INC-170149 · Issue 645724
pzTenantID removed from Revision management classes
Resolved in Pega Version 8.5.4
After upgrade, issues were seen with case types in the case explorer. This was caused by the Revision management work classes created in the 7.1.x version having pzTenantId property in the rule XML when it was not defined anywhere in the 8.x versions, and has been resolved by removing the pzTenantId property from the Revision management classes.
INC-171221 · Issue 645988
Queue Processors made more robust
Resolved in Pega Version 8.5.4
After upgrade, multiple queue processors were not running as expected. Attempting to restart them generated an error. Investigation showed that the real time data flow runs were not picking up or accepting assignments because the local node was under the impression it was still processing data. In this case, the need to synchronize the state of multiple threads caused the queue processors to become stuck in an initializing state due to a race condition that caused the data flow engine to think this run still had threads running when all threads were already stopped. To resolve this, the callback handling has been simplified and made more robust. In addition, in some cases the data flow leader node would believe the service nodes did not accept assignments even when they did. This occurred if many runs and nodes were involved, and was traced to an implicit limit on the NativeSQL query used to read the data to see which assignments were accepted. To resolve this, the key-value store in the Service Registry has been modified to allow a query of more than 500 entries at once.
INC-174933 · Issue 651827
Special characters escaped for use in "is in List" lookups
Resolved in Pega Version 8.5.4
After creating a specific criterion on any proposition using a string property, the "Is In List" operator, and a customer list with one value containing a "$", clicking save or check in resulted in the exception error "Problem invoking function: pega_decisionengine_propositionfilterfua.pzPropositionFilterMethodBody--(PublicAPI,ClipboardPage) java.lang.IllegalArgumentException: Illegal group reference at java.util.regex.Matcher.appendReplacement(Matcher.java:857) ". This has been resolved by escaping regular expression control characters in string replacement, which will allow the use of characters such as the $ sign for "is in List" lookups.
INC-157095 · Issue 638807
Enhancement added for tenant-level authentication
Resolved in Pega Version 8.5.4
In a multi-tenant PDC with a few tenants that utilize their own custom SSO, a pre-authentication activity inside a tenant that should block community access was also affecting tenants that did not have that pre-auth activity set. This was a missed use case and has been resolved by adding a tenantId hash in SchemePRAuth.makeUniqueSchemeName() to create the authServiceName.
INC-161260 · Issue 634051
Enhanced logging for CBAC policies
Resolved in Pega Version 8.5.4
Additional logs have been added to assist in easier debugging of any configuration issues with CBAC policies.
INC-161660 · Issue 633030
Authorization token handling and cleanup improved
Resolved in Pega Version 8.5.4
When using a mobile app configured with default authentication, clicking on the "Trouble logging in?" link opened a new window and displayed the message "please contact your system administrator" along with the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY CODE-SECURITY PZGETAUTHORIZATIONCODE". This has been resolved. In addition, the OAuth token generation and handling has been improved, and the purge agent has been updated to accept a DSS setting for the max number of expired records to purge each time it is run. The default value is 5000.
INC-162434 · Issue 640052
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.5.4
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-163201 · Issue 646911
BrowserFingerprint updated
Resolved in Pega Version 8.5.4
Security improvements have been added to the browser fingerprint process.
INC-168837 · Issue 646973
CSRF token updated for use with OKTA login
Resolved in Pega Version 8.5.4
An issue seen while connecting via OKTA has been resolved by updating the CSRF token validation for use with IDP initiated SSO login.
INC-169310 · Issue 649713
Cache check added for SQL queries
Resolved in Pega Version 8.5.4
When performing load testing, a high number of gets were seen for some SQL Queries. In order to improve performance, a check has been added in GlobalTrustStoreCacheImpl.java to assess whether the cache has been initialized or not.