INC-170423 · Issue 648982
Added catch for SAML WebSSO duplicate key exception
Resolved in Pega Version 8.4.5
After logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint. Cannot insert duplicate key in object." This has been resolved by updating the session index handling and adding a catch for the duplicate key exception.
INC-171838 · Issue 651438
Added mail/telephone link to allowed CSP child frame
Resolved in Pega Version 8.4.5
After upgrade from v8.3 to v8.5, clicking on the mail / telephone link in the out of the box case participants gadget generated the Content Security Policy error "This content is blocked. Contact the site owner to fix the issue." Examination of the browser dev-tools console indicated the object refused to frame because it violated the Content Security Policy directive: "frame-src *". This behavior was specific to the Google Chrome browser, and has been resolved by adding code so the mailto: and tel: will be added to the frame-src when Data is selected under Child Frame-Source option. Unchecking the Data checkbox for Child Frame-Source on the policy landing page will remove these from allowed actions under CSP.
INC-171875 · Issue 653894
Skip restored for browser request CSRF token
Resolved in Pega Version 8.4.5
Many SECU0008 alerts were seen in the production logs. This was the result of a CSRF token check on requests without pyActivity or pyStream, and has been resolved by restoring a conditional skip of the check as those other browser requests do not contain a CSRF token.
INC-166995 · Issue 642440
DeleteDocumentPg added to allow list
Resolved in Pega Version 8.7
During performance testing with CSRF settings enabled, a '403 Forbidden' error was seen in the network trace when FinishAssignment called pyActivity=pyDeleteDocument on close action. This has been resolved by adding pyDeleteDocumentPg to the list of allowed activities.
INC-159836 · Issue 638267
Upgraded Apache UIMA Ruta libraries to resolve memory leak
Resolved in Pega Version 8.7
A memory leak issue that resulted in a reboot being needed every few days was traced to the class org.apache.uima.ruta.rule.RuleMatch. This has been resolved by upgrading the Apache UIMA Ruta libraries to v2.8.1.
INC-164243 · Issue 658270
DateTime validation works correctly after importing invalid data
Resolved in Pega Version 8.7
After creating DecisionData (Dev studio) and adding a DateTime property to the form, importing records with invalid DateTime values failed with a validation error on the screen and the message "Error while converting format for data type DateTime property name Test_date_format with value scvf" was logged. Attempting to proceed by correcting the DateTime property and uploading worked, but any subsequent imports in the same session silently allowed invalid inputs to be passed without any validation errors and then showed blank date fields. This has been corrected.
INC-165704 · Issue 639506
VBD data flow timeout increased and made configurable
Resolved in Pega Version 8.7
Intermittent VBD timeouts were seen when writing records to MSK even though no errors were reported on the MSK side. Analysis showed that while batch data flows retry when a timeout occurs, real time data flows do not retry and the configuration to wait up to 10 seconds for an acknowledgement may not be sufficient depending on the system conditions. This has been resolved by increasing the default timeout to 20 seconds and adding a configurable timeout "vbd/streamPublishTimeoutMillis" to allow a customized setting.
INC-166561 · Issue 645648
ADM Models correctly updated
Resolved in Pega Version 8.7
The ADM models were not being updated when responses were processed either via the CaptureResponse API or when the time elapsed that should result in an update reflecting a non-response. This was traced to incomplete handling for a response coming for some other model which was converted to EMPTY, and has been resolved by modifying the logic so that the default responses and other responses are processed properly.
INC-166845 · Issue 640299
Hazelcast remote execution not called from synchronized context
Resolved in Pega Version 8.7
After navigating to the Admin Studio portal to view the nodes, the portal was temporarily freezing. Investigation of the thread dump revealed this was caused by a DDS pulse sending a remote execution call to all nodes to update logger settings even though the site was not using DDS. This has been resolved by updating the system to avoid calling Hazelcast remote execution from a synchronized context.
INC-167606 · Issue 665870
Updated ConfirmHarness handling for case type creation
Resolved in Pega Version 8.7
If a new case type was created with the initialization stage and there were no assignments in the case type, the /cases API did not return a NextPageID in response. This has been resolved by setting the pyConfirmHarness parameter before calling addworkobject.