Authentication request despite Recent Authentication rule in policy
In version 2.8, when Windows login was integrated with PingID directly (not through PingFederate), there were situations where users would be asked to authenticate even though the defined Recent Authentication rule in the authentication policy should have prevented an authentication prompt.
Windows login verifies PingID properties file
Beginning with version 2.8, you must use the restricted-permissions properties file that is generated when you click the Generate button in the Integrate with Windows and Mac login section. You can no longer use the properties file that is generated when you click the Generate button in the Integrate with PingFederate and other clients section. This resolves issues related to CVE-2022-23717.
Removed Windows login local privilege escalation
Windows Login local privilege escalation to System account is now removed. This resolves issues related to CVE-2022-23719.
Additions to the Authentication Browser
Offline HTML and JS files are now added to the Authentication Browser (similar to these employed by Authenticator Browser for Online login flow) . This resolves issues related to CVE-2022-23717.