Potential security vulnerability
Fixed a potential security vulnerability that will be described in a future security advisory.
Potential security vulnerability
Fixed a potential security vulnerability that will be described in a future security advisory.
Potential security vulnerability
Fixed a potential security vulnerability that will be described in a future security advisory.
Runtime notification when thread dumps are enabled but log4j2.xml is not configured
Added a feature to generate a warning message on the Runtime
Notifications tab if you have enabled thread dumps, but you
have not configured the ThreadDumpAppender and
ThreadDumpLogger properties in the
log4j2.xml file.
To learn more about configuring thread pool exhaustion events, see Configuring runtime notifications.
Randomly-generated provisioner node ids
Added a feature allowing you to generate random provisioner.node.id values.
To learn more about configuring provisioners, see Deploying provisioning failover.
Custom KeyID
Added a feature allowing administrators to define custom KeyID values for static OAuth and OIDC keys and token signing keys.
Fixed an defect that caused PingFederate to not publish the alg parameter on the JWKS endpoint. This issue occurred for dynamically-generated EC signing keys on engine nodes.
To learn more about keys, see Keys for OAuth and OpenID Connect.
GET SAML request signature processing error
Fixed a defect where SAML requests using HTTP GET method with multiple signature-related parameters encoded in the RelayState parameter were causing errors in processing signature validation.
NPE notification error
Fixed a defect that caused PingFederate to issue null pointer exception (NPE) errors when querying the token endpoint.
Certificate expiry notification error
Fixed a defect that caused the certificate expiry warning notification icon to remain when there were no notifications to display.
Reencyption causes connection or client to fail on engine
Fixed a defect where changes made on the administrative console were not replicated to the engine during reencryption.
JMX registration failure for imported archives
Fixed a defect that caused the JMX monitoring to fail to register archive files that are imported to PingFederate.
Content type changes if
well_known endpoint response is too large
Fixed a defect that caused the content-type of a
response from the well_known endpoint to change from JSON
to HTML if a response is too large.
PingFederate displays unlock your account page for unlocked users
RHEL 8 using OS-level FIPS causes PingFederate failure
Error message for
authentication policy fragment with invalid
localIdentityRef
LOCAL_IDENTITY_MAPPING action with an invalid
localIdentityRef ID. Unable to deobfuscate grant attributes
Fixed a defect where PingFederate was unable to deobfuscate grant attributes of a certain length.
Valid Authorization policy generates "Configuration Error" message
Fixed a defect that caused PingFederate to incorrectly return an Invalid Configuration error for a valid authentication policy.