New features and improvements in PingFederate 11.0.1.
Rolling grace period for refresh tokens
When PingFederate rotates a refresh token, if the client fails to get the new token, now PingFederate can accept the previous token for the short period that you specify with the Refresh Token Rolling Grace Period setting.
Improved performance of the administrative console when a large number of OAuth clients are stored in LDAP or JDBC datastores.
URL region of the PingOne home button
When configuring the URL of the PingOne home button in the PingFederate administrative console, now pf.pingone.admin.url.region in run.properties supports
Canadaas a region.
AWS CloudHSM client
PingFederate can be successfully integrated with AWS CloudHSM client version 3.4.4.
Resolved a potential security vulnerability
Resolved a potential security vulnerability that is described in security bulletin SECBL021.
Updated Apache Log4j2
Resolved a potential security vulnerability by updating Apache Log4j2 to version 2.17.1.
Authenticating PingDirectory users
Resolved an issue that allowed PingDirectory users to authenticate with expired passwords.
Certificate revocation list checks
Resolved an issue that caused certificate revocation list (CRL) checks to return "issuer not found in trusted CAs store" even though the issuer certificate is present.