PingAccess Agent SDK for C release notes

Info

As of Agent SDK for C 3.0, support for RHEL 7 and SLES 12 has been removed.

New PASDKC-197

The agent SDK for C now supports authenticating PingAccess agents to the engine nodes with a bearer token.

After you configure a compatible PingAccess agent with the updated agent.properties file and select Require Token Authentication in the agent’s configuration, the agent creates, signs, and sends a unique JWT for every authentication request.

Learn more in the PingAccess 8.2 release notes. You can find setup instructions in Configuring PingAccess agents to use bearer token authentication.

Info

Support for RHEL 7 will be deprecated in the next version.

Fixed PASDKC-195

Fixed an issue that caused agents to fail to contact the PingAccess engine about requests meant for the PingAccess reserved application if the root resource was anonymous.

Fixed PASDKC-193

Fixed an issue that caused errant form character blocking if XSS blocking was configured. This issue was applicable even if form blocking wasn’t configured.

New

Added support for RHEL 9.

New PA-15516

If you use a Web + API application, the vnd-pi-resource-cache PingAccess agent protocol (PAAP) header now contains an additional path so Web + API applications can cache both cookie and authorization header token-types.

Learn more in the Cache multiple token-types for Web + API applications entry in the PingAccess 8.1 release notes.

New PAA-251

Configure an agent to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without having to reach out to PingAccess for a decision.

Added eight new properties to each agent:

Improved PAA-265

Added a new configuration option to give protected applications better reliability without giving up the ability to perform CRL checking when the server is available: the agent.engine.configuration.checkCertRevocation.bestEffort property.

This change provides better alignment between PingAccess, PingFederate, and PingAccess policy server CRL checking.

Info

Removed support for RHEL 6.

New

Added support for RHEL 8.

New

Added agent inventory callback API.

Security

Fixed a potential security issue.

Security

Fixed a potential security issue.

New

Added support for FreeBSD 8.

Security

Fixed potential security issues.

Improved

Updated version of libcurl to fix an issue where libcurl was only checking the first SAN in the server certificate.

Security

Fixed a potential security issue.

Improved

Added support for:

Info

Established a workaround for a known issue in the Network Security Services library that results in a memory leak when the agent closes a HTTPS connection to a PingAccess policy server. For more information, see this KB article.

Fixed

Fixed an issue where duplicate headers were included in the backend request to the PingAccess engine, causing the agent to block the request for content.

New

Added policy server failover support. Policy server failover support is only provided by the SDK when using the libcurl HTTP client.

Fixed

Fixed an issue where agents could not communicate with PingAccess servers using a certificate signed by a certificate authority because the CRL Distribution Point extension is missing. This issue is limited to agents on Windows deployments.

Security

Addressed a potential security vulnerability. This issue is limited to Windows deployments.

Fixed

Fixed an issue with ZeroMQ policy cache where a terminated process could cause a condition that resulted in unexpected CPU utilization.

Info

Initial release of the Agent SDK for C.