SR-D76492 · Issue 549969
Added check for test case creation when Cross-site scripting security enabled
Resolved in Pega Version 8.5
Test case creation was failing. Investigation showed that when the "Cross-Site Request Forgery" security setting was enabled, the CSRF token and Browser fingerprint were not included in AJAX calls, and the Ruleinskey was not getting passed. This has been resolved by adding a check to evaluate whether security measures are included or not when making a server call from AJAX, and including the tokens required when appropriate.
SR-D79397 · Issue 546416
Rule-Utility-Function references updated with library information
Resolved in Pega Version 8.5
The "changeSystemName” operation failed. This was traced to the function “getLocalizedValue” (Rule-Utility-Function) being saved into the PegaFS library due to runtime resolution based on the function signature even though the actual Rule-Utility-Function from “Pega-Rules” ruleset needed to be picked in this case. To ensure the correct ruleset is picked, Rule-Utility-Function references have been updated with library information to resolve the resolution collision scenario.
SR-D52138 · Issue 537506
Property setting corrected for On Join and Exclusion shapes in Expression Builder
Resolved in Pega Version 8.5
The properties for the defined page did not appear when using the type-ahead feature to select properties for the On Data Join and Exclusion shapes in Expression Builder. This was an issue related to the property being referenced for setting the context in the expression builder, and has been corrected.
SR-D67316 · Issue 541205
Cross-site scripting protection for PegaRULESMove_Skimming_Query
Resolved in Pega Version 8.5
Cross-site scripting protection has been added for input parameter toRSV of the activity PegaRULESMove_Skimming_Query.
SR-D85653 · Issue 548600
Repaired Tracer use with Google Chrome
Resolved in Pega Version 8.5
After running Tracer while using Chrome, closing it and trying to run another resulted in an error indicating "Cannot Launch multiple tracer sessions for a requestor". This was identified as a bug with Google Chrome Versions greater than 70 and was caused by Chrome deprecating the use of sync XHR on page dismissal, and has been resolved by modifying the system to use a beacon API instead.
SR-D54319 · Issue 532528
API added to sync presence with requestor to clear inactive operator sessions
Resolved in Pega Version 8.5
An intermittent error message was seen indicating the maximum number of active sessions for the current operator had been reached even though there were not multiple logins and there was no requestor displayed in the requestor management landing page. This was traced to sessions that were not properly closed and cleared, and has been resolved by exposing an API that will sync the presence record with the requestor state so inactive sessions will be cleared.
SR-D64608 · Issue 544388
Corrected filedownload extension header issue
Resolved in Pega Version 8.5
Filedownload header contained plain non-ascii characters which caused a security violation issue. This has been resolved by removing the filedownload header from the HTTP response when the sendfile API is used with inputstream to download a file.
SR-D56527 · Issue 538304
DSS PegaAESREmoteResetTableStats set to false
Resolved in Pega Version 8.5
In order to prevent an issue with resetting table stats that potentially impacts postgres in an unintended fashion, the DSS PegaAESREmoteResetTableStats has been set to false.
SR-D64408 · Issue 530282
Stacktrace will be generated for oLog errors
Resolved in Pega Version 8.5
In order to provide improved diagnostics, oLog errors will print stacktraces.
SR-D76861 · Issue 544606
Job Scheduler will be stopped by node shutdown detection
Resolved in Pega Version 8.5
LifeCycle Job Scheduler was trying to start already stopped background services during node shutdown, causing exceptions to be logged. This has been resolved by stopping Job Scheduler execution when node shutdown is detected.