../rest-api-reference/rest-api-versioning.html#_api_version_header_warnings) when API version headers are not specified. ### Reconciliation enhancements Reconciliation has been enhanced in the following ways: * Previously, if one node in the cluster went down or offline during a clustered reconciliation run, the reconciliation was canceled. This limitation no longer exists. For more information, see [Clustered reconciliation](../synchronization-guide/clustered-recon.html). * Addition of the properties: * `reconTargetQueryPaging` * `reconTargetQueryPageSize` Learn more in the [Synchronization reference](../synchronization-guide/synchronization-ref.html#sync-object-mapping). ### Assignment synchronization optimization A new property has been added to synchronization mappings, `optimizeAssignmentSync`, which determines whether modifications to an assignment's attributes or relationships should be treated as a synchronization event for members of that assignment or role, or if it should only be treated as a synchronization event for members if the modified assignment is directly relevant to that mapping, or if `effectiveAssignments` is included in `triggerSyncProperties`. Learn more in the [Synchronization reference](../synchronization-guide/synchronization-ref.html#sync-object-mapping). ### Query filtering on arrays For versions of IDM running DS or PostgreSQL as a repository, `queryFilter` now supports filtering on the contents of arrays. For more information, see [Filter objects in arrays](../objects-guide/queries.html#_filter_objects_in_arrays). ### Additional metrics New metrics are available for [workflow](../monitoring-guide/api-metrics.html#api-workflow-metric-names) and [JVM](../monitoring-guide/api-metrics.html#api-jvm-metric-names). ## IDM 7.1.6 This release includes updates to ICF connectors, updates to dependency libraries, bug fixes, and the following new feature: * The SalesForce connector template supports `client_credentials` grant type. ## IDM 7.1.4 This release includes updates to ICF connectors, updates to dependency libraries, bug fixes, and the following new feature: * Upgrading to DS 7.3 is now supported. For more information, refer to [Supported repositories](before-you-install.html#prerequisites-repositories). ## IDM 7.1.2 This release includes updates to ICF connectors, updates to dependency libraries, bug fixes, and the following new feature: * The Flowable embedded workflow engine has been upgraded to version 6.6.0. This upgrade fixes the issue with [native email tasks](https://github.com/flowable/flowable-engine/issues/2343) previously mentioned in the [Workflow Guide](../workflow-guide/preface.html). ## IDM 7.1 ### Sample connection to Azure AD with the MS Graph API connector The [Synchronize data between IDM and Azure Active Directory](../samples-guide/sync-with-azuread.html) sample uses the MS Graph API connector to synchronize users between IDM and Azure AD. ### Password sync plugins #### Active Directory Password Synchronization Plugin UTC timestamps The latest version of the Active Directory password synchronization plugin uses UTC timestamps for logs. #### Active Directory Password Synchronization Plugin infinite loop prevention The latest version of the Active Directory Password Synchronization Plugin supports a new registry key that helps prevent infinite password update loops. Learn more about the registry key, [pwdChangeInterval](../pwd-plugin-guide/conf-ad-pwd-sync.html#ad-sync-keys-infinite-loop). #### Active Directory Password Synchronization Plugin configurable max retries The latest version of the Active Directory Password Synchronization Plugin supports a new registry key to configure the maximum retry attempts for password changes. Learn more about the registry key, [maxFileRetry](../pwd-plugin-guide/conf-ad-pwd-sync.html#ad-sync-keys-noidm). #### Active Directory Password Synchronization Plugin search filter The latest version of the Active Directory Password Synchronization Plugin supports a new registry key to configure a search filter to omit users/groups from password syncing. Learn more about the registry key, [userSearchFilterStrict](../pwd-plugin-guide/conf-ad-pwd-sync.html#userSearchFilterStrict). #### Support for AM Bearer Tokens in the DS and Active Directory Password Synchronization Plugins The latest versions of the DS and Active Directory password synchronization plugins now support the use of AM bearer tokens as an authentication method. Learn more: * [Configure the plugin for AM bearer tokens](../pwd-plugin-guide/chap-sync-dj.html#pwd-sync-am-tokens) * [Install the Active Directory password synchronization plugin](../pwd-plugin-guide/install-ad-pwd-sync.html) ### Support for alternative KBA answer hashing Previously, KBA answers were always hashed as SHA-256 upon save, which is still the default setting. However, you can now specify an alternative hashing algorithm. ### Managed object default values You can now specify default values for properties in the managed object configuration *(tooltip: You can edit the managed object configuration over REST at the config/managed endpoint, or directly in the conf/managed.json file.)*. For example, the default managed object configuration *(tooltip: You can edit the managed object configuration over REST at the config/managed endpoint, or directly in the conf/managed.json file.)* includes a default value that makes `accountStatus:active`, which effectively replaces the `onCreate` script that was previously used to achieve the same result. