INC-212704 · Issue 707115
Explicit lock release added for Cassandra threads
Resolved in Pega Version 8.6.4
Customer Decision Hub was not responding for realtime request REST service calls, and thread dumps during start up were showing all HTTP request threads were stuck in CassandraSessionCache.getSession. If an error is thrown while invalidating an old Cassandra session, the system may fail to unlock the write lock. This results in subsequent threads being blocked on the session cache's ReadWriteLock when they attempt to retrieve the session from the session cache. To resolve this, an update has been made to ensure that invalidate session is wrapped in a finally block that releases the write lock and log any thrown errors.
INC-212754 · Issue 708688
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.4
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-213176 · Issue 709974
Data flow stability improvements
Resolved in Pega Version 8.6.4
All nodes were showing as active and running in the cluster, including background, stream, web nodes, but the queue processor would not start. Log entries indicated "IllegalStateException: Invalid run transition found [PENDING_NODES->COMPLETED] on run [DF_OutboundPreProcessing_SMS] by [EventDescription{originator=CheckNodeAvailabilityTask, reason=Restoring previous state." Due to this, all dataflows were moved to queued state. As soon as the corrupted dataflow was deleted the other dataflows were resumed. To resolve this, data flow stability improvements have been added along with better handling of runs in Queued state.
INC-213189 · Issue 707344
Addressed performance issues for classless DSMClipboardPage
Resolved in Pega Version 8.6.4
The DSMClipboardPage implementation handles Page Group access as a classless page (i.e. pxObjClass = ""), creating potential performance issues in implementations where the page group is used with a very large number of distinct AccountIDs in a short period. This has been resolved by updating the system to not cache keys for page group classless page.
INC-213262 · Issue 709457
Refresh added to limit commit log partition size
Resolved in Pega Version 8.6.4
Issues were seen on DDS nodes, including slowness and randomly dropping out and being replaced by new nodes. WARN messages in Cassandra logs reported issues relating to a large partition size of adm_response_commit_log_date_tiered table. Investigation showed the large partition size (over 10GB) was causing frequent C* query timeouts due to scanning a large number of tombstones, resulting in node terminations. This has been resolved with an update which will limit the commit log partition size by refreshing the NID every set interval.
INC-213945 · Issue 709365
Additional logging and executor work for Adaptive Decision Manager
Resolved in Pega Version 8.6.4
The Adaptive Decision Manager Pulse operation stopped running on some of the ADM nodes, causing an impact on the model update. To address this, some additional protections have been added for pulse operations running in a scheduled executor, and ERROR logging has been enabled.
INC-216894 · Issue 712241
Refresh added to limit commit log partition size
Resolved in Pega Version 8.6.4
Issues were seen on DDS nodes, including slowness and randomly dropping out and being replaced by new nodes. WARN messages in Cassandra logs reported issues relating to a large partition size of adm_response_commit_log_date_tiered table. Investigation showed the large partition size (over 10GB) was causing frequent C* query timeouts due to scanning a large number of tombstones, resulting in node terminations. This has been resolved with an update which will limit the commit log partition size by refreshing the NID every set interval.
INC-164432 · Issue 696294
Global obfuscation key initialized on first requestor call
Resolved in Pega Version 8.6.4
When using URLEncryption = true and SubmitObfuscatedURL = optional, attempting to export an Excel spreadsheet resulted in the error "Invalid character found in the request target". This was traced to the variable pega.d.globalobfuscateKey having a null value which was then converted to a byte array and decoded, generating improper characters in the URL. After a browser refresh, the correct value was set in pega.d.globalobfuscateKey and the export worked as expected. To resolve this, an update has been made to initialize the key on the very first call in PRRequestorImpl when the global obfuscation key is determined to be NULL instead of initializing the global obfuscation key by on-demand basis from HTTPAPI.
INC-182827 · Issue 691528
URL security updated
Resolved in Pega Version 8.6.4
Security has been updated for URL tampering defense and Rule Security Mode.
INC-209298 · Issue 704141
Added security tokens to Worklist assignment error wizard
Resolved in Pega Version 8.6.4
After enabling CSRF, moving to 'Configure -> Case Management -> Tools -> Work Admin -> Worklist assignment errors' and then selecting a record and clicking on 'Delete' resulted in a '403 Forbidden' error. This has been resolved by adding CSRF and fingerprint tokens as part of the form data.