PingFederate 10.3.4 is a cumulative maintenance release for PingFederate 10.3. For a summary of the features introduced in the 10.3 release, see PingFederate 10.3 - June 2021.
Resolved issues
Ticket ID | Description |
---|---|
PF-29376 and PF-29927 |
Previously, some security scanners might find some of the PingID components susceptible to CVE-2020-25649 and CVE-2019-10219. While these vulnerabilities do not apply to our products, we have now replaced them with newer versions that are not susceptible to the aforementioned CVEs in the product distribution .zip file and the Windows installer. The latest components are:
If you're using the In-Place Update .zip file to update to 10.3.4, you must download the PingID Integration Kit 2.15 (or a more recent version when it becomes available) from the PingFederate Downloads > Add-ons tab and follow its documentation to update those components manually. |
PF-29975 |
Resolved an issue that caused an increase in load time for the Client Management window when a large number of OAuth clients are stored in external LDAP storage. |
PF-30043 |
The Password Reset Token Validity time can now be set for any value from 1 to 4320 minutes or 72 hours. |
PF-30231 |
Resolved a session validation error when trying to sign on to the PingFederate administrative console with single login mode enabled. |