INC-199192 · Issue 689038
Check added to ensure StepPage generation for Top keyword
Resolved in Pega Version 8.6.4
A ClassCastException was thrown when top page is used, indicating "com.pega.pegarules.data.internal.clipboard.ClipboardPropertyImpl cannot be cast to com.pega.pegarules.pub.clipboard.ClipboardPage". This has been resolved by adding a check which will generate a myStepPage for Keyword "Top" as necessary.
INC-199341 · Issue 694714
Content-type values made consistent
Resolved in Pega Version 8.6.4
The content-type for service APIs was returned as 'text' for 401 errors when using a custom authentication type instead of the parent-type/child-type format such as text/plain, text/html, application/json, etc. This has been corrected.
INC-202183 · Issue 699683
ClusterAndDBCleaner updated to with with Oracle query limits
Resolved in Pega Version 8.6.4
The pzClusterAndDBCleaner job scheduler was not able to cleanup data in pr_op_data session table due to the delete query formed to clean up this table throwing "ora-01795 maximum number of expressions in a list is 1000 oracle 19c" exception. This has been resolved by splitting requestor IDs into batches of 1000.
INC-204998 · Issue 705630
Data page definition reload made more robust
Resolved in Pega Version 8.6.4
The data page was intermittently being removed from the cache. This was traced to the use of a thread from ThreadContainer to reload the data page definition: a null thread could be returned if the request came from a master agent, which would then cause the definition reload to fail. This has been resolved by updating the system to use the current thread in context to reload the data page definition.
INC-207009 · Issue 701554
Explicit expiration added to avoid searching for expired requestor
Resolved in Pega Version 8.6.4
A login page was taking long time to display. This was traced to pre-authentication cookie in the browser pointing to the requestor object on the server which triggered a lookup across the entire cluster of servers to find the requestor. This was not only taking time, but the attempt to find the requestor in the cluster would always fail to return results as the requestor was not passivated but instead removed after two minutes. To resolve this, an expiration has been added to the Pega-RULES cookie when the value is pre-authenticated. The time to expire is derived based on the short-lived requestor time for unauthenticated requestors + 1 minute, and will be 2 minutes by default. This will avoid searching for a requestor across all nodes in cluster when the requestor has already timed out and been destroyed by server.
INC-208207 · Issue 702799
GET API will consider case locking mechanism
Resolved in Pega Version 8.6.4
After update, performing a GET call on an assignment was unexpectedly locking the case. This was traced to a difference in handling: Pega 8.3 performed an Obj-Open-By-Handle of the workobject without acquiring a lock, while Pega 8.6 calls Assign-.acquireWorkObject which acquires a lock on the work object thereby affecting the other requestors from accessing the case. This has been resolved by enabling ConsiderLockingMode to independently determine the locking mechanism set for the case type.
INC-208366 · Issue 701894
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.4
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-208424 · Issue 704598
Custom header character encoding for Subject added
Resolved in Pega Version 8.6.4
Case correspondence that contained a Subject with accent characters such as "Invitation à être" was being rejected by MailJet on the basis of encoding issues on the "Thread-Topic" when using custom headers. The error "BAD HEADER SECTION, Non-encoded non-ASCII data (and not UTF-8)" was generated. This was traced to the Send Email Smart Shape handling when using custom headers, and has been resolved by encoding the Subject before appending it to the Thread-topic header while adding custom headers.
INC-208516 · Issue 700979
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.4
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-208556 · Issue 702174
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.4
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .