SR-D92837 · Issue 551006
SameSite cookie setting updated for pre-authentication
Resolved in Pega Version 8.5
In work done in previous versions to modify the SameSite cookie handling to support Mashups in Google Chrome v80+, SameSite was set to None only in case of an authenticated Pega-RULES cookie and not for a Pre-authenticated cookie. That caused the Samesite value to not be set when using a pre-authenticated cookie, and the blank value was treated as 'Lax', causing a login challenge. To resolve this, Samesite will be set to 'None' when using pre-authenticated cookie, which will match the way it is being set in authenticated cookie.
SR-D89002 · Issue 549103
SameSite cookie setting updated for pre-authentication
Resolved in Pega Version 8.5
In work done in previous versions to modify the SameSite cookie handling to support Mashups in Chrome v80+, SameSite was set to None only in case of an authenticated Pega-RULES cookie and not for a Pre-authenticated cookie. That caused the Samesite value to not be set when using a pre-authenticated cookie, and the blank value was treated as 'Lax', causing a login challenge. To resolve this, Samesite will be set to 'None' when using pre-authenticated cookie, which will match the way it is being set in authenticated cookie.
SR-D79479 · Issue 549779
SameSite cookie setting updated for pre-authentication
Resolved in Pega Version 8.5
In work done in previous versions to modify the SameSite cookie handling to support Mashups in Google Chrome v80+, SameSite was set to None only in case of an authenticated Pega-RULES cookie and not for a Pre-authenticated cookie. That caused the Samesite value to not be set when using a pre-authenticated cookie, and the blank value was treated as 'Lax', causing a login challenge. To resolve this, Samesite will be set to 'None' when using pre-authenticated cookie, which will match the way it is being set in authenticated cookie.
SR-D63727 · Issue 531725
Authorization header base 64 format error recategorized as debug logging
Resolved in Pega Version 8.5
Numerous messages were generated indicating that the Authorization Header format was invalid when using the format " : " (Base64 Og==) . As this is the default behavior for a particular class of proxy servers, the error statement has been updated to be logged as a debug statement and will be visible only when that logging is enabled.
INC-196447 · Issue 684644
Enhancements added for external Kafka Stream Service
Resolved in Pega Version 8.7
To ensure data privacy when using multi-tenant Stream Service hosted on a single Kafka cluster, access will be authorized based on ACLs when a tenant sends direct requests to Kafka. In addition, all Kafka resources (topics and consumer groups) are now able to contain a prefix naming convention which can be used for tenants. This is handled through using a <env name="services/stream/name/pattern" value="{tenant.name}-{environment}-{stream.name}"/> prconfig setting to set the stream name pattern. For example, if the tenant.name is resolved into "companyname", environment into "prod1", and the stream dataset name is pyFTSIncrementalIndexer, then the Topic name created on the external Kafka will be companyname-prod1-pyFTSIncrementalIndexer.
SR-A14359 · Issue 232227
Context-aware paths for SMA jmxclient.css and global.js files
Resolved in Pega Version 7.2.1
In some cases the jmxclient.css and global.js files were not found when running SMA due to the use of relative path names. The path names have now been made context-aware.
SR-D64608 · Issue 544388
Corrected filedownload extension header issue
Resolved in Pega Version 8.5
Filedownload header contained plain non-ascii characters which caused a security violation issue. This has been resolved by removing the filedownload header from the HTTP response when the sendfile API is used with inputstream to download a file.
INC-196415 · Issue 686313
Performance improvements for revalidate and save
Resolved in Pega Version 8.7
In order to improve performance when working with very large numbers of class definitions, an update has been made to optimize the revalidate and save process by avoiding looking up all classes on the system instead using ClassDefinition for existence and checking ancestor data to ensure class is a Rule- or Data- descendant.
SR-D70872 · Issue 545857
Kerberos authentication parameters propagated for deployment
Resolved in Pega Version 8.5
Attempting to perform a deployment using Kerberos authentication to an Oracle database failed with an authentication error. This was traced to the java system properties (for example, -Dname=value) required by the Oracle JDBC driver for Kerberos authentication intermittently not being set when connections were being made to the database. When they were not being set, the connection would fail due to authentication. This has been resolved by ensuring the java system properties (-D's) that were provided to the 'custom.jvm.properties' property in the collection of deployment related *.properties files are being propagated to every part of the deployment scripts.
SR-A15710 · Issue 236472
Improved BIX extract handling for multiple active agents
Resolved in Pega Version 7.2.1
When multiple agents were scheduled to run extracts at the same time by utilizing pxExtractDataWithArgs, there was intermittent failure in creating the manifest files. The BIX log would not contain an entry for the files being created, no error was displayed, and agents sometimes needed to be restarted. This was an issue with incomplete extraction of the output data and manifest files due to the PAL timer overriding the current thread context as it handled each of the multiple calls. To resolve this, the previous static variables used to store thread and requester instances have been made private to ensure reliability when handling parallel extracts and simultaneous runs.