Ping Identity Directory Server 8.3.0.0

Ping Identity Directory Server version 8.2.0.0 has just been released. I wrote about this release in detail on my personal blog, but here’s a summary of the changes:

Summary of Deprecated Functionality

  • Deprecate support for TLSv1 and TLSv1.1
  • Deprecate support for TLS cipher suites using SHA-1
  • Deprecate support for TLS cipher suites using RSA key exchange
  • Deprecate support for incremental backups

Summary of New Features and Enhancements

  • Add support for a FIPS 140-2-compliant mode
  • Added support for passphrase providers
  • Improve auditability for SCIM2 requests
  • Add support for join virtual attribute types
  • Add support for Admin Console SSO with alternative OpenID Connect providers
  • Add Admin Console support for collect-support-data and manage-profile generate-profile
  • Add a “must change password” account status notification type
  • Include an appropriate diagnostic message when successfully authenticating with an account in a “must change password” state
  • Allow updating ds-pwp-modifiable-state-json with other attributes and in transactions
  • Fix an issue preventing ds-pwp-modifiable-state-json from being updated in a multi-update extended operation
  • Add support for an AWS Secrets Manager cipher stream provider
  • Add support for dynamically loading a PKCS #11 provider
  • Add manage-certificates support for PKCS #11 key stores
  • Add support for setting up the server with certificates provided in PEM files
  • Add support for including custom tags in StatsD metric messages
  • Allow providing a JVM options cache for improved setup performance
  • Make manage-profile replace-profile more efficient when applying changes that require administrative actions
  • Reduce unnecessary escaping for non-ASCII characters in DNs
  • Reduce memory requirements for many command-line tools
  • Improve logging for multi-update extended operations
  • Include the Bouncy Castle library by default
  • Improve Admin Console logging when running in an external container
  • Add a remove-object-class-from-schema tool
  • Improve LDIF import performance and reduce the number of intermediate index files
  • Improve delete and modify performance with very large composite indexes
  • Improve performance for searches targeting dynamic groups via isMemberOf
  • Improve bind performance through the Directory Proxy Server in environments with many dynamic groups
  • Improve performance for very large exploded indexes when the index entry limit has been exceeded
  • Allow the purge expired data plugin to use multiple threads
  • Improve dbtest output for several subcommands
  • Minimize the conflict prevention details entry created for the uniqueness request control
  • Add an oid-lookup command-line tool
  • Add global ACIs for the LDAP assertion and permissive modify request controls
  • Allow forwarding the assured replication request control through the Directory Proxy Server by default
  • Allow the operation purpose request control to be used for operations in a transaction
  • Add support for alternative output formats in the ldap-result-code tool

Summary of Bug Fixes

  • Fix an issue that could allow users in a “must change password” state to issue requests
  • Prevent warning messages for unrecognized JVM vendors
  • Fix an issue that could prevent ds-pwp-modifiable-state-json changes from being replicated right away
  • Improve the logic for maintaining the entry-balancing global index
  • Fix an issue that could prevent setting up the server on old JVMs without support for 256-bit AES
  • Fix an issue that could interfere with manage-profile replace-profile when using a StatsD monitoring endpoint
  • Avoid entering lockdown mode when incorrectly believing that there were missed replication changes
  • Improve replication for dependent changes that may be received out of order
  • Fix an issue with incorrectly reporting that certain filters were not indexed
  • Prevent dsreplication status from listing offline servers under incorrect domains
  • Allow configuring cipher stream providers in Directory Proxy Server, Synchronization Server, and Metrics Engine
  • Fix an issue preventing manage-profile replace-profile from updating mirrored configuration
  • Prevent offline config change warnings when using manage-profile replace-profile
  • Update manage-profile replace-profile to preserve setup logs
  • Improve validation and behavior when configuring an explicit set of TLS cipher suites
  • Improve manage-profile replace-profile detection of changes to files not included in the server profile
  • Fix an issue when trying to update a topology server group with a server that already exists in that group
  • Fix issues with import-ldif with –addMissingRDNAttributes
  • Fix an issue with dsjavaproperties with –initialize and –jvmTuningParameter
  • Fix an issue that could prevent Sync failed ops log publishers from being removed
  • Improve the result code when trying to add an entry through the Directory Proxy Server when no backend servers are available or when adding entries with missing parents
  • Fix a potentially incorrect warning about duplicate jar files detected during startup
  • Fix an issue that could prevent Server SDK plugins from seeing all content in an add operation
  • Avoid a potential reverse DNS warning message during setup
  • Fix an issue that could cause the server to provide an incorrect estimate for the number of entries matching a filter using a composite index
  • Improve prompts when using dsreplication in interactive mode