SR-D84190 · Issue 547175
Post-Import Migration Agent query optimized
Resolved in Pega Version 8.4.1
A Post-Import Migration agent belonging to the Pega-ImportExport Ruleset and set to run every 60 seconds by default triggered the SQL query "select ASTERISK from pegadata.pca_CWT_CXP_Work_Interaction" which ran for an excessive amount of time, caused a utilization spike, and then crashed the utility nodes. Investigation showed the excessive run time and load was caused by the query fetching a very large number of results. To better handle this scenario, the query usage has been updated.
SR-D84795 · Issue 546204
Handling added for NOT NULL primary key requirement
Resolved in Pega Version 8.4.1
The CRMFS application upgrade failed during an upgrade of a Production-clone environment to Pega 8.3.1 with the error "Encountered an issue applying DDL: ALTER TABLE pegadata.pr_History_PegaSAFS_Data_ReasonCode ALTER COLUMN pzinskey DROP NOT NULL: Database-General Problem executing SQL to update database schema ERROR: column "pzinskey" is in a primary key." This occurred because the database had a table column as primary key with a NOT NULL modifier while the archive that needed to be imported had a table column with neither the primary key nor NOT NULL modifier in it. Therefore during import the system was trying to drop the NOT NULL modifier first, resulting in the error as NOT NULL cannot be removed if it is a primary key. To resolve this, handling has been added for the use case of not dropping the NOT NULL requirement for the primary key.
SR-D85745 · Issue 545906
DASS and DAS associated to the Pega-ProcessCommander Ruleset
Resolved in Pega Version 8.4.1
An upgrade was failing at the point of Pega Rules Upgrade in the Installer Instance with the error "Encountered database exception when preprocessing deferred operations <insert updatesCache instance DATA-ADMIN-SYSTEM PEGA not only if new>. This node not found in the database - Either the record was never saved or was deleted. Unable to join the cluster." This error occurred because the strategic application import during upgrade manually included a "systemname" DASS instance which had a value other than "prpc". This caused a override of the platform shipped DASS (with value "prpc), which is required by the upgrade. In order to avoid this condition, DASS and DAS have been associated to the Pega-ProcessCommander Ruleset.
SR-D89002 · Issue 549104
SameSite cookie setting updated for pre-authentication
Resolved in Pega Version 8.4.1
In work done in previous versions to modify the SameSite cookie handling to support Mashups in Google Chrome v80+, SameSite was set to None only in case of an authenticated Pega-RULES cookie and not for a Pre-authenticated cookie. That caused the Samesite value to not be set when using a pre-authenticated cookie, and the blank value was treated as 'Lax', causing a login challenge. To resolve this, Samesite will be set to 'None' when using pre-authenticated cookie, which will match the way it is being set in authenticated cookie.
SR-D90485 · Issue 549270
SameSite cookie setting added for Mashup support in Google Chrome v80+
Resolved in Pega Version 8.4.1
The Google Chrome browser version 80 and above now treats SameSite with a blank value as "Lax" by default, causing mashup scenarios to break. In order to compensate for this change, support has been added for setting SameSite=None in Cookie Settings; this value automatically includes the “secure” cookie flag, which enforces HTTPS for the Pega server and mashup. For mashups to work, SameSite should be set as None. Create a Dynamic system setting in the Pega-Engine RuleSet with the name “security/csrf/samesitecookieattributevalue” and the value "None" and restart the server. (The SameSite value "None" works only in secure HTTPS connections.) Note: The SameSite cookie may be set to None/Lax/Strict, based on the requirement. For cookie requirements other than mashup, it should be set as either Strict or Lax, depending upon your application.
SR-D90524 · Issue 549048
SameSite cookie setting added for Mashup support in Google Chrome v80+
Resolved in Pega Version 8.4.1
The Google Chrome browser version 80 and above now treats SameSite with a blank value as "Lax" by default, causing mashup scenarios to break. In order to compensate for this change, support has been added for setting SameSite=None in Cookie Settings; this value automatically includes the “secure” cookie flag, which enforces HTTPS for the Pega server and mashup. For mashups to work, SameSite should be set as None. Create a Dynamic system setting in the Pega-Engine RuleSet with the name “security/csrf/samesitecookieattributevalue” and the value "None" and restart the server. (The SameSite value "None" works only in secure HTTPS connections.) Note: The SameSite cookie may be set to None/Lax/Strict, based on the requirement. For cookie requirements other than mashup, it should be set as either Strict or Lax, depending upon your application.
INC-175706 · Issue 659527
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.4.6
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-179360 · Issue 662178
Check added for allowed editing with CSRF
Resolved in Pega Version 8.4.6
After enabling CSRF, it was not possible to edit a data table used to define ACL rules due to security preventing the adding/editing of rows and user group entitlements. This has been resolved by using browser FingerPrint validation to check whether an activity is in a secured list and skipping validation for allowed activities.
INC-180275 · Issue 666457
Collaboration control hidden if data type is delegated
Resolved in Pega Version 8.4.6
When collaborating using a customized CaseManager portal with some delegated data types, the admin user refreshing the Data Type view changed the collaborator's view from the portal to show the Data Type tabs, allowing the second person to open rules (properties, Data Pages, etc) and see the configuration even though they could not make any changes. This has been resolved by updating pzDataTypeDelegated to display the collaboration control only if pzDelegation is false.
INC-180594 · Issue 670956
Filtering added for DisableDormantOperators
Resolved in Pega Version 8.4.6
When running the Disable Dormant Operators agent, many operators were seen which were dormant but not disabled. Investigation showed the activity was fetching all of the operators without filtering the deactivation state. This has been resolved by adding a filter condition in pzDisableDormantOperators to fetch only deactivate state users.