Skip to main content

- Get Started with Community
  
  Tools and knowledge to help you succeed.
- Get Inspired
- Get Involved
- Roles
- Products
- Concepts
- What's New
- Browse Documentation
- Visit Pega Documentation
- Learn
  - My Training
    - My Dashboard
  - Find Training
- Certifications
  - Get Certified
  - Find Certifications
    - Verify a Certification
    - Find Pega Certified Professionals
- About
  - Learning
  - Programs
- Visit Pega Academy
- Get Support
- Support Resources
- Working with Support
- EXPERT INSIGHTS
  
  Master Pega products and capabilities with advice from our experts.
- Browse the Marketplace
- Get Involved
- Visit Pega Marketplace

- Pega.com
  
  Explore solutions, events, and customers
  
  PegaWorld iNspire
  
  Register for our flagship event
  
  Partners
  
  Discover program benefits and enablement resources
  
  Marketplace
  
  Extend Pega with components and apps
  
  My Pega
  
  Manage your organization's relationship with Pega
  
  Pega Community
  
  Drive success with centralized content and resources
  
  Documentation
  
  Find product guides and reference docs
  
  Academy
  
  Complete missions, earn badges, and stay current
  
  Pega Constellation Design System
  
  Browse library of UI/UX templates, patterns, and components
  
  Careers
  
  Pega Support

- Log in or sign up to set up user profile.
- Log in or sign up to set up personalized notifications.

Resolved Issues

View the resolved issues for a specific Platform release.

Download resolved issues

Go to download resolved issues by patch release.

See Platform Release Notes

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please note: beginning with the Pega Platform 8.7.4 Patch, the Resolved Issues have moved to the Support Center.

Platform Version

Capability

Data Integration (114)

Case Management (40)

System Administration (39)

Decision Management (39)

Low-Code App Development (24)

Conversational Channels (14)

Project Delivery (2)

Search

(Clear filters)

SR-D31734 · Issue 515656

Cross-site scripting protection added for parameter page properties

Resolved in Pega Version 8.2.6

An Cross-site scripting vulnerability was seen with the Edge browser when run on visibility on client check was enabled with dynamic layouts and some properties were accessed from parameter page. Because run on visibility on client check is not required in this scenario, is has been removed and the values will be accessed from the server instead.

INC-163914 · Issue 668845

Improved Agile Studio passivation recovery

Resolved in Pega Version 8.6.2

When an Agile Studio session was passivated, the error "SECU0008 : CSRF Detected and Blocked" was seen. Reactivating the session resulted in a blank page. This was traced to the clearing of requestor level registrations added for that particular thread, and has been resolved by adding a new flag to identify if a thread is passivated along with the necessary structure for the conditionalized clearing of requestor level registrations based on this flag.

INC-179360 · Issue 662177

Check added for allowed editing with CSRF

Resolved in Pega Version 8.6.2

After enabling CSRF, it was not possible to edit a data table used to define ACL rules due to security preventing the adding/editing of rows and user group entitlements. This has been resolved by using browser FingerPrint validation to check whether an activity is in a secured list and skipping validation for allowed activities.

INC-180275 · Issue 666455

Collaboration control hidden if data type is delegated

Resolved in Pega Version 8.6.2

When collaborating using a customized CaseManager portal with some delegated data types, the admin user refreshing the Data Type view changed the collaborator's view from the portal to show the Data Type tabs, allowing the second person to open rules (properties, Data Pages, etc) and see the configuration even though they could not make any changes. This has been resolved by updating pzDataTypeDelegated to display the collaboration control only if pzDelegation is false.

INC-180594 · Issue 670955

Filtering added for DisableDormantOperators

Resolved in Pega Version 8.6.2

When running the Disable Dormant Operators agent, many operators were seen which were dormant but not disabled. Investigation showed the activity was fetching all of the operators without filtering the deactivation state. This has been resolved by adding a filter condition in pzDisableDormantOperators to fetch only deactivate state users.

INC-184804 · Issue 669638

Password security enhanced

Resolved in Pega Version 8.6.2

Security and authentication have been enhanced for password handling.

INC-185362 · Issue 668825

Keystore update properly revises the cache

Resolved in Pega Version 8.6.2

A keystore updated with the latest certificate was not getting reflected in the runtime and the old certificate was getting picked. In a multi-node environment when the new JKS is uploaded in one node, the changes are expected to be communicated to other nodes so that the cache can be cleaned up. In this case, investigation showed that the keystore label was in uppercase and the cache entry was not correctly removed. This has been resolved by adding an update that will convert the cache key to lowercase and maintain uniformity to ensure proper cleanup.

INC-186512 · Issue 669327

Password security enhanced

Resolved in Pega Version 8.6.2

Security and authentication have been enhanced for password handling.

INC-135849 · Issue 582939

Encrypted SOAP response token generation updated

Resolved in Pega Version 8.5.1

After configuring a SOAP service that used signature and encryption on the response, the response being created was incorrect and could not be decrypted by the receiver. Investigation showed that the API used to generate the SOAP headers was not setting the wsse11:TokenType element, causing receivers which enforce BSP compliance to fail. This has been resolved by modifying the custom webservices-rt-pega2 jar to set the token type in the case of a response encryption policy.

INC-138354 · Issue 584722

Handling added for samesite cookies with httpOnly

Resolved in Pega Version 8.5.1

After enabling samesite cookies on Google Chrome to support Mashup login, intermittent issues were seen with a non-mashup login where entering the OperatorID and password only resulted in a refresh of the login screen. This was traced to a scenario where an httponly cookie attribute was present along with samesite cookie attributes, and has been resolved by adding handling for a condition where samesite is set and httpOnly is enabled.

You are currently on page 1 Navigate to page 2 Next

About Pegasystems

Pegasystems is the leader in cloud software for customer engagement and operational excellence. If you’ve driven a car, used a credit card, called a company for service, opened an account, flown on a plane, submitted a claim, or performed countless other everyday tasks, chances are you’ve interacted with Pega. For the past 30 years, our technology – CRM, digital process automation, robotics, AI, and more – has empowered the world’s leading companies to achieve breakthrough results.

Join the conversation

X (Twitter)
Facebook
Linkedin
Youtube

Company

About Pega
Office Locations
Careers
Contact Us

Pega Sites

Pega Community
Pega Academy
PegaWorld
Pega Blog
Product Design

Resources

Get Started with Pega
Documentation
Training
Support
Marketplace

Legal

Terms of Use
Support
Glossary
Privacy
Your Privacy Choices
Trademarks

©2024 Pegasystems Inc.

Open in new window

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

Join Now

Log in

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Google Chrome
Mozilla Firefox
Microsoft Edge

Close Deprecation Notice Close Deprecation Notice

Contact us