A security enhancement has been made in PingFederate 9.0 to safeguard JDBC datastore queries against back-end SQL injection attacks. This protection is enabled for all new installations.
For upgrades, you can enable this protection by modifying the <pf_install>/pingfederate/server/default/data/config-store/org.sourceid.common.SqlFilterManager.xml file.
To enable this security enhancement: