Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Go to download resolved issues by patch release.

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please update your bookmarks. This site will be discontinued in Dec 2024.

Pega Platform Resolved Issues for 8.1 and newer are now available on the Support Center.

INC-210168 · Issue 732069

Added handling for Node Level Data Pages not loading automatically

Resolved in Pega Version 8.8

After update, the MQ listeners were not starting. This was traced to the Global Resource Setting references in the listener rules that utilize data page lookups; MQ listeners started as expected when they were hard-coded with the values present on the data page. Investigation showed this was caused by the activity running in an unauthenticated context, and has been resolved by allowing the app requestor to skip authentication.

INC-211426 · Issue 706059

UI and code changes to support Client Assertion in Open ID Connect

Resolved in Pega Version 8.8

In order to support private_key_jwt, an enhancement has been added which will pass the “Client ID” and “Client assertion” (in the form of a signed JWT) as part of the authorization code grant flow for an IDP-initiated SSO. The Authorization Server will then authenticate Pega (the client) to verify the signature and payload of assertion by retrieving the public key via Pega’s JWKS endpoint.

INC-212265 · Issue 714014

at+jwt header type support added

Resolved in Pega Version 8.8

After upgrading from Pega 7 to Pega 8, using JWT validation in the REST service package with type "at+jwt" resulted in the JSON web token being rejected during signature verification with the error "header "typ" (type) "at+jwt" not allowed". Pega uses the third-party Nimbus jar to generate and verify JWT tokens, and this issue was traced to a difference in the versions of that jar: Pega 7.3 uses the nimbus-jose-jwt 5.1 version jar, while Pega 8.6+ uses the 8.20 jar version. Nimbus rejects at+jwt header types by default from the 8.0 jar version. To resolve this and improve backwards compatibility, at+jwt header type support has been added.

INC-215343 · Issue 711143

Security updates

Resolved in Pega Version 8.8

Security updates have been made relating to rulesets using allow lists, checks for Java code injections, SAML-based SSO code, and supporting SFTP as part of the validation in the pxValidateURL rule.

INC-216053 · Issue 716445

UI and code changes to support Client Assertion in Open ID Connect

Resolved in Pega Version 8.8

In order to support private_key_jwt, an enhancement has been added which will pass the “Client ID” and “Client assertion” (in the form of a signed JWT) as part of the authorization code grant flow for an IDP-initiated SSO. The Authorization Server will then authenticate Pega (the client) to verify the signature and payload of assertion by retrieving the public key via Pega’s JWKS endpoint.

INC-216154 · Issue 718234

SMTPPort parameter will be passed to ForgotPasswordUtil

Resolved in Pega Version 8.8

When a user triggered the "Trouble Signing in" function, the SentEmailNotification activity connection was trying to use port 25 even if the SMTP Port was configured as 587 in the Email Account instance. This was due to the SMTP Port not being passed to the SentEmailNotification activity, causing a fallback to port 25 for non-SSL connections. In order to ensure SendEmailNotification uses a specified port if configured, pySMTPPort will be passed to ForgotPasswordUtil.java.

INC-217461 · Issue 714309

Key ID made optional for JWT

Resolved in Pega Version 8.8

After update, Connect-REST services were failing with a Admin_Security_Token.Action error. This was traced to kID (key ID) being mandated following previous work done to address an issue. To resolve this and better support backwards compatibility, the kID has been made optional in the JWT header.

INC-219054 · Issue 718871

Data key rotation update

Resolved in Pega Version 8.8

After creating a new Azure vault keystore, attempting to force data key rotation produced the error "Unable to save keystore metadata". This has been resolved with an update to use the same master key ID as the old keystore in cases where the master key ID is the same.

INC-219086 · Issue 724268

Keypair handling updated

Resolved in Pega Version 8.8

Rest API calls were failing with invalid token error in production due to the keypairs used to encrypt the access token being different for each node. This happened when the keypair cache was maintained at node level instead of being retrieved from a database each time; when a keypair expired, a new keypair was created for each node instead of sharing one because the updates to keypair were not properly communicated among the nodes. To resolve this, a check has been added to see if a new keypair is already available in the database before creating a new keypair, handling has been added for any DuplicateKeyException that might occur while saving a keypair to the database, and a pxCreateDateTime has been added while storing the new keypair in the database. Please also note that the default key rotation period is now 180 days and can be adjusted through the setting AccessToken/KeyRotationInterval.

INC-220928 · Issue 739155

Added handling for Node Level Data Pages not loading automatically

Resolved in Pega Version 8.8

After update, the MQ listeners were not starting. This was traced to the Global Resource Setting references in the listener rules that utilize data page lookups; MQ listeners started as expected when they were hard-coded with the values present on the data page. Investigation showed this was caused by the activity running in an unauthenticated context, and has been resolved by allowing the app requestor to skip authentication.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us