INC-144591 · Issue 601609
Oauth and beanutils jars upgraded
Resolved in Pega Version 8.5.2
The third party Oauth2 jars and commons-beanutils jar have been updated to the latest versions.
INC-144597 · Issue 598305
Updated handling for MT query of pr_data_admin table
Resolved in Pega Version 8.5.2
When using a multi-tenant environment with Oracle, as the number of users in the environment increased, the number of queries of the pr_data_admin table "WHERE pyEnableAuthService" increased exponentially and causes system slowness. This was traced to missed handling for the @ character in the authentication service cache while requesting, and has been resolved by updating authservicecache.java.
INC-145033 · Issue 599480
ForgotPassword responses made consistent
Resolved in Pega Version 8.5.2
To prevent possible exposure of valid usernames, the ForgotPassword logic has been updated so that it will show the same messages and set of screens to both valid and invalid users if a lost password request is made.
INC-145694 · Issue 601294
Property check handling updated for Ajax requestor
Resolved in Pega Version 8.5.2
SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.
INC-146434 · Issue 602738
Accessibility added to Security Event Configuration headers
Resolved in Pega Version 8.5.2
Labels for the headers in the Security Event Configuration screen have been converted to dynamic layout headers so they will be detected by JAWS screen reader.
INC-146921 · Issue 601635
Cross-site scripting update for Dev Studio
Resolved in Pega Version 8.5.2
Cross Site Scripting (Cross-site scripting) protections have been added to Developer Studio.
INC-151253 · Issue 607624
Hash comparisons adjusted for upgraded sites
Resolved in Pega Version 8.5.2
Existing Pega Diagnostic Cloud SSO URLs were not working after upgrade. This was traced to the previous tenant hash (or AG hash) having padding characters like ‘(’ which are no longer used in higher versions. This caused the tenant hash comparison during the SAML login flow to fail. To resolve this, the system will not compare an incoming tenant hash (in relay state) with a current platform tenant hash, but instead will rely on the “/!” pattern to identify the tenant hash in the relay state.
SR-D16934 · Issue 493702
External Cassandra nodes listed in DDS cluster
Resolved in Pega Version 8.3.1
Nodes of an external Cassandra cluster were not listed in the DDS cluster except for the first one in the host list, and when the “only” listed Cassandra node was restarted, the status on the DDS cluster LP did not become “NORMAL” afterwards. In addition, even though other C* nodes were up and running, the external Cassandra cluster was reported as unreachable. This was an unintended side effect of work done on the landing page to reflect the real state of the nodes after some were killed and restarted, and has been corrected by refining the equals() and hashCode() methods for DDS member info in order to better differentiate the external Cassandra nodes.
SR-D22686 · Issue 493516
IH summaries working with external Cassandra
Resolved in Pega Version 8.3.1
Summaries were not working for external Cassandra. This was an issue with the IH summary component using the aggregated dataset as a reference, and this fix contains several components to improve this function. An issue where the IH aggregates dataset does not materialize when DDS is external Cassandra has been resolved by modifying the code that checks the DDS availability. A filter that was used to match “” did not work when pre-aggregation is off : this was due to the IH Browse operation being done outside of a DF context, and has been fixed. The IH Summary shape not working properly in a strategy if it referenced an aggregate dataset with pxInteractionID as part of the group-by properties was traced to an issue with it generating a pxInteractionID value when executing the strategy, and has been resolved by excluding pxInteractionID from the group keys in the IH Summary shape.
SR-D24880 · Issue 494171
CEP bucket size increased to 1 minute
Resolved in Pega Version 8.3.1
Frequent DSM Data Flow Errors were observed in production nodes with very high event rates. This was traced to the default bucket size for CEP being 1 second for a 31 day window, which was not sufficient to handle high volume use which may create an event strategy window large enough to hit the Cassandra column size limit. In order to resolve this, the default bucket size has been increased from 1 second to 1 minute.