Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Go to download resolved issues by patch release.

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please update your bookmarks. This site will be discontinued in Dec 2024.

Pega Platform Resolved Issues for 8.1 and newer are now available on the Support Center.

INC-188162 · Issue 673507

RSA-PSS signature support added for for SAML SSO

Resolved in Pega Version 8.7

The XML security jars have been updated to incorporate RSA-PSS signature algorithm support.

INC-188889 · Issue 675580

New application wizard security updated

Resolved in Pega Version 8.7

Security around displaying and running the new application wizard has been enhanced.

INC-189989 · Issue 675572

Refresh assignment checks updated

Resolved in Pega Version 8.7

Additional privilege checks have been added to refresh assignment.

INC-190384 · Issue 676573

URL validation updated to handle custom token endpoints

Resolved in Pega Version 8.7

While saving an authentication profile with OAuth details, validation was failing for a valid URL given in the access token endpoint and revoke token endpoint fields. This was traced to the use of the Apache URL validator, which considered some domains to be invalid. To resolve this, the urlvalidator constructor has been updated to include a custom RegexValidator for access token and refresh token URLs.

INC-193561 · Issue 680427

Client secret made optional for JWT Bearer Grant type

Resolved in Pega Version 8.7

After update, trying to connect a REST API using OpenAM as the provider for OAuth and using JWT Bearer as Grant type was resulting in an error indicating the request was not reaching the destination. This was traced to the client secret being designated a mandatory field when it should be optional in this case as the required key store was already configured with a JWT token profile. To resolve this, an update has been made which will make the client secret optional when the authentication scheme is JWT Bearer. In addition, the blank value caused a null pointer error when the client secret was not passed. This has been handled with a check.

INC-194287 · Issue 681065

SSLContext created using protocol from REST connector rule form

Resolved in Pega Version 8.7

After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.

INC-196414 · Issue 684238

OAuth token refreshed when revoked on source

Resolved in Pega Version 8.7

When an OAuth token was used to authorize the APIs in the system, revoking the token at the source, i.e. from the Service side, did not automatically refresh the token and a logoff/logon was required before a fresh token was generated. This has been resolved by adding an update to explicitly purge revoked tokens.

INC-196431 · Issue 684886

Refresh assignment checks updated

Resolved in Pega Version 8.7

Additional privilege checks have been added to refresh assignment.

INC-199303 · Issue 690629

Guided Tour working from Actions menu

Resolved in Pega Version 8.7

After updating from Pega 8.4 to Pega 8.5, "Manage a Guided Tour" was no longer working under a local action when called from the Actions menu on a work object. An unspecified error message appeared in the tracer. Investigation showed there was a null pointer error caused by the menu being invoked on an invalid page, and this was traced to updated authentication requirements: registration at the portal is not reliable as it is thread-scoped and run only once. The thread name is not guaranteed to stay the same so subsequent invocations of the tour activities failed. This has been resolved by modifying the call registration function to handle the security issues related to the generation of the menu path.

INC-200299 · Issue 689561

LookUpList correctly executes during SSO login with model operator

Resolved in Pega Version 8.7

After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us