Added the ability to sanitize error logging to
protect sensitive data
Added the ability to sanitize error log messages as they are
generated. This can help prevent sensitive information from being leaked through
log messages, although the resulting log messages can potentially be less useful
for troubleshooting purposes. See Log Sanitization for more
Updated the administrative console browser
The administrative console now supports Microsoft Edge.
Administrative console support for Microsoft Internet Explorer 11 has been
Deprecated Apache Camel for PIP
Using Apache Camel to connect policy information points (PIPs) to
PingAuthorize has been deprecated, and
the feature will be removed in a future release of the product. We recommend
using HTTP services instead, where applicable.
Made it easier to present a custom SSL
certificate to the Policy Editor
We added a new environment variable named KEYSTORE_PIN_FILE to
the Policy Editorsetup and start-server tools. This
variable takes precedence over PING_KEYSTORE_PASSWORD when
validating and presenting the server certificate.
Improved UI performance in the Policy Editor
The Policy Editor now supports API HTTP caching, which is enabled by default
to improve UI performance. Disable this feature and restore the legacy behavior
by providing the --disableApiHttpCache option to the
setup tool. Alternatively, set the environment variable
PING_ENABLE_API_HTTP_CACHE to false
when running start-server to disable it for a particular
server runtime instance.
Added a command-line configuration tool for
Added a docker-pre-start-config command-line
tool for PingAuthorize Docker containers.
Use the tool before the server is started to make configuration changes to the
server that depend on the running container's environment.
Added and updated PingAuthorize Server profile command-line
Added a --skipValidation argument for the
manage-profile replace-profile command. This argument allows
skipping the final server validation step when running on an offline server.
Added an --excludeSetupArguments argument for the
manage-profile generate-profile command. This argument
allows generating a server profile that does not include a
Updated the setup and replace-profile
subcommands to fail when a server profile includes an
encryption-settings-db file in the profile's
Enhanced advice logging
During advice processing, the File Based Error Log Publisher
publishes additional helpful messages to the configured output
Removed the OIDC
offline_access scope requirement for the Policy Editor
The Policy Editor no longer
requires the offline_access scope when configured in OpenID
Connect mode using the Authorization Code with PKCE grant
Fixed the Policy
Editor issue rejecting bearer tokens with array-type
Fixed an issue that prevented the Policy Editor REST APIs from accepting a bearer token when the
aud claim was an array of strings.
Enabled the Policy
Editor to decode JWTs with underscores
The Policy Editor is now able
to decode JWTs that contain underscore characters.
This release includes general HTTP performance improvements and
Fixed alert consistency
for cleared alarms
Fixed issues where gauges could raise an alarm and create an
alert, but not create an alert when that same alarm was later cleared, making it
unclear when the reported condition had abated.
Updated the API gateway
behavior for handling trailing zeros
When operating as an API gateway, PingAuthorize will no longer remove trailing
zeros from numbers in non-SCIM response bodies and advice
Fixed the Policy Editor UI tab switching error
Fixed an issue where the Policy Editor threw an
error when rapidly switching between Trust Framework tabs under slow network
Fixed the Policy Editor error that occurs when updating entities
Fixed an issue where concurrent updates to the same entities in the Policy Editor could sometimes produce an error.
Fixed an issue
resolving JSONPath expressions that contain the keys()
Fixed an issue where calling keys() in a JSONPath
expression did not return the object’s keys.
Fixed the PIN retrieval issues with
third-party passphrase providers
Fixed issues that prevented obtaining key and trust store PINs
with the Amazon Secrets Manager, CyberArk Conjur, and HashiCorp Vault passphrase
Fixed erroneous certificate expiration
Fixed an issue that prevented the server from refreshing the
monitor data used to detect and warn about an upcoming certificate expiration.
This could cause the server to continue to warn about an expiring certificate
even after that certificate had been
Fixed the PingAuthorize name and version in
The collect-support-data (CSD) tool now
correctly displays the name and version of PingAuthorize.
Updated the incorrect version information for
The status tool now shows the current
Updated to LDAP SDK
Updated to LDAP SDK for Java version 6.0.5 for bug fixes and new
Recovering from a
failed setup on Windows
The setup command might fail on Windows
operating systems due to the presence of Bouncy Castle JAR files that begin with
bc in the lib directory. The JAR
files are mentioned in an error message similar to the following:
An unexpected error occurred while attempting to copy the non-FIPS Bouncy Castle jar file into the server's classpath:
The process cannot access the file because it is being used by another process.
A temporary workaround is to delete the JAR files that begin with
bc from the lib directory before
attempting to run setup again.