INC-175706 · Issue 659529
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.5.5
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-179188 · Issue 661955
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.5.5
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-179360 · Issue 662180
Check added for allowed editing with CSRF
Resolved in Pega Version 8.5.5
After enabling CSRF, it was not possible to edit a data table used to define ACL rules due to security preventing the adding/editing of rows and user group entitlements. This has been resolved by using browser FingerPrint validation to check whether an activity is in a secured list and skipping validation for allowed activities.
INC-180858 · Issue 660801
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.5.5
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-168368 · Issue 657028
DateTime validation works correctly after importing invalid data
Resolved in Pega Version 8.5.5
After creating DecisionData (Dev studio) and adding a DateTime property to the form, importing records with invalid DateTime values failed with a validation error on the screen and the message "Error while converting format for data type DateTime property name Test_date_format with value scvf" was logged. Attempting to proceed by correcting the DateTime property and uploading worked, but any subsequent imports in the same session silently allowed invalid inputs to be passed without any validation errors and then showed blank date fields. This has been corrected.
INC-172785 · Issue 662335
Adaptive model retry mechanism enabled
Resolved in Pega Version 8.5.6
Adaptive models were missing from the Model Management page as well as in the Prediction studio while similar models for the same proposition, only differing by the Channel name, were visible. This was traced to data not being synchronized between the database and Cassandra. The pegadata.pr_data_adm_factory database table did not contain the record of the missing channel, but Cassandra did. Since the current Cassandra adm_scoringmodel contained model information, the system still believed the model was present. In order to ensure Cassandra and the database table are in sync, an update has been made to enable the retry mechanism "SyncFactoryKeysTask" to create the ADM model in factory table by periodically looking for scoring models without factories or an entry in adm_meta.
INC-173596 · Issue 660221
Google OAuth and Spring versions updated
Resolved in Pega Version 8.5.6
The Google-oauth-client jar has been upgraded to version 1.31.1, and SpringFramework libraries have been updated to version 5.3.9 .
INC-174661 · Issue 678821
Handling added for clearing node killed between assignment and processing
Resolved in Pega Version 8.5.6
An Offer flow was not resuming after it expired according to the wait shape. Investigation traced this to partitions which were assigned to a dead node in NEW state where they were not picked up by the dataflow. The problem was only encountered in the unusual situation when a dataflow node was killed in the brief period of time between the assignment and the processing, and has been resolved by adding an update which will clear unknown new assigned partitions for the batch run health task.
INC-174781 · Issue 655120
Kerberos authentication added for external Cassandra
Resolved in Pega Version 8.5.6
Support has been added for Kerberos authentication with Cassandra.
INC-175207 · Issue 655553
Added handling for DSM Services stuck in leaving status after database outage
Resolved in Pega Version 8.5.6
During a database outage, the heartbeat would fail and DSM services would eventually try to enter safe mode and stop. As the first step they would try to change the state to LEAVING, but because the database was down saving the LEAVING state failed and the exception was not handled correctly. This resulted in the rest of the stop operation logic not being executed and the service being stuck in LEAVING. To resolve this, an update has been made to ensure the service goes to LEAVING_FAILED if anything fails during the stop operation including when setting state to LEAVING_FAILED. The state LEAVING_FAILED will get flushed to the database eventually when it comes back up. This will allow the aggregation service to start from the LEAVING_FAILED state and recover by itself after a database outage.