Want the full details? Click the link below!
We know many of you have been waiting for this one — and it’s almost here.
PingCastle v3.5.1 is now available as a pre-release, and we’re inviting customers to get hands-on early. Your feedback at this stage makes a real difference in the quality of what we ship, so we’d love your help validating it early.
Note: If you encounter any issues, please report them via Support as usua, just make sure to mention you are on 3.5.1 pre-release so our team can handle it accordingly.
What’s New
Certificate Template Checks — Domain Computer Coverage (356993)
Certificate template checks now allow domain computers to trigger regardless of whether msds-machineaccountquota is set. This delivers more comprehensive coverage of certificate authentication configurations across varied domain setups.
Enhanced P-AdminLogin with Password Reset Logic (419348)
The P-AdminLogin check has been updated to include password reset logic, improving detection and reporting of admin accounts with outdated or concerning password patterns.
SID Added to Migration Dropdown (425582)
The migration feature now surfaces SID (Security Identifier) directly in the dropdown, making it easier to identify and select the right domains during migration operations.
Bug Fixes and Miscellaneous Updates
| ID | Title | Type | Escalation # | Escalation Summary |
|---|---|---|---|---|
| 360982 | Detailed Cartography: Expand after collapse shows error | Bug | — | Fixed console error when expanding nodes after collapse in domain cartography view |
| 408398 | Wrong links in Documentation part of report | Bug | 408398 | Documentation links corrected to point to valid resources |
| 410767 | Documentation of required roles | Bug | 410767 | Documentation has been updated with detailed role requirements |
| 413093 | “Wrong License” Text Update | Bug | — | Updated error message text for clarity |
| 414399 | Entra ID: No MFA Column | Bug | — | Added MFA status column to Entra ID reporting |
| 414458 | Edit User Role Info Icons different to others | Bug | — | Standardized icon styling in user role management UI |
| 414526 | Webhooks are unclear | Bug | — | Improved webhook configuration documentation and UI labels |
| 414538 | Editing an agent resets its last login date | Bug | — | Fixed agent editor to preserve last login timestamp |
| 414544 | User-Based Licensing Note | Bug | — | Clarified user-based licensing messaging |
| 414714 | Scheduler: Refresh page doesn’t work in Edge | Bug | — | Fixed page refresh functionality in Microsoft Edge browser |
| 414984 | Custom Rules: Type Info Icon shows no info | Bug | — | Restored tooltip information for custom rules type selector |
| 415122 | Password Change not required on email change | Security Fix | — | A security gap where users could change email without password reset has been fixed; password reset is now enforced when email address changes |
| 415128 | Configuration and Mapping of External Logins is broken | Bug | — | Critical functionality for external authentication was non-functional; fixed to restore external login support |
| 415708 | Creating external users with password vulnerability | Security Fix | — | External user accounts were being created with explicit passwords; system now enforces passwordless authentication for external users |
| 416037 | Fixing release 3.5 build pipeline | Task | — | Updated build configuration for release process |
| 416104 | Low privilege users able to see/create/delete Scheduler | Security Fix | — | A privilege escalation vulnerability allowed non-admin users to access scheduler; access controls have been tightened to administrators only |
| 416129 | Custom Rules Download still produces XML | Bug | — | Custom rules export was generating legacy XML format instead of current format; corrected output format |
| 417468 | appsettings.console.json is not generated on update | Escalation | 417468 | Configuration file missing after running updates; deployment process now properly generates required config files |
| 418050 | Update Trust Types | Bug | — | Refreshed trust relationship type definitions |
| 418327 | Configuration Migration doesn’t work | Bug | — | Restored configuration migration functionality between instances |
| 418334 | Exceptions | Bug | — | Fixed exception handling in scanner engine |
| 418509 | Honeypot exclusions are not working in 3.5.0.40 | Bug | 418509 | Honeypot exclusion functionality has been restored |
