INC-213176 · Issue 709974
Data flow stability improvements
Resolved in Pega Version 8.6.4
All nodes were showing as active and running in the cluster, including background, stream, web nodes, but the queue processor would not start. Log entries indicated "IllegalStateException: Invalid run transition found [PENDING_NODES->COMPLETED] on run [DF_OutboundPreProcessing_SMS] by [EventDescription{originator=CheckNodeAvailabilityTask, reason=Restoring previous state." Due to this, all dataflows were moved to queued state. As soon as the corrupted dataflow was deleted the other dataflows were resumed. To resolve this, data flow stability improvements have been added along with better handling of runs in Queued state.
INC-213189 · Issue 707344
Addressed performance issues for classless DSMClipboardPage
Resolved in Pega Version 8.6.4
The DSMClipboardPage implementation handles Page Group access as a classless page (i.e. pxObjClass = ""), creating potential performance issues in implementations where the page group is used with a very large number of distinct AccountIDs in a short period. This has been resolved by updating the system to not cache keys for page group classless page.
INC-213262 · Issue 709457
Refresh added to limit commit log partition size
Resolved in Pega Version 8.6.4
Issues were seen on DDS nodes, including slowness and randomly dropping out and being replaced by new nodes. WARN messages in Cassandra logs reported issues relating to a large partition size of adm_response_commit_log_date_tiered table. Investigation showed the large partition size (over 10GB) was causing frequent C* query timeouts due to scanning a large number of tombstones, resulting in node terminations. This has been resolved with an update which will limit the commit log partition size by refreshing the NID every set interval.
INC-213945 · Issue 709365
Additional logging and executor work for Adaptive Decision Manager
Resolved in Pega Version 8.6.4
The Adaptive Decision Manager Pulse operation stopped running on some of the ADM nodes, causing an impact on the model update. To address this, some additional protections have been added for pulse operations running in a scheduled executor, and ERROR logging has been enabled.
INC-216894 · Issue 712241
Refresh added to limit commit log partition size
Resolved in Pega Version 8.6.4
Issues were seen on DDS nodes, including slowness and randomly dropping out and being replaced by new nodes. WARN messages in Cassandra logs reported issues relating to a large partition size of adm_response_commit_log_date_tiered table. Investigation showed the large partition size (over 10GB) was causing frequent C* query timeouts due to scanning a large number of tombstones, resulting in node terminations. This has been resolved with an update which will limit the commit log partition size by refreshing the NID every set interval.
INC-164432 · Issue 696294
Global obfuscation key initialized on first requestor call
Resolved in Pega Version 8.6.4
When using URLEncryption = true and SubmitObfuscatedURL = optional, attempting to export an Excel spreadsheet resulted in the error "Invalid character found in the request target". This was traced to the variable pega.d.globalobfuscateKey having a null value which was then converted to a byte array and decoded, generating improper characters in the URL. After a browser refresh, the correct value was set in pega.d.globalobfuscateKey and the export worked as expected. To resolve this, an update has been made to initialize the key on the very first call in PRRequestorImpl when the global obfuscation key is determined to be NULL instead of initializing the global obfuscation key by on-demand basis from HTTPAPI.
INC-182827 · Issue 691528
URL security updated
Resolved in Pega Version 8.6.4
Security has been updated for URL tampering defense and Rule Security Mode.
INC-209298 · Issue 704141
Added security tokens to Worklist assignment error wizard
Resolved in Pega Version 8.6.4
After enabling CSRF, moving to 'Configure -> Case Management -> Tools -> Work Admin -> Worklist assignment errors' and then selecting a record and clicking on 'Delete' resulted in a '403 Forbidden' error. This has been resolved by adding CSRF and fingerprint tokens as part of the form data.
INC-211426 · Issue 706061
UI and code changes to support Client Assertion in Open ID Connect
Resolved in Pega Version 8.6.4
In order to support private_key_jwt, an enhancement has been added which will pass the “Client ID” and “Client assertion” (in the form of a signed JWT) as part of the authorization code grant flow for an IDP-initiated SSO. The Authorization Server will then authenticate Pega (the client) to verify the signature and payload of assertion by retrieving the public key via Pega’s JWKS endpoint.
INC-215343 · Issue 711141
Security updates
Resolved in Pega Version 8.6.4
Security updates have been made relating to rulesets using allow lists, checks for Java code injections, SAML-based SSO code, and supporting SFTP as part of the validation in the pxValidateURL rule.