SR-D85653 · Issue 548600
Repaired Tracer use with Google Chrome
Resolved in Pega Version 8.5
After running Tracer while using Chrome, closing it and trying to run another resulted in an error indicating "Cannot Launch multiple tracer sessions for a requestor". This was identified as a bug with Google Chrome Versions greater than 70 and was caused by Chrome deprecating the use of sync XHR on page dismissal, and has been resolved by modifying the system to use a beacon API instead.
INC-173162 · Issue 650795
Certificate match will use Subject Distinguished Name
Resolved in Pega Version 8.7
Signature verification was failing due to the system not finding the matching root certificate for the chain. The root certificate was in the trust store, but the system found a different certificate first and that other certificate (an intermediate certificate) was not considered a valid certificate for validating the whole certificate chain. This was traced to filtering on the Issuer Distinguished Name (DN) instead of the Subject DN and was due to intermediate certificates potentially having the same Issuer as a root certificate (e.g. if that root certificate was used to create the intermediate certificate). To resolve this, an update has been made to check the Subject DN instead of Issuer DN.
INC-174625 · Issue 655242
Admin Studio will consider cluster protocol when returning listener status
Resolved in Pega Version 8.7
When using a few nodes in standalone mode for BIX extract combined with server nodes using Hazelcast, opening the admin studio pages with service discovery caused an error to be thrown. This was traced to the system writing an entry to pr_sys_statusnodes table as an embedded node whenever a BIX extract was triggered, causing those standalone nodes to be incorrectly considered by the listener landing page. This has been resolved by configuring the system to either return the local member when the cluster protocol is standalone or to return all Hazelcast members if the cluster protocol is Hazelcast.
INC-148154 · Issue 602922
Hot Fix Manager updated to use installation order for schema import
Resolved in Pega Version 8.4.4
Schema changes were not being imported during the hot fix manager DL import process. Investigation showed this was due to hotfixes in the DL being iterated over from newest to oldest, causing older hotfixes to replace the value added to a map by the newer. To resolve this, the system has been updated to use hotfix install order, which considers selected and dependent hotfixes, rather than ordering newest to oldest. This ensures that newer table representations will override older rather than the other way around.
INC-181941 · Issue 664808
Handling added for using virtual network interface for Stream Services startup
Resolved in Pega Version 8.7
After update, the restart of any node failed with the error "Unable to create DSM service DATA-DECISION-SERVICE-STREAMSERVER DEFAULT". This has been resolved by adding support for allowing stream service to start on the virtual network interface in cases where it was explicitly configured via the "cluster/hazelcast/interface".
SR-D78274 · Issue 544093
Handling added for dual privileges with MSSQL
Resolved in Pega Version 8.5
After setting up dual privileges, the Admin user was able to create a table but the base user received an "insufficient privileges" error. Investigation showed this was an issue when using MSSQL: the generated grant statements used the server login name as the user in the grant statement, instead of the database user. For all other databases, the username passed into the connection is the correct user to use for grants. Only MSSQL has a distinction between this connection user name (the login) and the database user, and since the login did not exist in the user table, the grant failed. To resolve this, when MSSQL is used, the system will fetch the underlying database user when determining the user for grant statement generation.
SR-D92837 · Issue 551006
SameSite cookie setting updated for pre-authentication
Resolved in Pega Version 8.5
In work done in previous versions to modify the SameSite cookie handling to support Mashups in Google Chrome v80+, SameSite was set to None only in case of an authenticated Pega-RULES cookie and not for a Pre-authenticated cookie. That caused the Samesite value to not be set when using a pre-authenticated cookie, and the blank value was treated as 'Lax', causing a login challenge. To resolve this, Samesite will be set to 'None' when using pre-authenticated cookie, which will match the way it is being set in authenticated cookie.
SR-D89002 · Issue 549103
SameSite cookie setting updated for pre-authentication
Resolved in Pega Version 8.5
In work done in previous versions to modify the SameSite cookie handling to support Mashups in Chrome v80+, SameSite was set to None only in case of an authenticated Pega-RULES cookie and not for a Pre-authenticated cookie. That caused the Samesite value to not be set when using a pre-authenticated cookie, and the blank value was treated as 'Lax', causing a login challenge. To resolve this, Samesite will be set to 'None' when using pre-authenticated cookie, which will match the way it is being set in authenticated cookie.
SR-D79479 · Issue 549779
SameSite cookie setting updated for pre-authentication
Resolved in Pega Version 8.5
In work done in previous versions to modify the SameSite cookie handling to support Mashups in Google Chrome v80+, SameSite was set to None only in case of an authenticated Pega-RULES cookie and not for a Pre-authenticated cookie. That caused the Samesite value to not be set when using a pre-authenticated cookie, and the blank value was treated as 'Lax', causing a login challenge. To resolve this, Samesite will be set to 'None' when using pre-authenticated cookie, which will match the way it is being set in authenticated cookie.
SR-D63727 · Issue 531725
Authorization header base 64 format error recategorized as debug logging
Resolved in Pega Version 8.5
Numerous messages were generated indicating that the Authorization Header format was invalid when using the format " : " (Base64 Og==) . As this is the default behavior for a particular class of proxy servers, the error statement has been updated to be logged as a debug statement and will be visible only when that logging is enabled.