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | IDM assumes all default values are valid for the schema. Although IDM skips policy validation for objects with default values, you can force validation on property values | ### Support for REST queries on array properties (JDBC) You can now perform REST queries on properly configured array fields. Learn more: * [Queries on object array properties (JDBC)](../objects-guide/queries.html#query-array-reqs) * [Configure array fields](../install-guide/repository-postgresql.html#postgres-conf-search-array) * [Convert an explicit mapped object to a hybrid mapped object (JDBC)](../objects-guide/explicit-generic-mapping-jdbc.html#convert-explicit-to-hybrid-jdbc) ### `waitForCompletion` property added to the `config` endpoint The optional `waitForCompletion` parameter is now available to the `config` endpoint for create, update, and patch requests. Learn more: * [Configure the server over REST](../setup-guide/configuring-over-rest.html) * [Server configuration](../rest-api-reference/endpoints/rest-server-config.html) ### API endpoint requires admin authentication To protect production servers from unauthorized API descriptor requests, IDM now requires admin authentication for the API endpoint. ### Additional query types in JDBC explicit tables Queries on explicit tables in JDBC now support `bool:`, `num:`, and `long:` in addition to the previously supported query parameters (`strings`, `list:`, and `int:`). ## IDM 7.0.4 This release includes updates to ICF connectors, updates to dependency libraries, and bug fixes. ## IDM 7.0.3 This release includes bug fixes. ## IDM 7.0.2 * You can now [validate field removal](../objects-guide/policies-over-REST.html#_validate_field_removal) using the policy action `validateProperty`. * The Flowable embedded workflow engine has been upgraded to version 6.6.0. This upgrade fixes the issue with [native email tasks](https://github.com/flowable/flowable-engine/issues/2343) previously mentioned in the [Workflow Guide](../workflow-guide/preface.html). ## IDM 7.0.1 This release includes bug fixes. ## IDM 7 ### Password sync plugins #### Active Directory Password Synchronization Plugin UTC timestamps The latest version of the Active Directory password synchronization plugin uses UTC timestamps for logs. #### Active Directory Password Synchronization Plugin infinite loop prevention The latest version of the Active Directory Password Synchronization Plugin supports a new registry key that helps prevent infinite password update loops. Learn more about the registry key, [pwdChangeInterval](../pwd-plugin-guide/conf-ad-pwd-sync.html#ad-sync-keys-infinite-loop). #### Active Directory Password Synchronization Plugin configurable max retries The latest version of the Active Directory Password Synchronization Plugin supports a new registry key to configure the maximum retry attempts for password changes. Learn more about the registry key, [maxFileRetry](../pwd-plugin-guide/conf-ad-pwd-sync.html#ad-sync-keys-noidm). #### Active Directory Password Synchronization Plugin search filter The latest version of the Active Directory Password Synchronization Plugin supports a new registry key to configure a search filter to omit users/groups from password syncing. Learn more about the registry key, [userSearchFilterStrict](../pwd-plugin-guide/conf-ad-pwd-sync.html#userSearchFilterStrict). #### Support for AM Bearer Tokens in the DS and Active Directory Password Synchronization Plugins The latest versions of the DS and Active Directory password synchronization plugins now support the use of AM bearer tokens as an authentication method. Learn more: * [Configure the plugin for AM bearer tokens](../pwd-plugin-guide/chap-sync-dj.html#pwd-sync-am-tokens) * [Install the Active Directory password synchronization plugin](../pwd-plugin-guide/install-ad-pwd-sync.html) ### Access configuration over REST You can now configure access rules over REST, at the `openidm/config/access` endpoint. In previous releases, access rules were configured in the `access.js` file. This script file has been replaced by an `access.json` configuration file, that performs the same function. Learn more in [Authorization and roles](../auth-guide/authorization-and-roles.html). ### Privilege dynamic filters You can now create privilege [dynamic filters](../auth-guide/delegated-admin.html#dynamic-filter-da) for delegated administrators. ### Configurable HTTP I/O request buffer You can now configure the [temporary storage file size](../setup-guide/temp-storage.html) for HTTP I/O requests. ### Filter expanded relationships You can use `_queryFilter` to directly filter expanded relationships from a collection, such as `authzRoles`. Learn more in [Filter expanded relationships](../objects-guide/queries.html#filter-expand-relation). ### Deterministic ECDSA signatures for JWT By default, JWTs are now signed with deterministic Elliptic Curve Digital Signature Algorithm (ECDSA). In order to use this more secure signing method, Bouncy Castle, which is included in the default IDM installation, must be installed. If Bouncy Castle is unavailable or the key is incompatible, IDM falls back to normal ECDSA. