INC-156128 · Issue 620484
Added mail/telephone link to allowed CSP child frame
Resolved in Pega Version 8.5.3
After upgrade from v8.3 to v8.5, clicking on the mail / telephone link in the out of the box case participants gadget generated the Content Security Policy error "This content is blocked. Contact the site owner to fix the issue." Examination of the browser dev-tools console indicated the object refused to frame because it violated the Content Security Policy directive: "frame-src *". This behavior was specific to the Google Chrome browser, and has been resolved by adding code so the mailto: and tel: will be added to the frame-src when Data is selected under Child Frame-Source option. Unchecking the Data checkbox for Child Frame-Source on the policy landing page will remove these from allowed actions under CSP.
INC-156647 · Issue 626295
Improved disconnected requestor cleanup for FieldService
Resolved in Pega Version 8.5.3
A large number of requestors from FieldService with the status as 'Disconnected' were accumulating and causing performance issues. This was traced to the requestors not getting passivated due to users not logging out and new requestors being created for the same users next time, and was caused by the value of the DSS Initialization/PersistRequestor being set as "OnTimeout". When the DSS prconfig/timeout/browser/default is not configured, the default browser requestor timeout is 60 minutes. In this scenario, requestors were not passivating as the requestor passivation timeout was set to the refresh token lifetime for mobile users, which was very large and overwrote the DSS value. This has been resolved by removing the code which set the passivation timeout to the OAuth2 refresh token lifetime.
INC-160024 · Issue 625832
Deprecated authentication methods removed
Resolved in Pega Version 8.5.3
After upgrade, attempting to trigger the Pega hosted API externally through Post Man resulted in the exception "The method getAuthenticationService() is undefined for the type OAuth2AccessTokenValidation". This was traced to the use of references to the methods getAuthenticationService() and getAuthenticationServiceType(), which are not in use from v8.5 onwards in pzOAuth2AuthenticationActivity and have now been removed. For OAuth2 authentication, the service package should use authentication type as OAuth2; the system will then take care of validating the token and establishing the operator context.
INC-145802 · Issue 636324
Oracle temporary space explicitly freed after writing LOBs
Resolved in Pega Version 8.5.4
Oracle temporary space used to write the LOB was not freed up after writing records to Log-Service-File when using OJDBC8 or OJDBC10 versions and the table involved had inline BLOB storage such as small blob tables like Log-service-file (2-4kB blobs). This did not occur when using OJDBC7, but investigation with Oracle could not determine why the older version did not have this issue. This issue has been resolved by explicitly freeing the LOB space with a call to free() / freeTemporary() , a utility for LOB objects that was introduced in JDBC 4.
INC-154026 · Issue 631041
Resolved exception from expanding deserialized Data Page
Resolved in Pega Version 8.5.4
When using a data page backed by a report definition where the data page data type was Rule- and the virtual page data type was Rule-Obj-Property, serializing and deserializing the data page and then expanding the deserialized data page generated the exception "the reference .pzInsKey is not valid. Reason: .pzInsKey is mapped to class Rule-Obj-Property, which is not the primary class of the list: Rule-; must specify a group name in mapping". The issue occurred only if "Run on Data Page" on the data page was checked and "Report on descendant class instances" on the report definition was unchecked, and has been resolved by updating the runLoadActivity() of DeclarativePageDirectoryImpl to skip setting pyObjClass for the report definition if it already present, i.e. if already set by the loader activity.
INC-155624 · Issue 634716
MSGraph email listener enhancements
Resolved in Pega Version 8.5.4
Attachments with .eml /.msg extensions were treated as FileAttachments by the MS Graph API and generating a classcastexception. To resolve this, a check has been added to identify the attachment along with content type so .eml will be correctly recognized. In addition, the MSGraph email listener functionality related to converting from Graph to MIME message has been enhanced around the 'TO' and 'CC' recipients in a MIME message and for parsing nested attachments in Item attachment for addition to MsgraphMessage.
INC-156758 · Issue 629937
ExpandStream called before Page-Merge-Into to ensure correct merge
Resolved in Pega Version 8.5.4
The Page-Merge-Into method was not merging the source page into the target page when the use case was run without tracer, but merged properly when run with tracer. This was traced to an intermittent issue with expanding properties, and has been resolved by calling expandStream on the source property if it is unknown prior to checking if the source and target properties are merge compatible.
INC-158728 · Issue 625588
Oracle handling updated for upgrade DDL
Resolved in Pega Version 8.5.4
DDL generated for a Pega upgrade displayed the error "ALTER TABLE PC_ASSIGN_WORKBASKET DROP CONSTRAINT GETNEXTWORKINWORKGROUP" when trying to install. This was traced to a change made by Oracle for optimization, and has been resolved by updating the handling for primary key constraint and the corresponding index name.
INC-159143 · Issue 628923
Methods updated to prevent rounding of JSON response decimals
Resolved in Pega Version 8.5.4
When using a REST connector for an outside service, precision numbers in the JSON response were being rounded or truncated when parsed for the DataSource page. For example, a JSON message with a value like 6045.900000000000000001 became rounded to 6045.9. This happened in both methods used for fast and non-fast processing, and has been resolved by treating the decimal value as a string and then creating a BigDecimal object out of it to avoid truncation in the fast processing scenario, and by adding mapper.enable(DeserializationFeature.USE_BIG_DECIMAL_FOR_FLOATS); for the non-fast processing scenario.
INC-159438 · Issue 632186
HTTP Strict Transport Security update
Resolved in Pega Version 8.5.4
An update has been made to increase the max age of the HTTP Strict Transport Security (HSTS) header parameter from 7 days to 1 year.