INC-210059 · Issue 706889
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.4
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-210771 · Issue 708811
Updated access group handling for CurrentWorkPool property
Resolved in Pega Version 8.6.4
After update, the pxThread.pxCurrentWorkPool property was not properly populated in App Requestors when the activity was called from Rest service. This was caused by a difference in the authentication check after a security modification, and has been resolved.
INC-211101 · Issue 709878
ClipboardPageImpl handling updated for virtual list variable mRepresentativeRow
Resolved in Pega Version 8.6.4
A Concurrent Modification exception was seen after update. This was traced to the ClipboardPageImpl use of a virtual list variable "mRepresentativeRow" in the "InMemoryStringTable" class's method where it was iterating the "InMemoryStringTable" while the same list("InMemoryStringTable") was being modified by another thread at the same time. This has been resolved by modifying the Java file InMemoryStringTable to create a copy of the variable mRepresentativeRow to make sure that while iterating over it, the application will iterate only on a copied variable and not the original variable to prevent the concurrent modification exception.
INC-211178 · Issue 704593
Decimal parameters retain null value instead of being set to 0
Resolved in Pega Version 8.6.4
When mapping any data in 8.6+, if the source is a decimal property rule and the target is a parameter defined as decimal, the decimal parameter's value will be 0 if the source property is null. This was a behavior change from previous versions of Pega where the target parameter would be null. This has been resolved by changing the code generation for the read operation on the parameter decimal type assignment to use resolveToString() instead of calling resolveToBigDecimal() so a null value is retained..
INC-211292 · Issue 705886
Updated handling for last_access to improve backwards compatibility
Resolved in Pega Version 8.6.4
After update from Pega 8.3 to Pega 8.6, many errors were seen in the logs regarding the call of the Pega API /api/v1/nodes/all/requestors. In 8.3, the API was responding with the field last_access populated properly, but this field was blank in the new version. This was an unintended consequence of work done to resolve inconsistencies with the date format in Admin Studio, and has been resolved.
INC-211480 · Issue 712419
Handling added updates involving Oracle descending column
Resolved in Pega Version 8.6.4
The build was failing when attempting to update to Pega 8.6, and an error indicating an issue with Oracle columns was generated. Investigation showed that when a column changed that belonged to an index which had a 'desc' column (even if the changed column was not specified as desc), an Oracle restriction was triggered. This occurred with any column size increase if the column participated in an index containing a descending column or a function index. This has been resolved by adding a step to drop the index before altering the column if a Descending index is involved, and to catch the case where the resized index is part of an index that has a descending column but is not necessarily a descending column itself.
INC-211599 · Issue 708542
Data page definition reload made more robust
Resolved in Pega Version 8.6.4
The data page was intermittently being removed from the cache. This was traced to the use of a thread from ThreadContainer to reload the data page definition: a null thread could be returned if the request came from a master agent, which would then cause the definition reload to fail. This has been resolved by updating the system to use the current thread in context to reload the data page definition.
INC-212729 · Issue 695025
ClusterAndDBCleaner updated to with with Oracle query limits
Resolved in Pega Version 8.6.4
The pzClusterAndDBCleaner job scheduler was not able to cleanup data in pr_op_data session table due to the delete query formed to clean up this table throwing "ora-01795 maximum number of expressions in a list is 1000 oracle 19c" exception. This has been resolved by splitting requestor IDs into batches of 1000.
INC-212900 · Issue 711001
ADLS/File listener support added
Resolved in Pega Version 8.6.4
Azure Data Lake Storage type support has been added for file listener usecases.
INC-213308 · Issue 712075
Fallback added for missing fileName in MultipartHTTPResponse
Resolved in Pega Version 8.6.4
Given a multipart/form-data response with multiple attachments, when there was no explicit fileName header provided for a body part, the engine skipped processing the part and no data was present on pyRequestAttachmentPage. This has been resolved by adding a fallback in HTTPClientUtils#handleMultipartHTTPResponse() so that if no fileName is present, the 'name' parameter of the Content-Disposition header field will be used.