INC-173092 · Issue 648737
Checks for Apache Tomcat 6 with MSSQL removed
Resolved in Pega Version 8.5.4
After implementing a specific local Tomcat configuration that removed the Tomcat version number from displaying on Tomcat standard error screens, the error "Tomcat 6 not supported or unable to detect version for custom Tomcat: Apache Tomcat. Contact Pega Customer Support!" appeared and Tomcat failed to start. Because Tomcat 6 was not supported for use with Microsoft SQL Server Systems, Pega used the ServletContext.getServerInfo() method to determine the Tomcat version; if the system used Tomcat 6 or an undetermined version in combination with MSSQL then the system would purposefully not start. As Tomcat 6 is no longer supported in Pega 8.5.2 and above, this check is unnecessary in those versions and the Tomcat version 6 checks in ClassMapImpl have been removed to allow serverAllowsMerge to return as true.
INC-174296 · Issue 650754
Delayed JS/DF initialization failures will trigger alert
Resolved in Pega Version 8.5.4
In order to ensure better cluster monitoring, a PEGA0102 alert has been added for job registration failure that will be triggered if there are startup issues. The logging will include the JOB_NAME for improved troubleshooting.
INC-175205 · Issue 652286
Agent restart made more resilient
Resolved in Pega Version 8.5.4
During a timeout outage, agents intermittently encountered a NoClassDefFound error and were disabled. After the database connection was restored, the agents were not automatically restarting. This has been resolved by making the code more resilient to errors; agent will be restarted when a temporary issue is detected, and the restart will be immune to most exceptions.
INC-175672 · Issue 652942
ServicePackage threads properly released
Resolved in Pega Version 8.5.4
After completing a system stress test, the requestor pool threads for the ServicePackage were not released. Investigation showed that the threads were waiting for Data Pages to be loaded in the background even though there was no background job corresponding to those data pages in the Async Services pool. This has been resolved by making an update to avoid removing the object handlers when the load-datapage finds that an entry exists with a NOT_STARTED state.
INC-157095 · Issue 638807
Enhancement added for tenant-level authentication
Resolved in Pega Version 8.5.4
In a multi-tenant PDC with a few tenants that utilize their own custom SSO, a pre-authentication activity inside a tenant that should block community access was also affecting tenants that did not have that pre-auth activity set. This was a missed use case and has been resolved by adding a tenantId hash in SchemePRAuth.makeUniqueSchemeName() to create the authServiceName.
INC-161260 · Issue 634051
Enhanced logging for CBAC policies
Resolved in Pega Version 8.5.4
Additional logs have been added to assist in easier debugging of any configuration issues with CBAC policies.
INC-161660 · Issue 633030
Authorization token handling and cleanup improved
Resolved in Pega Version 8.5.4
When using a mobile app configured with default authentication, clicking on the "Trouble logging in?" link opened a new window and displayed the message "please contact your system administrator" along with the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY CODE-SECURITY PZGETAUTHORIZATIONCODE". This has been resolved. In addition, the OAuth token generation and handling has been improved, and the purge agent has been updated to accept a DSS setting for the max number of expired records to purge each time it is run. The default value is 5000.
INC-162434 · Issue 640052
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.5.4
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-163201 · Issue 646911
BrowserFingerprint updated
Resolved in Pega Version 8.5.4
Security improvements have been added to the browser fingerprint process.
INC-168837 · Issue 646973
CSRF token updated for use with OKTA login
Resolved in Pega Version 8.5.4
An issue seen while connecting via OKTA has been resolved by updating the CSRF token validation for use with IDP initiated SSO login.