INC-156797 · Issue 618991
Property check handling updated for Ajax requestor
Resolved in Pega Version 8.6
SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.
INC-158489 · Issue 623452
Captcha control updated to support ClientValidation
Resolved in Pega Version 8.6
The required checkbox for the pzCaptcha control was not working when using a custom configuration, allowing a case to be submitted with a blank captcha even when the required parameter was selected on control. This was traced to a required parameter not being correctly populated to the pzCaptcha control, and has been resolved by adding ClientValidation into the pzCaptcha control so that if a required parameter is selected on the control it will be applied during case execution.
INC-160024 · Issue 625831
Deprecated authentication methods removed
Resolved in Pega Version 8.6
After upgrade, attempting to trigger the Pega hosted API externally through Post Man resulted in the exception "The method getAuthenticationService() is undefined for the type OAuth2AccessTokenValidation". This was traced to the use of references to the methods getAuthenticationService() and getAuthenticationServiceType(), which are not in use from v8.5 onwards in pzOAuth2AuthenticationActivity and have now been removed. For OAuth2 authentication, the service package should use authentication type as OAuth2; the system will then take care of validating the token and establishing the operator context.
INC-161660 · Issue 633032
Authorization token handling and cleanup improved
Resolved in Pega Version 8.6
When using a mobile app configured with default authentication, clicking on the "Trouble logging in?" link opened a new window and displayed the message "please contact your system administrator" along with the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY CODE-SECURITY PZGETAUTHORIZATIONCODE". This has been resolved. In addition, the OAuth token generation and handling has been improved, and the purge agent has been updated to accept a DSS setting for the max number of expired records to purge each time it is run. The default value is 5000.
SR-SR-D79737 · Issue 602304
Improvements for Report Definition OperatorID filtering
Resolved in Pega Version 8.6
Report Definition filters were not working as expected when data from the OperatorID page was used and authentication was enabled. This was traced to the OperatorID page not being correctly populated. To resolve this, the authentication logic has been modified to always create the OperatorID page at requestor level, and the HTTP API layer has been updated to remove the thread level OperatorID page if exists. In addition, an enhancement has been added for improved debugging on log appenders provided by log4j which allows log filtering based on the requestor and thread for a given appender at a specific log level.
SR-69015 · Issue 619995
Unescaping characters implemented for expressions
Resolved in Pega Version 8.3.6, Resolved in Pega Version 8.4.4, Resolved in Pega Version 8.5.3, Resolved in Pega Version 8.6
An issue where expression builder statements were evaluated differently at runtime than at testing has been resolved. Pega Platform expressions with String literals(that is, sequences of characters enclosed in quotation marks) now unescape characters in strategy shapes such as Set Property or Filter.
INC-166995 · Issue 642440
DeleteDocumentPg added to allow list
Resolved in Pega Version 8.7
During performance testing with CSRF settings enabled, a '403 Forbidden' error was seen in the network trace when FinishAssignment called pyActivity=pyDeleteDocument on close action. This has been resolved by adding pyDeleteDocumentPg to the list of allowed activities.
INC-159836 · Issue 638267
Upgraded Apache UIMA Ruta libraries to resolve memory leak
Resolved in Pega Version 8.7
A memory leak issue that resulted in a reboot being needed every few days was traced to the class org.apache.uima.ruta.rule.RuleMatch. This has been resolved by upgrading the Apache UIMA Ruta libraries to v2.8.1.
INC-164243 · Issue 658270
DateTime validation works correctly after importing invalid data
Resolved in Pega Version 8.7
After creating DecisionData (Dev studio) and adding a DateTime property to the form, importing records with invalid DateTime values failed with a validation error on the screen and the message "Error while converting format for data type DateTime property name Test_date_format with value scvf" was logged. Attempting to proceed by correcting the DateTime property and uploading worked, but any subsequent imports in the same session silently allowed invalid inputs to be passed without any validation errors and then showed blank date fields. This has been corrected.
INC-165704 · Issue 639506
VBD data flow timeout increased and made configurable
Resolved in Pega Version 8.7
Intermittent VBD timeouts were seen when writing records to MSK even though no errors were reported on the MSK side. Analysis showed that while batch data flows retry when a timeout occurs, real time data flows do not retry and the configuration to wait up to 10 seconds for an acknowledgement may not be sufficient depending on the system conditions. This has been resolved by increasing the default timeout to 20 seconds and adding a configurable timeout "vbd/streamPublishTimeoutMillis" to allow a customized setting.