INC-180594 · Issue 670956
Filtering added for DisableDormantOperators
Resolved in Pega Version 8.4.6
When running the Disable Dormant Operators agent, many operators were seen which were dormant but not disabled. Investigation showed the activity was fetching all of the operators without filtering the deactivation state. This has been resolved by adding a filter condition in pzDisableDormantOperators to fetch only deactivate state users.
INC-180858 · Issue 660798
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.4.6
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-181812 · Issue 667198
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.4.6
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-185362 · Issue 668827
Keystore update properly revises the cache
Resolved in Pega Version 8.4.6
A keystore updated with the latest certificate was not getting reflected in the runtime and the old certificate was getting picked. In a multi-node environment when the new JKS is uploaded in one node, the changes are expected to be communicated to other nodes so that the cache can be cleaned up. In this case, investigation showed that the keystore label was in uppercase and the cache entry was not correctly removed. This has been resolved by adding an update that will convert the cache key to lowercase and maintain uniformity to ensure proper cleanup.
INC-186512 · Issue 669380
Password security enhanced
Resolved in Pega Version 8.4.6
Security and authentication have been enhanced for password handling.
INC-188889 · Issue 675582
New application wizard security updated
Resolved in Pega Version 8.4.6
Security around displaying and running the new application wizard has been enhanced.
INC-202677 · Issue 698990
Handling added for missing expose.accessGroup property
Resolved in Pega Version 8.6.4
After exposing an existing page group and page list properties along with single value properties using a declare index, running the Column Populator tool prpcServiceUtils to populate the historical data resulted in the single value properties being updated in the exposed column properly, but the page group and page list properties were not updated in the declare index table. On new case creation the declare index tables were updated. This was traced to the default expose.accessGroup not being set for the user, and has been resolved by adding a check and handling that will add the missing property in prpcserviceutils.properties defining the access group for the Rule-Declare-Index of the classes being exposed if it is not present.
INC-205181 · Issue 697802
Warnings pull from report definition page
Resolved in Pega Version 8.6.4
When a report definition filter was used in the "Class instances to include" section of the Product rule, severe warnings appeared noting "Report definition filter performance issues for LookupDataMigration : Using a custom HTML control to format a column may result in poor performance displaying query results. Consider using auto-generated HTML controls". However, the report definition used, LookupDataMigration, has no Custom HTML control in the latest version of the rule, and the "CheckForWarnings" rule for the product was running a report definition in the "Index-Warning" class which has the warnings for all the versions of the rule. This was due to warnings being displayed in the product for the report definition filter without applying rule resolution for report definition, resulting in warnings from all report definition version rules from a ruleset given a report definition name. This has been resolved by adding an update which will use Obj-Open to read the warnings from report definition page instead of looking up for warnings from Index-Warnings table.
INC-205453 · Issue 706568
Pega Keystore supported for hotfix signature verification
Resolved in Pega Version 8.6.4
In order to support custom trust managers which require an alternate method for supplying the root certificate via a platform trust store, an enhancement has been added to allow Pega Keystore to be used as a hotfix verification source. Detailed information on this can be found in https://docs.pega.com/keeping-current-pega/87/verifying-hotfix-authenticity-using-pega-keystore
INC-208516 · Issue 705100
Patchdate values made unique
Resolved in Pega Version 8.6.4
The hotfix manager was incorrectly indicating that a previous hotfix was not installed or was partially installed and should be reinstated. This scenario was created during security updates where the missing/incomplete hotfix had been deliberately deleted from the database, and has been resolved by adding an update which will force patchdate to be unique when adding duplicate code resources during tests.