| 418730 | GitHub PR - Typo in LDAP Filter (BuiltinDomain) | Bug | — | LDAP filter contained typo affecting BuiltinDomain detection; filter syntax corrected |
| 419388 | Config missing after running manual scan | Escalation | 419388 | Manual scans were deleting configuration files; scan process now preserves configuration state |
| 419591 | All links to “stigviewer” are broken | Escalation | 419591 | Documentation links to external STIG viewer resource were incorrect; links updated to valid URLs |
| 420381 | PingCastle Auto-Updater breaks configurations (~80 servers) | Escalation | 420381 | CRITICAL: Auto-updater in versions 3.5.0.37+ was corrupting config files on affected servers; update mechanism rewritten to prevent data loss |
| 420428 | DC vulnerability (MS17-010) | Escalation | 420428 | Check for MS17-010 (EternalBlue) vulnerability missing reporting; added detection for unpatched domain controllers |
| 422097 | Scan entraID | Feature | 422097 | Entra ID scanning capability has been added |
| 422172 | PWDNeverExpires doesn’t account for recent password changes | Bug | — | Enhanced check to properly evaluate recently changed passwords |
| 422175 | Computer Analysis: Delegation confusion | Bug | — | Clarified delegation reporting in computer analysis |
| 422249 | Exclusions taking ages to add and delete for AD Risks | Bug | — | Bulk exception operations were causing performance degradation; optimized database queries for exception handling |
| 422878 | Exception not in use | Escalation | 422878 | Exceptions configured in the system were not being applied to scan results; exception filtering logic fixed |
| 423164 | Exception for Windows Server 2012 not working | Escalation | 423164 | Exceptions targeting Windows Server 2012 systems were being ignored; corrected version matching logic |
| 423476 | There is no delete API for reports | Bug | — | Added report deletion capability to REST API |
| 423757 | Slow speed for bulk exceptions on enterprise | Bug | — | Optimized bulk exception operations for large environments |
| 423914 | Pingcastle exception | Bug | 423914 | Exception handling has been improved |
| 424072 | Remove AI-assisted taglines from public repo | Task | — | Cleaned up source code comments in public GitHub repository |
| 425012 | Create domain action plan gives blank page | Bug | — | Fixed UI blank page error when generating domain action plans |
| 425072 | Changes to Multi-Schema UI | Bug | — | Multi-domain schema UI was not properly reflecting recent changes; UI state management corrected |
| 425245 | KB Scanner Slow in Compute Risks | Bug | — | Optimized knowledge base scanning performance |
| 426194 | Error opening file “ad_gc_rules_3.5.0.44.xlsx” | Escalation | 426194 | Custom rules file download was corrupted or inaccessible; file generation and delivery pipeline repaired |
| 426386 | S-AesNotEnabled - RC4 deprecation score issue | Escalation | 426386 | RC4 deprecation check (S-AesNotEnabled) was returning incorrect scores due to algorithm change; scoring logic updated for RC4 phase-out |
| 426591 | Slow Migration for high numbers of domains | Bug | — | Improved migration performance for multi-domain environments |
| 426793 | Bulk import: Reapply exceptions is dead slow | Escalation | 426793 | CRITICAL: Bulk exception reapplication operations timing out on large datasets; rewrote batch processing to use async operations |
| 431913 | SMTP configuration in appsettings.console.json not being read | Bug | — | Fixed configuration file parsing for console SMTP settings |
| 432143 | appsettings.console.json missing from download links | Bug | — | Console configuration file was not included in downloads; added to package manifest |
| 433142 | Bulk actions crash Enterprise with large domains | Bug | — | Bulk operations crashing when processing very large Active Directory domains; optimized memory handling and added pagination |
Need help with this update?
There are many different ways to get help with our products!
| Situation | Action |
|---|---|
| If you feel the product is broken and not working as intended… | Contact Support |
| If you have a question you’d like to ask other experts… | Create a discussion in the community: PingCastle > Discussions & Questions |
| If you have a feature request… | Let our product team know directly: PingCastle > Ideas |
| If you have something cool to show… | Show everyone what you built: PingCastle > Show & Tell |
What are your thoughts?
We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!