Resolved issues

Ticket ID Description

PF-29376 and PF-29927

Previously, some security scanners might find some of the PingID components susceptible to CVE-2020-25649 and CVE-2019-10219. While these vulnerabilities do not apply to our products, we have now replaced them with newer versions that are not susceptible to the aforementioned CVEs in the product distribution .zip file and the Windows installer.

The latest components are:
  • PingID Adapter 2.11.1
  • PingID PCV (with integrated RADIUS server) 2.9.1
  • PingID Connector 1.1.1

If you're using the In-Place Update .zip file to update to 10.3.4, you must download the PingID Integration Kit 2.15 (or a more recent version when it becomes available) from the PingFederate Downloads > Add-ons tab and follow its documentation to update those components manually.


Resolved an issue that caused an increase in load time for the Client Management window when a large number of OAuth clients are stored in external LDAP storage.


The Password Reset Token Validity time can now be set for any value from 1 to 4320 minutes or 72 hours.


Resolved a session validation error when trying to sign on to the PingFederate administrative console with single login mode enabled.