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you need to turn off the use of deterministic ECDSA, add the following line to `conf/system.properties`:```properties org.forgerock.secrets.preferDeterministicEcdsa=false ``` | ### Debugging information for Groovy scripts In previous releases, setting `javascript.exception.debug.info=true` in the `boot.properties` file enabled additional debug information, including line numbers and file names for JavaScript exceptions. In this release, setting `groovy.exception.debug.info=true` lets you gather comparable debug information for Groovy scripts. ### REST API Versioning IDM now supports the ability to specify the REST API version in HTTP calls and scripts. For more information, see REST API Versioning. The following APIs have been updated in this release: * openidm/scheduler Version 2 of this endpoint adds a `previousRunDate` property to the output of REST calls on specific scheduled tasks. Version 2 also lets you [trigger a scheduled task manually](../schedules-guide/configure-schedules.html#trigger-scheduled-task) and [pause and resume a scheduled task](../schedules-guide/configure-schedules.html#pause-scheduled-job). | | | | - | --------------------------------------------------------------------------------------------------------------------------------- | | | The `action` parameter on the `scheduler` endpoint was deprecated in Version 1 of the endpoint and is not supported in Version 2. | ### Support for AM bearer tokens IDM now supports using AM bearer tokens for authentication, with the `rsFilter` authentication module. Going forward, this is the only supported method for integrating AM and IDM. Learn more in [Authenticate through AM](../auth-guide/rsfilter-auth.html). ### Notification property now configurable Notifications of changes to managed objects are injected into a property in that object type. Previously, the name of this property was always `_notifications`. In this IDM release, you can customize the name of the notifications property. Learn more in [Configure notifications](../audit-guide/notification-config.html). ### Reconciliation Association Information The new `recon/assoc` endpoint can be used to gather detailed information about the associations created between a source and a target object during a reconciliation. This endpoint requires the following tables and views to be added to your repository: `reconassoc`, `reconassocentry`, and `reconassocentryview`. Learn more about [reconciliation association details](../synchronization-guide/manage-recon.html#recon-assoc). For instructions on updating your existing repositories to enable this feature, refer to [Upgrade an Existing Repository](https://backstage.forgerock.com/docs/idm/7/upgrade-guide/update-repo.html#upgrade-existing-repository) in the IDM 7.0 documentation. ### Profile completeness endpoint A new endpoint has been added to self-service, which lets you get a percentage value regarding the completeness of a specified user's profile. ### Audit logging safelist By default, IDM now safelists fields that are safe to log. Learn more in [Use policies to filter audit data](../audit-guide/filtering-audit-policies.html). ### `in` clause for queries The [`in` expression clause](../objects-guide/queries.html#query-in) provides limited support for queries on singleton string properties. ### Disposal of idle poolable connector instances (ICF) In version 1.5.20.11 of the ICF framework, the framework disposes of idle connector instances in the connection pool (for poolable connectors such as the LDAP connector and the Database Table connector). A connection pool cleaner thread now runs every minute and removes connections whose `lastUsed` time is larger than the `minEvictableIdleTimeMillis`. This behavior is an improvement on previous releases, where a connection that had been used then returned to the connection pool remained there until the next connector operation. The previous behavior could result in several connections in the pool, that were idle but still connected to the target resource. ### Separate mapping configuration files This release lets you configure mappings in separate mapping files, instead of, or in addition to one `sync.json` file. You cannot manage separate mapping configurations through the Admin UI. Learn more in [Resource mapping](../synchronization-guide/mappings.html). ### Queued sync retry This release provides the ability to configure an infinite number of queued synchronization retries. Learn more in [Configure queued synchronization](../synchronization-guide/chap-implicit-live-sync.html#configure-queued-sync). ### Material Design Icon added to managed object configuration *(tooltip: You can edit the managed object configuration over REST at the config/managed endpoint, or directly in the conf/managed.json file.)* [`mat-icon`](../objects-guide/appendix-managed-objects.html) has been added to the `schema` property of the managed object configuration *(tooltip: You can edit the managed object configuration over REST at the config/managed endpoint, or directly in the conf/managed.json file.)*. ### Additional query types in JDBC explicit tables Queries on explicit tables in JDBC now support `bool:`, `num:`, and `long:` in addition to the previously supported query parameters (`strings`, `list:`, and `int:`). ### `config.properties` additions The following content was added to the default `config.properties` file: ```properties # The name of the PersistenceManager to be used by the framework # when persisting component configurations. felix.cm.pm=repo ``` ## Archive For documentation and release information prior to IDM 7.0, check out the [Documentation Archive](https://docs.pingidentity.com/archive/). ## Security advisories Ping Identity issues security advisories in collaboration with our customers to address any security vulnerabilities transparently and rapidly. Ping Identity's security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches. Learn how to find security advisories in the Ping Identity [support portal](https://support.pingidentity.com/s/article/Support-Portal-Guide#SecurityAdvisories) (requires sign-on).