Incompatible changes
Incompatible changes impact existing functionality and may affect your migration from a previous release. Before you upgrade, review these lists and make the appropriate changes to your scripts and plugins.
Changes in Web Agent 2024.3
NGINX binaries renamed
The operating system name in the downloadable NGINX binaries has been replaced with
Linux. A single build is now suitable for all NGINX versions and operating
systems.
-
Example formats for previous release:
web-agent-2023.11-NGINX_r30_Rhel7_64bit.zip
web-agent-2023.11-NGINX_r30_Rhel8_64bit.zip
web-agent-2023.11-NGINX_r30_Rhel9_64bit.zip
web-agent-2023.11-NGINX_r30_Ubuntu20_64bit.zip
web-agent-2023.11-NGINX_r30_Ubuntu22_64bit.zip -
Example format for this release:
web-agent-2024.3-NGINX_r30_Linux_64bit.zip
AES-256-GCM encryption
Because of the changes in Hardened security of agent secrets, drop-in software update to this release isn’t possible. Upgrade to this release from an earlier release is a major upgrade. Learn more in Upgrade.
Changes in Web Agent 2023.11
There are no incompatible changes in this release or any of its maintenance releases.
Changes in Web Agent 2023.6
Management of agent credentials
An encryption key in agent.conf is used to decrypt credentials for the
following properties:
-
Agent Profile Password -
Private Key Password -
Proxy Server Password
When decryption failed in previous releases, sometimes the agent attempted to use the encrypted form of the password. From this release, the agent does not attempt to use the encrypted form of the password.
Changes in Web Agent 2023.3
Changes in Web Agent 5.10
Regular expression pattern matching is platform-dependent
IIS agents use Windows libraries and ECMAScript-compatible regular expressions. Adapt the regular expression settings for IIS agents to account for this change.
Fragment redirect
From Web Agent 5.8.1, when
Enable Fragment Redirect
is true, the agent redirects the user back to the original resource using an
absolute URL. In previous Web Agent 5 versions, the agent redirects the user
using a relative URI.
Proxy rules that rely on fragment redirect to a relative URI, now result in a
redirect to a full URL. For example a redirect to /a/b#c results in the final URL
prot://host:port/a/b#c.
Ordered rules that rely on matching a plain URL followed by fully qualified alternatives can result in the fully qualified alternatives matching first.
Changes in Web Agent 5.9
AM 5.x.x EOL
AM 5.x.x has reached End of Life (EOL) and is no longer supported. For more information, refer to Ping Identity Product Support Lifecycle Policy | PingGateway and Agents.
Error logic for login time out in sessions
The fix for AMAGENTS-2717 changes the error logic that caused 403s to be seen on agent/cdsso-redirect or agent/custom-login-response when a user is redirected to authenticate, but then stays on the authentication page for longer than the default of 5 minutes.
This error could occur when a user logged out, was redirected for authentication by the agent, and then reopened the same browser the next day. Similarly, it could occur with a similar use case, on a mobile browser application.
Workarounds that were previously recommended, such as using non-default values for the following properties are no longer necessary or advised:
-
Profile Attributes Cookie Maxage -
Enable POST Data Preservation -
POST Data Entries Cache Period
To prevent problems, remove such workarounds from your configuration. If you have not customized these properties, no change is required.