This release of addresses critical issues from earlier versions. Update all affected servers appropriately.
No critical issues have been identified
Known Issues and Workarounds
The following are known issues in the current version of :
- The following are suggested solutions for problems with slow DNS:
- Maintain a connection pool in the client app rather than opening new connections for each bind.
- Add appropriate records, including PTR records, to DNS.
options timeout:1in the /etc/resolv.conf file and/or options single-request.
- If IPv6 requests specifically are causing issues, add
start-server.java-argsline in PingDirectory’s config/java.properties file, run
bin/dsjavaproperties, and restart the server to stop the issuance of IPv6 PTR requests.
- Some server tools, such as
rebuild-index, will fail with errors if they are run with an encrypted tools.properties file.
- Workaround: Add the
--noPropertiesFileargument to the server tools to prevent them from pulling information from the encrypted file.
- Workaround: Add the
- The working directory value used by exec tasks is not implemented for recurring exec tasks.
The following issues have been resolved with this release of :
|DS-37881||The PingFederate Access Token Validator will now refresh its cached value of the
PingFederate server's token introspection endpoint. A new attribute,
|DS-37955||To support multiple trace loggers, each trace logger now has its own resource key,
which is shown in the
|DS-38053||The JWT Access Token Validator no longer requires a restart after a change to one of its signing certificates.|
|DS-38832||Fixed an issue that could cause the server to leak a small amount of memory each time it failed to establish an LDAP connection to another server.|
Updated the PBKDF2 password storage scheme to add support for variants that use the 256-bit, 384-bit, and 512-bit SHA-2 digest algorithms. At present, the SHA-1 variant remains the default to preserve backward compatibility with older versions.
Also, in accordance with the recommendations in NIST SP 800-63B, we have increased the default iteration count from 4096 to 10,000, and the default salt length from 64 bits to 128 bits.
Updated the Groovy scripting language version to 2.5.7. For a list of changes, visit groovy-lang.org and view the Groovy 2.5 release notes.
As of this release, only the core Groovy runtime and the groovy-json module are bundled with the server. To deploy a Groovy-scripted Server SDK extension that requires a Groovy module not bundled with the server, such as groovy-xml or groovy-sql, download the appropriate jar file from groovy-lang.org and place it in the server's lib/extensions directory.
Removed the legacy product-specific scripts for starting and stopping the server. These include:
These legacy scripts had been deprecated for several releases in favor of the more general start-server and stop-server scripts, and they displayed a warning message about their upcoming removal if they were invoked.
If you still have dependencies on these legacy product-specific scripts, you will need to update them to reference the general start-server and stop-server scripts instead. If it is not feasible to update these references immediately, you may create symbolic links that use the legacy script names and point at the start-server and stop-server scripts.
|DS-39373||Preserve the privileges that are explicitly set on the admin user when migrating from the admin backend to the topology registry.|
|DS-39518||Fixed an issue in which escaped characters in schema extensions may not be handled
properly. If used in attribute type constraints (such as
|DS-39592||HTTP External Servers have a new attribute,
|DS-39626, DS-40357||The trace log publisher will now record an access token's scopes after the token is successfully validated.|
|DS-39654||Added support for the
|DS-39715||Updated the Server SDK to add support for sending email messages.|
|DS-39857||Added the StatsD monitoring endpoint. When the Stats Collector Plugin is enabled, this endpoint sends metric data from the server in StatsD format to the configured destination.|
|DS-39908||Added a new JVM-default trust manager provider that can be used to automatically trust any certificate signed by an authority included in the JVM's default set of trusted issuers. Also, updated other trust manager providers to offer an option to use the JVM-default trust addition to the trust that they normally provide.|
|DS-40114||Added a new
|DS-40354||Fixed a problem with
|DS-40366||Fixed an issue where the server was attempting to connect by an IP address rather than a hostname when DNS lookup was successful.|
|DS-40377||Added support for logging to a JSON file in the Periodic Stats Logger Plugin.|
|DS-40517||Added metrics for status summary, replication database, and LDAP changelog to the Stats Collector Plugin.|
|DS-40556||Added support for specifying a working directory for exec tasks.|