INC-144591 · Issue 601614
Oauth and beanutils jars upgraded
Resolved in Pega Version 8.3.5
The third party Oauth2 jars and commons-beanutils jar have been updated to the latest versions.
INC-134808 · Issue 590713
Property check handling updated for Ajax requestor
Resolved in Pega Version 8.3.5
SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.
INC-140101 · Issue 597636
System will attempt to decrypt data ending in "+"
Resolved in Pega Version 8.3.5
Encrypting and decrypting one specific email address was not working properly when showing on the UI. It was possible to force a decryption using decryptproperty, but Pega generated an error. This was due to the actual encrypted value ending with '+', which conflicted with a system check that skips decryption if the encrypted property value ends with + . To resolve this, the system will attempt to decrypt the property even when encryptedText ends with + .
INC-137874 · Issue 599130
Cross-site scripting update for Dev Studio
Resolved in Pega Version 8.3.5
Cross Site Scripting (Cross-site scripting) protections have been added to Developer Studio.
INC-139705 · Issue 595169
Documentation update for Security Settings for DX API
Resolved in Pega Version 8.3.5
Information on the pyDXAPIEncodeValues application setting has been added to the Security Settings for DX API article under the Application settings sub-section. The Pega Platform version that supports the pyDXAPIEncodeValues application setting is mentioned in the Supported UI capabilities article.
SR-D90367 · Issue 556687
Cleanup enhanced for long pyEditElement names
Resolved in Pega Version 8.5
A pyEditElement error relating to decision data was seen multiple times in a stack trace. Research showed that while the utility worked as expected for decision data rules with names of less than 30 characters, the pyEditElement section was truncated the name for the decision data. This meant that decision data with the name SampleIssueandSampleGroupTwosalkdjkightntbmkblffvfvfv would be saved as SampleIssueandSampleGroupT for the pyEditElement section. Because of this, the utility failed the match and did not clean up the pyEditElement section. To resolve this, the cleanup utility has been updated to handle pyEditElement sections of decision data with longer names. Additional logging has also been added to improve debugging.
SR-D71621 · Issue 533296
Real time processing picks up correct datetime for Capture Response records
Resolved in Pega Version 8.5
A Realtime Data flow for the Capture Response flow was configured with a strategy shape set to load previous decisions within the past 7 days. Once this Realtime DF was started, attempting to Capture Response for decisions made after that startup timepoint did not work. This was traced to the InteractionID being written with global properties for the datetimes, and has been resolved by making those datetime properties local so the start and end time are not cached and the time range is calculated based on "now”.
SR-D85558 · Issue 548286
Handling added for prolonged Heartbeat Update Queries
Resolved in Pega Version 8.5
After restart, the pyFTSIncrementalIndexer queue size had hundreds of thousands of entries even though it was empty prior to the restart. Investigation traced this to a job scheduler that checked all the database connections everyday at 1 EST by using a list that contained some connections which did not exist. Checking those invalid connections caused other update queries to queue and wait, resulting in the update heartbeat query taking longer than its default beat. This caused a Split Brain issue wherein other nodes considered the long-executing node to be dead and triggered a rebalance while the node itself continued to execute partitions thinking that it was healthy. This caused duplicate processing of records. To resolve this, a fail safe has been added: while updating heartbeat in Service Registry, nodes will enter safe mode when the update query is taking longer than the default beat.
SR-D66397 · Issue 530333
ADM out-of-sync corrected for multi-datacenter Cassandra cluster
Resolved in Pega Version 8.5
After setting up the multi-datacenter configuration for a Cassandra cluster that consisted of six nodes in datacenter 1 and three nodes in datacenter 2, failover testing revealed a mismatch in the number of ADM models stored in each datacenter. The mismatch was observed mostly in the number of records present in the "adm_scoringmodel" and "adm_response_commit_log_date_tiered" tables. When Cassandra nodes are down, the other nodes in the cluster will store hints (records to be written) for the down nodes. When these nodes come back online the hints are replayed to those nodes and the data is written. Hints are written for 3 hours, so if a node come back up within 3 hours data is recovered and repairs are not required. The gc_grace_seconds for the above tables that were getting out of sync across the two datacenters was set to zero seconds. The "gc_grace_seconds" attribute is not just used as the time for removal of tombstones, it's also used to set the TTL for records written to the system.hints table. That meant that when the hints were written for the ADM tables for the nodes that were down, they were immediately expired since it was set to 0 and not played back when the terminated nodes restarted and joined the cluster. This has been resolved with this fix for all customers new to this release. Existing customers already on v7.3 or higher will need to complete the local change detailed below: Connect to the Cassandra cluster using cqlsh in the Pega Cassandra distribution and then run ALTER TABLE adm_commitlog.adm_response_commit_log_date_tiered WITH gc_grace_seconds = 86400; to change the relevant setting from zero to the equivalent of one day - the same length of time that the data in the table lives for. This will mean that any hints written can still be used to replay data to another node while the data itself is alive. It does also mean, however, that, given a constant load, a day's worth of expired ADM event data in the table will always be present on the disk, as the tombstones can now not be cleaned up for a day.
SR-D85095 · Issue 546341
Updated COUNT logic for strategies with ssavm set to true
Resolved in Pega Version 8.5
An error was seen when attempting to save a strategy after setting ssavm to true, indicating an issue in the “COUNT” method in Group By shape. Since the source field is not used and does not need to be evaluated here, the system has been updated to ignore the source field if the operation is COUNT.