INC-194287 · Issue 681065
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.7
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-196414 · Issue 684238
OAuth token refreshed when revoked on source
Resolved in Pega Version 8.7
When an OAuth token was used to authorize the APIs in the system, revoking the token at the source, i.e. from the Service side, did not automatically refresh the token and a logoff/logon was required before a fresh token was generated. This has been resolved by adding an update to explicitly purge revoked tokens.
INC-196431 · Issue 684886
Refresh assignment checks updated
Resolved in Pega Version 8.7
Additional privilege checks have been added to refresh assignment.
INC-199303 · Issue 690629
Guided Tour working from Actions menu
Resolved in Pega Version 8.7
After updating from Pega 8.4 to Pega 8.5, "Manage a Guided Tour" was no longer working under a local action when called from the Actions menu on a work object. An unspecified error message appeared in the tracer. Investigation showed there was a null pointer error caused by the menu being invoked on an invalid page, and this was traced to updated authentication requirements: registration at the portal is not reliable as it is thread-scoped and run only once. The thread name is not guaranteed to stay the same so subsequent invocations of the tour activities failed. This has been resolved by modifying the call registration function to handle the security issues related to the generation of the menu path.
INC-200299 · Issue 689561
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-204897 · Issue 695409
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.7
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-137009 · Issue 581892
Ad hoc reports saved successfully in private categories
Resolved in Pega Version 8.5.1
After upgrade, an error was seen when attempting to save an ad hoc report in a private category. Saving in a public category worked as expected. This was traced to the Rule-Shortcut.Validate activity, which attempted to use the Rule-Shortcut's RuleSet to find the Rule-Category. To resolve the saving issue, the Rule-Shortcut.Validate activity has been updated to do an Obj-Open on the Category instead.
INC-136643 · Issue 583367
Orphaned CSS reference removed from DisplayReport harness
Resolved in Pega Version 8.5.1
An intermittent invalid CSS error was appearing in the DisplayReport harness when an operation resulted in the regeneration of the harness content. This was traced to a reference to the workform_pyReportingSkin CSS, which was used in old reporting features and is not in use anymore. The reference has been removed to resolve this issue.
INC-131942 · Issue 574321
Orphaned CSS reference removed from DisplayReport harness
Resolved in Pega Version 8.5.1
An intermittent invalid CSS error was appearing in the DisplayReport harness when an operation resulted in the regeneration of the harness content. This was traced to a reference to the workform_pyReportingSkin CSS, which was used in old reporting features and is not in use anymore. The reference has been removed to resolve this issue.
INC-135719 · Issue 580691
Corrected reference exception for filter on a grid sourced from a parameterized report definition
Resolved in Pega Version 8.5.1
An Invalid Reference Exception was thrown after attempting to apply a filter on a grid sourced from a parameterized report definition. This was traced to work done to allow cross-scripting filters to allow filters to contain special characters, and has been resolved.