PingAccess

PingAccess agent for NGINX release notes

These release notes summarize the changes in current and previous PingAccess agent for NGINX updates.

PingAccess agent for NGINX 2.2 (December 2024)

Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.4.1.

RHEL 7 deprecation

Info

Support for RHEL 7 will be deprecated in version 1.5.

Cache multiple token-types for Web + API applications

New PA-15516

If you use a Web + API application, the vnd-pi-resource-cache PingAccess agent protocol (PAAP) header now contains an additional path so Web + API applications can cache both cookie and authorization header token-types. Learn more in the Cache multiple token-types for Web + API applications entry in the PingAccess 8.1 release notes, and the agent.cache.defaultTokenType property on the NGINX agent configuration page.

Existing agent environments ignore the new vnd-pi-token-cache-oauth-ttl header and additional paths in the vnd-pi-resource-cache header.

To see the performance boost, upgrade to PingAccess 8.1 or later and upgrade to the latest version of the NGINX agent. Otherwise, continue to use an earlier agent version.

Block bad characters in NGINX agent deployments

New PAA-251

Configure the PingAccess agent for NGINX to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without reaching out to PingAccess for a decision.

Added eight new properties to the agent:

  1. agent.request.block.xss.characters

  2. agent.request.block.uri.characters

  3. agent.request.block.query.characters

  4. agent.request.block.form.characters

  5. agent.request.block.xss.http.status

  6. agent.request.block.uri.http.status

  7. agent.request.block.query.http.status

  8. agent.request.block.form.http.status

Learn more in the NGINX agent configuration page.

For large scale or more complex blocking decisions, it’s best practice for the agent to reach out to PingAccess for a decision.

PingAccess agent for NGINX 2.1.1 (November 2020)

Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.3.

Fixed issues that occurred after a request header modification

Fixed PAA-203

Fixed an issue that caused an invalid memory access and sometimes caused crashes after a request header modification by another NGINX module.

PingAccess agent for NGINX 2.1 (July 2020)

Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.3.

Added agent inventory callback API

New PAA-177

Added agent inventory callback API.

PingAccess agent for NGINX 2.0.2 (February 2020)

Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.2.1.

Set the max size of the received response header

New PAA-161

Added a configuration property to set the maximum size of the response header that can be received from a PingAccess policy server.

PingAccess agent for NGINX 2.0.1 (June 2019)

Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.2.0.

Fixed a potential security issue

Security

Fixed a potential security issue.

PingAccess agent for NGINX 2.0 (February 2019)

Use the NGINX HTTP stack to communicate with PingAccess policy servers

Improved

The PingAccess Agent for NGINX now leverages the built-in, event-driven HTTP stack in NGINX to communicate with PingAccess policy servers. Previously, the agent used its own HTTP client (implemented with libcurl) to communicate with PingAccess policy servers. In certain cases, this architecture lead to poor scalability. By using NGINX’s built-in, event-driven HTTP stack, the agent is able to achieve superior scalability over previous versions.

Fixed a potential security issue

Security

Fixed a potential security issue.

PingAccess agent for NGINX 1.1.1 (July 2017)

Start or stop NGINX using the systemctl command

New

Added support for starting and stopping NGINX using the systemctl command.

Fixed SSL connectivity issue

Fixed

Resolved issue with SSL connectivity.

PingAccess agent for NGINX 1.1 (March 2017)

NGINX certification requirements

Improved

Updated the agent to meet NGINX certification requirements.

PingAccess agent for NGINX 1.0 (January 2017)

Initial release

Info

Initial release of the PingAccess agent for NGINX.