INC-194287 · Issue 681065
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.7
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-196414 · Issue 684238
OAuth token refreshed when revoked on source
Resolved in Pega Version 8.7
When an OAuth token was used to authorize the APIs in the system, revoking the token at the source, i.e. from the Service side, did not automatically refresh the token and a logoff/logon was required before a fresh token was generated. This has been resolved by adding an update to explicitly purge revoked tokens.
INC-196431 · Issue 684886
Refresh assignment checks updated
Resolved in Pega Version 8.7
Additional privilege checks have been added to refresh assignment.
INC-199303 · Issue 690629
Guided Tour working from Actions menu
Resolved in Pega Version 8.7
After updating from Pega 8.4 to Pega 8.5, "Manage a Guided Tour" was no longer working under a local action when called from the Actions menu on a work object. An unspecified error message appeared in the tracer. Investigation showed there was a null pointer error caused by the menu being invoked on an invalid page, and this was traced to updated authentication requirements: registration at the portal is not reliable as it is thread-scoped and run only once. The thread name is not guaranteed to stay the same so subsequent invocations of the tour activities failed. This has been resolved by modifying the call registration function to handle the security issues related to the generation of the menu path.
INC-200299 · Issue 689561
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-204897 · Issue 695409
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.7
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-183960 · Issue 675870
Condition check added to trigger search update
Resolved in Pega Version 8.6.4
Following work done to update deleting attachments for cases created through an email bot, search indexing was not updating automatically and a manual re-index was needed to allow the global search to work. This has been resolved with the addition of a condition check which will update the case when there is a delete operation done on the link page.
INC-198725 · Issue 707482
Elasticsearch will split queries to avoid URL length limits
Resolved in Pega Version 8.6.4
Elastic Search Functionality was not working and showed the status as Offline. Investigation showed that when an external Elasticsearch setup had an index prefix length = 200 and a large number of dedicated indexes, the error "too_long_frame_exception, reason: An HTTP line is larger than 4096 bytes" was generated. In this case, the system was working with approximately 87 dedicated indexes and the name for each of them was sent over the URL, resulting in this error message. This has been resolved by updating the system to split queries so as to not exceed the HTTP line limit in Elasticsearch.
INC-200973 · Issue 699266
Added handling for client-side validation errors in sub-reports
Resolved in Pega Version 8.6.4
When a sub-report was trying to access externally mapped fields or an optimized page property by JOIN of another class, the main report was unable to validate the Page property. This has been resolved by updating the activity code to handle client-side validation errors on main reports attempting to access the externally-mapped Page properties of another class in the sub-report.
INC-201625 · Issue 698655
Updated variable handling for filter logic to avoid reuse
Resolved in Pega Version 8.6.4
When adding the property "ItemStatus" as a filter for a report, the validation message: "This property does not exist or has no column mapping" appeared. This was traced to an empty caption for a class join property used in the filter due to RRFilters_Logic reusing the strFieldName variable, and has been resolved by updating the variable handling to use a unique name, strPropName.