Ping Identity Directory Server version 8.3.0.0 has just been released. I wrote about this release in detail on my personal blog, but here’s a summary of the changes:
Summary of Deprecated Functionality
- Deprecate support for TLSv1 and TLSv1.1
- Deprecate support for TLS cipher suites using SHA-1
- Deprecate support for TLS cipher suites using RSA key exchange
- Deprecate support for incremental backups
Summary of New Features and Enhancements
- Add support for a FIPS 140-2-compliant mode
- Added support for passphrase providers
- Improve auditability for SCIM2 requests
- Add support for join virtual attribute types
- Add support for Admin Console SSO with alternative OpenID Connect providers
- Add Admin Console support for collect-support-data and manage-profile generate-profile
- Add a “must change password” account status notification type
- Include an appropriate diagnostic message when successfully authenticating with an account in a “must change password” state
- Allow updating ds-pwp-modifiable-state-json with other attributes and in transactions
- Fix an issue preventing ds-pwp-modifiable-state-json from being updated in a multi-update extended operation
- Add support for an AWS Secrets Manager cipher stream provider
- Add support for dynamically loading a PKCS #11 provider
- Add manage-certificates support for PKCS #11 key stores
- Add support for setting up the server with certificates provided in PEM files
- Add support for including custom tags in StatsD metric messages
- Allow providing a JVM options cache for improved setup performance
- Make manage-profile replace-profile more efficient when applying changes that require administrative actions
- Reduce unnecessary escaping for non-ASCII characters in DNs
- Reduce memory requirements for many command-line tools
- Improve logging for multi-update extended operations
- Include the Bouncy Castle library by default
- Improve Admin Console logging when running in an external container
- Add a remove-object-class-from-schema tool
- Improve LDIF import performance and reduce the number of intermediate index files
- Improve delete and modify performance with very large composite indexes
- Improve performance for searches targeting dynamic groups via isMemberOf
- Improve bind performance through the Directory Proxy Server in environments with many dynamic groups
- Improve performance for very large exploded indexes when the index entry limit has been exceeded
- Allow the purge expired data plugin to use multiple threads
- Improve dbtest output for several subcommands
- Minimize the conflict prevention details entry created for the uniqueness request control
- Add an oid-lookup command-line tool
- Add global ACIs for the LDAP assertion and permissive modify request controls
- Allow forwarding the assured replication request control through the Directory Proxy Server by default
- Allow the operation purpose request control to be used for operations in a transaction
- Add support for alternative output formats in the ldap-result-code tool
Summary of Bug Fixes
- Fix an issue that could allow users in a “must change password” state to issue requests
- Prevent warning messages for unrecognized JVM vendors
- Fix an issue that could prevent ds-pwp-modifiable-state-json changes from being replicated right away
- Improve the logic for maintaining the entry-balancing global index
- Fix an issue that could prevent setting up the server on old JVMs without support for 256-bit AES
- Fix an issue that could interfere with manage-profile replace-profile when using a StatsD monitoring endpoint
- Avoid entering lockdown mode when incorrectly believing that there were missed replication changes
- Improve replication for dependent changes that may be received out of order
- Fix an issue with incorrectly reporting that certain filters were not indexed
- Prevent dsreplication status from listing offline servers under incorrect domains
- Allow configuring cipher stream providers in Directory Proxy Server, Synchronization Server, and Metrics Engine
- Fix an issue preventing manage-profile replace-profile from updating mirrored configuration
- Prevent offline config change warnings when using manage-profile replace-profile
- Update manage-profile replace-profile to preserve setup logs
- Improve validation and behavior when configuring an explicit set of TLS cipher suites
- Improve manage-profile replace-profile detection of changes to files not included in the server profile
- Fix an issue when trying to update a topology server group with a server that already exists in that group
- Fix issues with import-ldif with –addMissingRDNAttributes
- Fix an issue with dsjavaproperties with –initialize and –jvmTuningParameter
- Fix an issue that could prevent Sync failed ops log publishers from being removed
- Improve the result code when trying to add an entry through the Directory Proxy Server when no backend servers are available or when adding entries with missing parents
- Fix a potentially incorrect warning about duplicate jar files detected during startup
- Fix an issue that could prevent Server SDK plugins from seeing all content in an add operation
- Avoid a potential reverse DNS warning message during setup
- Fix an issue that could cause the server to provide an incorrect estimate for the number of entries matching a filter using a composite index
- Improve prompts when using dsreplication in interactive mode