INC-168837 · Issue 646973
CSRF token updated for use with OKTA login
Resolved in Pega Version 8.5.4
An issue seen while connecting via OKTA has been resolved by updating the CSRF token validation for use with IDP initiated SSO login.
INC-169310 · Issue 649713
Cache check added for SQL queries
Resolved in Pega Version 8.5.4
When performing load testing, a high number of gets were seen for some SQL Queries. In order to improve performance, a check has been added in GlobalTrustStoreCacheImpl.java to assess whether the cache has been initialized or not.
INC-169332 · Issue 648298
Added check for blank username in password reset form
Resolved in Pega Version 8.5.4
The "Forgot password?" screen was allowing the form to be submitted with an empty username so it proceeded to the next screen (verification code). This has been resolved by adding a check for a blank username with the appropriate related error message.
INC-170423 · Issue 648984
Added catch for SAML WebSSO duplicate key exception
Resolved in Pega Version 8.5.4
After logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint. Cannot insert duplicate key in object." This has been resolved by updating the session index handling and adding a catch for the duplicate key exception.
INC-173294 · Issue 650236
Mobile "Forgot Password" supports circumstanced rule
Resolved in Pega Version 8.5.4
An enhancement has been added to support a circumstanced rule for the "Forgot Password" flow on mobile.
INC-173466 · Issue 651456
Operator security enhancements
Resolved in Pega Version 8.5.4
It was possible to enable an operator from the operator access landing page even when write access was denied in the data admin operator class. This has been corrected.
INC-159836 · Issue 631205
Resolved unnecessary Apache UIMA Ruta logging
Resolved in Pega Version 8.5.5
A high level of exception logging related to Apache UIMA Ruta was seen under high loads due to annotations in the standard Ruta scripts; this did not impact execution, and has been resolved so only relevant events are logged.
INC-169412 · Issue 648881
Cross-site scripting protections updated for Graph Models
Resolved in Pega Version 8.5.5
Cross-site scripting protections have been updated for Graph Models.
INC-170721 · Issue 658959
Stricter criteria set for reusing an SSAExecutionContext
Resolved in Pega Version 8.5.5
After a Strategy was configured with an existing Proposition Filter and the Explain Results box was unchecked, executing the strategy resulted in the error "Stack is empty, cannot pop any more frames". Investigation showed that the SSAExecutionContext object was reused across the two criteria evaluation in Proposition Filter rule: this works well as long as the input is the same across the two evaluations. However, the SSAExecutionContext object also stashed a reference to a PublicAPI object which became stale in the second evaluation and caused the empty stack issue for the given scenario. This has been resolved by providing stricter criteria in deciding when an SSAExecutionContext can be reused or not in the case of Proposition Filter rule.
INC-171594 · Issue 656182
Spell check correctly applied to email body
Resolved in Pega Version 8.5.5
Spell check was not being applied to email body for text analysis in Email Channel. This has been resolved to work irrespective of case.