SR-D90939 · Issue 557309
Handling updated for redirect URI construction
Resolved in Pega Version 8.4.2
The redirect URI for an ODIC authorization request to IDP from Pega was truncated, resulting in an incorrect redirect URI. This was traced to the App alias feature was introduced in 8.4 which appends /app/ to the context URL. While constructing OpenID authorization request, the redirect URI was constructed from current login context. In the process of removing the app alias from the URL, a conflict was seen when the server name contained the word "app" in it. To resolve this, the app alias handling has been updated.
SR-D95501 · Issue 557684
Updated jar supporting SAML login to work with JRE11
Resolved in Pega Version 8.4.2
SO authentication was failing with the exception "Caused by: java.lang.NoClassDefFoundError: Could not initialize class org.apache.commons.ssl.TrustMaterial". That class was packaged with Pega via the not-yet-commons-ssl.jar which is no longer being developed and only works with JRE8. This has been resolved by updating the package to the new not-going-to-be-commons-ssl.jar which has been evaluated for all supported JRE versions.
SR-D95525 · Issue 561833
CSRF validation update
Resolved in Pega Version 8.4.2
CSRF validation has been added for non-AJAX get requests which originated from a redirected post request.
SR-D96368 · Issue 555742
10 minute cap added to lockout time interval for failed logins
Resolved in Pega Version 8.4.2
After a certain number of failed attempts, there is a process that locks out the operator for a time interval. When the interval has expired and the operator is able to try again, the next "lockout" uses a time interval double the prior size. Previously, this was able to grow without any restriction. In order to improve effective requestor management, an upper limit has been added for maximum lockout period. The default has been set at 10 minutes or 600 seconds, but this may be configured using the DSS : authPolicy/delay/maxDelay in the Ruleset: Pega-Engine. The value is set in seconds: if the value specified in the DSS is greater than 600 seconds, then the maximum lockout period will fall back to 600 seconds (10 minutes).
SR-D96395 · Issue 555119
CDK key loading modified for better database compatibility
Resolved in Pega Version 8.4.2
Users were unable to log on to the system and received the error "There has been an issue; please consult your system administrator." Investigation showed the log errors stating "(dataencryption.DataKeyProvider) ERROR localhost - Could not get CDK from systemKeyManagementCache - System CDK is null". This was an issue specific to the MS SQL Server database when there were 6 or more CDKs in the database: CDK keys are loaded from database into Cache using an SQL statement which had the ORDER clause. By default, the ORDER clause treats NULL values differently on different databases, and this caused MS SQL databases to not load a necessary CDK key. To resolve this, the SQL query has been modified so the result will be the same for all supported daatbases (Oracle, Postgres & MS SQL Server).
SR-D39956 · Issue 511637
Corrected method IF use with shortcut function
Resolved in Pega Version 8.2.5
After upgrade, method IF was not working as expected when used in an expression like "@if(.totalorders_120days>0,(.remakeorders_120days/.totalorders_120days)<0.3,false)". This was caused by a missed use case for the combination of an exception-generating function in combination with a shortcut function (i.e. ternary, and, or), and has been resolved.
SR-D41207 · Issue 512087
Fallover stategy added to chat routing to keep event processor running
Resolved in Pega Version 8.2.5
Chats were becoming stuck in the queue and end users were not able to connect with the customer service representative. An excessive number of queued items were observed in a Queue Processor named "EventProcessor". This was traced to the setting "Browse from the offset" having been removed because of a retention policy. This resulted in "Browse from the end of the stream" being used instead even though browse should start from the earliest known offset. To resolve this, Stream Producer will be cached based on topic, and Stream consumer will fall over to an earliest strategy in case the requested offset isn't found so the event queue will be handled in a timely manner.
SR-D42662 · Issue 516870
Support added for auto restart of system paused nodes
Resolved in Pega Version 8.2.5
After the system paused a run, nodes had to be manually restarted by hand. Investigation showed that a node had fallen from the Hazelcast cluster due to an instability and that there was no support for an auto-restart under this condition. This has been resolved by adding a pulse task to resume runs stuck in system pause.
SR-D43912 · Issue 509737
Fallover stategy added to chat routing to keep event processor running
Resolved in Pega Version 8.2.5
Chats were becoming stuck in the queue and end users were not able to connect with the customer service representative. An excessive number of queued items were observed in a Queue Processor named "EventProcessor". This was traced to the setting "Browse from the offset" having been removed because of a retention policy. This resulted in "Browse from the end of the stream" being used instead even though browse should start from the earliest known offset. To resolve this, Stream Producer will be cached based on topic, and Stream consumer will fall over to an earliest strategy in case the requested offset isn't found so the event queue will be handled in a timely manner.
SR-D47618 · Issue 512602
Statistic rounding error in ADMSnapshot Agent with Oracle corrected
Resolved in Pega Version 8.2.5
While running the ADMSnapshot Agent, the exception "internal.mgmt.Executable) ERROR com.pega.decision.adm.client.ADMException: Failed to complete ADM Data Mart snapshot" was seen. This was traced to an issue with the rounding of performance statistics when using Oracle, and has been resolved.