INC-199665 · Issue 692760
Logic added to handle upper/lower case for Content-Type header value
Resolved in Pega Version 8.5.6
After Integrating REST Service with a HTTP/2 header, pzExecuteRestService was throwing a null pointer exception. This was traced to headers not being treated in a case-insensitive manner: the header contained a lower-case 'content-type' while the system was looking for 'Content-Type' (upper-case). To resolve this, logic has been added to check for both 'content-type' and 'Content-Type' keys.
INC-207236 · Issue 706817
QueueProcessor timeout made configurable
Resolved in Pega Version 8.5.6
Queue Processor timeouts were causing thread interruptions, causing items to be processed more than once. To resolve this, the QueueProcessor kafka-write timeout has been made configurable via the DASS Pega-Engine:queueprocessor/dataset/write/timeoutMs
INC-212753 · Issue 707312
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.5.6
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .