INC-156797 · Issue 618991
Property check handling updated for Ajax requestor
Resolved in Pega Version 8.6
SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.
INC-158489 · Issue 623452
Captcha control updated to support ClientValidation
Resolved in Pega Version 8.6
The required checkbox for the pzCaptcha control was not working when using a custom configuration, allowing a case to be submitted with a blank captcha even when the required parameter was selected on control. This was traced to a required parameter not being correctly populated to the pzCaptcha control, and has been resolved by adding ClientValidation into the pzCaptcha control so that if a required parameter is selected on the control it will be applied during case execution.
INC-160024 · Issue 625831
Deprecated authentication methods removed
Resolved in Pega Version 8.6
After upgrade, attempting to trigger the Pega hosted API externally through Post Man resulted in the exception "The method getAuthenticationService() is undefined for the type OAuth2AccessTokenValidation". This was traced to the use of references to the methods getAuthenticationService() and getAuthenticationServiceType(), which are not in use from v8.5 onwards in pzOAuth2AuthenticationActivity and have now been removed. For OAuth2 authentication, the service package should use authentication type as OAuth2; the system will then take care of validating the token and establishing the operator context.
INC-161660 · Issue 633032
Authorization token handling and cleanup improved
Resolved in Pega Version 8.6
When using a mobile app configured with default authentication, clicking on the "Trouble logging in?" link opened a new window and displayed the message "please contact your system administrator" along with the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY CODE-SECURITY PZGETAUTHORIZATIONCODE". This has been resolved. In addition, the OAuth token generation and handling has been improved, and the purge agent has been updated to accept a DSS setting for the max number of expired records to purge each time it is run. The default value is 5000.
SR-SR-D79737 · Issue 602304
Improvements for Report Definition OperatorID filtering
Resolved in Pega Version 8.6
Report Definition filters were not working as expected when data from the OperatorID page was used and authentication was enabled. This was traced to the OperatorID page not being correctly populated. To resolve this, the authentication logic has been modified to always create the OperatorID page at requestor level, and the HTTP API layer has been updated to remove the thread level OperatorID page if exists. In addition, an enhancement has been added for improved debugging on log appenders provided by log4j which allows log filtering based on the requestor and thread for a given appender at a specific log level.
SR-69015 · Issue 619995
Unescaping characters implemented for expressions
Resolved in Pega Version 8.3.6, Resolved in Pega Version 8.4.4, Resolved in Pega Version 8.5.3, Resolved in Pega Version 8.6
An issue where expression builder statements were evaluated differently at runtime than at testing has been resolved. Pega Platform expressions with String literals(that is, sequences of characters enclosed in quotation marks) now unescape characters in strategy shapes such as Set Property or Filter.
SR-D39972 · Issue 513459
UpgradeOnOpen updated to use property set
Resolved in Pega Version 8.3.2
After upgrade, using the revalidate & save wizard on MapValue rules (Rule-Obj-MapValue) generated null pointer exceptions in the tracer file and rules failed with bad status. This was traced to changes made in the Java step of UpgradeOnOpen that used the getReference() method, and has been resolved by updating the UpgradeOnOpen activity in the Rule-obj-Mapvalue class to use property set.
SR-D41207 · Issue 512086
Fallover stategy added to chat routing to keep event processor running
Resolved in Pega Version 8.3.2
Chats were becoming stuck in the queue and end users were not able to connect with the customer service representative. An excessive number of queued items were observed in a Queue Processor named "EventProcessor". This was traced to the setting "Browse from the offset" having been removed because of a retention policy. This resulted in "Browse from the end of the stream" being used instead even though browse should start from the earliest known offset. To resolve this, Stream Producer will be cached based on topic, and Stream consumer will fall over to an earliest strategy in case the requested offset isn't found so the event queue will be handled in a timely manner.
SR-D42451 · Issue 518066
ExecuteRDB call updated to use NativeSQL for blob
Resolved in Pega Version 8.3.2
After creating a test activity to clear data set records that used the DataSet-Execute method and passed the data set name and truncate operation, only 51 records were deleted in a single run when the data set had more than 51 records. Investigation showed that for blob tables, the database truncate operation was using executeRDB with an empty results page, i.e. it didn't specify pyMaxRecords, which on some databases might have limited the number affected records. To resolve this, the executeRDB call in the database truncate operation has been modified to use NativeSQL for blob tables.
SR-D43912 · Issue 509736
Fallover stategy added to chat routing to keep event processor running
Resolved in Pega Version 8.3.2
Chats were becoming stuck in the queue and end users were not able to connect with the customer service representative. An excessive number of queued items were observed in a Queue Processor named "EventProcessor". This was traced to the setting "Browse from the offset" having been removed because of a retention policy. This resulted in "Browse from the end of the stream" being used instead even though browse should start from the earliest known offset. To resolve this, Stream Producer will be cached based on topic, and Stream consumer will fall over to an earliest strategy in case the requested offset isn't found so the event queue will be handled in a timely manner.