INC-146921 · Issue 601635
Cross-site scripting update for Dev Studio
Resolved in Pega Version 8.5.2
Cross Site Scripting (Cross-site scripting) protections have been added to Developer Studio.
INC-151253 · Issue 607624
Hash comparisons adjusted for upgraded sites
Resolved in Pega Version 8.5.2
Existing Pega Diagnostic Cloud SSO URLs were not working after upgrade. This was traced to the previous tenant hash (or AG hash) having padding characters like ‘(’ which are no longer used in higher versions. This caused the tenant hash comparison during the SAML login flow to fail. To resolve this, the system will not compare an incoming tenant hash (in relay state) with a current platform tenant hash, but instead will rely on the “/!” pattern to identify the tenant hash in the relay state.
INC-166995 · Issue 642440
DeleteDocumentPg added to allow list
Resolved in Pega Version 8.7
During performance testing with CSRF settings enabled, a '403 Forbidden' error was seen in the network trace when FinishAssignment called pyActivity=pyDeleteDocument on close action. This has been resolved by adding pyDeleteDocumentPg to the list of allowed activities.
INC-159836 · Issue 638267
Upgraded Apache UIMA Ruta libraries to resolve memory leak
Resolved in Pega Version 8.7
A memory leak issue that resulted in a reboot being needed every few days was traced to the class org.apache.uima.ruta.rule.RuleMatch. This has been resolved by upgrading the Apache UIMA Ruta libraries to v2.8.1.
INC-164243 · Issue 658270
DateTime validation works correctly after importing invalid data
Resolved in Pega Version 8.7
After creating DecisionData (Dev studio) and adding a DateTime property to the form, importing records with invalid DateTime values failed with a validation error on the screen and the message "Error while converting format for data type DateTime property name Test_date_format with value scvf" was logged. Attempting to proceed by correcting the DateTime property and uploading worked, but any subsequent imports in the same session silently allowed invalid inputs to be passed without any validation errors and then showed blank date fields. This has been corrected.
INC-165704 · Issue 639506
VBD data flow timeout increased and made configurable
Resolved in Pega Version 8.7
Intermittent VBD timeouts were seen when writing records to MSK even though no errors were reported on the MSK side. Analysis showed that while batch data flows retry when a timeout occurs, real time data flows do not retry and the configuration to wait up to 10 seconds for an acknowledgement may not be sufficient depending on the system conditions. This has been resolved by increasing the default timeout to 20 seconds and adding a configurable timeout "vbd/streamPublishTimeoutMillis" to allow a customized setting.
INC-166561 · Issue 645648
ADM Models correctly updated
Resolved in Pega Version 8.7
The ADM models were not being updated when responses were processed either via the CaptureResponse API or when the time elapsed that should result in an update reflecting a non-response. This was traced to incomplete handling for a response coming for some other model which was converted to EMPTY, and has been resolved by modifying the logic so that the default responses and other responses are processed properly.
INC-166845 · Issue 640299
Hazelcast remote execution not called from synchronized context
Resolved in Pega Version 8.7
After navigating to the Admin Studio portal to view the nodes, the portal was temporarily freezing. Investigation of the thread dump revealed this was caused by a DDS pulse sending a remote execution call to all nodes to update logger settings even though the site was not using DDS. This has been resolved by updating the system to avoid calling Hazelcast remote execution from a synchronized context.
INC-167606 · Issue 665870
Updated ConfirmHarness handling for case type creation
Resolved in Pega Version 8.7
If a new case type was created with the initialization stage and there were no assignments in the case type, the /cases API did not return a NextPageID in response. This has been resolved by setting the pyConfirmHarness parameter before calling addworkobject.
INC-168271 · Issue 640347
ADM performance improvements and duplicate inputs corrected for delayed learning records
Resolved in Pega Version 8.7
Additional work has been done to improve the performance for Adaptive Models used in multi-level decisioning, and an issue with duplicate pxCommonInputs has been resolved.