INC-219995 · Issue 717159
Security update enhanced to support custom implementations of InvokeAxis2
Resolved in Pega Version 8.7.2
The QueueProcessor activity indirectly invokes a Connect-SOAP. After installing the Security A22 patch, custom implementations on InvokeAxis2 reported runtime failure. This has been resolved by replacing reflection library use with explicit type checking and casting to get the array length in step 14 of InvokeAxis2.
INC-220031 · Issue 717168
Security update enhanced to support custom implementations of InvokeAxis2
Resolved in Pega Version 8.7.2
The QueueProcessor activity indirectly invokes a Connect-SOAP. After installing the Security A22 patch, custom implementations on InvokeAxis2 reported runtime failure. This has been resolved by replacing reflection library use with explicit type checking and casting to get the array length in step 14 of InvokeAxis2.
INC-219627 · Issue 715994
InvokeHTTPConnector security updated
Resolved in Pega Version 8.7.2
"Allow invocation from browser" has been disabled for InvokeHTTPConnector, and "Require authentication to run" has been enabled. In addition, an unsafe reflection used to load JCIFS libraries for NTLM operations has been removed, which removes support for custom JCIFS libraries in Connect HTTP.
INC-211480 · Issue 712418
Handling added updates involving Oracle descending column
Resolved in Pega Version 8.7.2
The build was failing when attempting to update to Pega 8.6, and an error indicating an issue with Oracle columns was generated. Investigation showed that when a column changed that belonged to an index which had a 'desc' column (even if the changed column was not specified as desc), an Oracle restriction was triggered. This occurred with any column size increase if the column participated in an index containing a descending column or a function index. This has been resolved by adding a step to drop the index before altering the column if a Descending index is involved, and to catch the case where the resized index is part of an index that has a descending column but is not necessarily a descending column itself.
INC-202793 · Issue 698506
Corrected malformed URL
Resolved in Pega Version 8.7.2
The function used in the session timer to log off the user was not working consistently, and attempting to discard a checked-out delegated Rule did discard the rule. Both issues reported the error "HTTP Status 400 - Bad request". This was traced to a badly formed URL, and has been resolved by wrapping the URL with SafeURL_createFromURL.
INC-216261 · Issue 714413
Cases processed during archiving
Resolved in Pega Version 8.7.2
Cases were not being properly processed during archiving. This was traced to a missing pxObjClass in the clipboard page when the work index was being deleted, and has been resolved by adding pxObjClass to the clipboard page before sending the request for deletion.
INC-207009 · Issue 701555
Explicit expiration added to avoid searching for expired requestor
Resolved in Pega Version 8.7.2
A login page was taking long time to display. This was traced to pre-authentication cookie in the browser pointing to the requestor object on the server which triggered a lookup across the entire cluster of servers to find the requestor. This was not only taking time, but the attempt to find the requestor in the cluster would always fail to return results as the requestor was not passivated but instead removed after two minutes. To resolve this, an expiration has been added to the Pega-RULES cookie when the value is pre-authenticated. The time to expire is derived based on the short-lived requestor time for unauthenticated requestors + 1 minute, and will be 2 minutes by default. This will avoid searching for a requestor across all nodes in cluster when the requestor has already timed out and been destroyed by server.
INC-199320 · Issue 696941
Corrected duplicate record error message
Resolved in Pega Version 8.7.1
When inserting a duplicate record in a grid, the error was shown at the harness level instead of the record level. This was traced to the error messages being removed from the step page, and has been resolved by updating the system so messages will not be cleared if the same value is being set.
INC-211101 · Issue 709879
ClipboardPageImpl handling updated for virtual list variable mRepresentativeRow
Resolved in Pega Version 8.7.2
A Concurrent Modification exception was seen after update. This was traced to the ClipboardPageImpl use of a virtual list variable "mRepresentativeRow" in the "InMemoryStringTable" class's method where it was iterating the "InMemoryStringTable" while the same list("InMemoryStringTable") was being modified by another thread at the same time. This has been resolved by modifying the Java file InMemoryStringTable to create a copy of the variable mRepresentativeRow to make sure that while iterating over it, the application will iterate only on a copied variable and not the original variable to prevent the concurrent modification exception.
INC-207307 · Issue 709715
Corrected OAuth jar version for custom Keystore rule
Resolved in Pega Version 8.7.2
Attempting to create a custom JKS and Keystore rule so it could be pointed to the Pega cipher and use the encrypt and decrypt functionalities failed with an error indicating it was not a valid KMS keystore. This was traced to an issue with a jar version mismatch: upon checking the dependencies for the nimbus-oauth-sdk jar, even though version 6.18.1 was specified the system picked the 8.27 version through transitive dependencies, and the 8.27 version doesn't have the needed CommonContentTypes class. This has been resolved by reducing the version to 6.18.1 in conflicting build.gradle.