INC-168837 · Issue 646973
CSRF token updated for use with OKTA login
Resolved in Pega Version 8.5.4
An issue seen while connecting via OKTA has been resolved by updating the CSRF token validation for use with IDP initiated SSO login.
INC-169310 · Issue 649713
Cache check added for SQL queries
Resolved in Pega Version 8.5.4
When performing load testing, a high number of gets were seen for some SQL Queries. In order to improve performance, a check has been added in GlobalTrustStoreCacheImpl.java to assess whether the cache has been initialized or not.
INC-169332 · Issue 648298
Added check for blank username in password reset form
Resolved in Pega Version 8.5.4
The "Forgot password?" screen was allowing the form to be submitted with an empty username so it proceeded to the next screen (verification code). This has been resolved by adding a check for a blank username with the appropriate related error message.
INC-170423 · Issue 648984
Added catch for SAML WebSSO duplicate key exception
Resolved in Pega Version 8.5.4
After logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint. Cannot insert duplicate key in object." This has been resolved by updating the session index handling and adding a catch for the duplicate key exception.
INC-173294 · Issue 650236
Mobile "Forgot Password" supports circumstanced rule
Resolved in Pega Version 8.5.4
An enhancement has been added to support a circumstanced rule for the "Forgot Password" flow on mobile.
INC-173466 · Issue 651456
Operator security enhancements
Resolved in Pega Version 8.5.4
It was possible to enable an operator from the operator access landing page even when write access was denied in the data admin operator class. This has been corrected.
SR-D37421 · Issue 514593
Cross-site scripting security added to Marketing Offers
Resolved in Pega Version 8.1.8
Cross-site scripting protections have been added to Marketing Offers, which had a potential vulnerability when using Firefox.
SR-D45608 · Issue 519902
Correct service instance name passed for data flow in DSMStatus
Resolved in Pega Version 8.1.8
When using the Connect-HTTP service "DSMStatus" to provide the node and status information as seen on the various tabs of the Designer Studio > Decisioning > Infrastructure > Services landing page, using DataFlow as the service parameter for the HTTP service method resulted in an empty response when the expectation was to get the information regarding the cluster details of Dataflow node type. This was traced to the service instance name not being parsed correctly when used for Data Flow services, and has been resolved by ensuring the correct service instance name is passed for this use.
SR-D47618 · Issue 516300
Statistic rounding error in ADMSnapshot Agent with Oracle corrected
Resolved in Pega Version 8.1.8
While running the ADMSnapshot Agent, the exception "internal.mgmt.Executable) ERROR com.pega.decision.adm.client.ADMException: Failed to complete ADM Data Mart snapshot" was seen. This was traced to an issue with the rounding of performance statistics when using Oracle, and has been resolved.
SR-D54218 · Issue 518599
Deadlock in static Initialization of IntList resolved
Resolved in Pega Version 8.1.8
JVM Deadlock was seen related to the static Initialization of a subclass field in class com.pega.decision.strategy.ssa.runtime.collections.api.IntList . Thread dumps showed threads in RUNNABLE State that were parked to wait for class initialization, and this was traced to a missed sonar alert which failed in multi-threading. To resolve this, the system handling has been updated to prevent potential deadlock.