Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Download resolved issues

Go to download resolved issues by patch release.

See Platform Release Notes

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please note: beginning with the Pega Platform 8.7.4 Patch, the Resolved Issues have moved to the Support Center.

Platform Version

Capability

Security 8.7.1 8.5.2 8.5.1
(Clear filters)

INC-182530 · Issue 695760

SAML datapages cleared before new authentication

Resolved in Pega Version 8.7.1

If a previous user had not logged out or timed out when using SAML authentication, a second person using the same device/browser would end up in the first user's session after performing their own authentication. Investigation showed the second login D_SAMLAssertionDataPage was not getting refreshed with the current user login details; this has been resolved by explicitly deleting the SAML Datapages before processing a new login if the session has not timed out.

INC-196839 · Issue 695281

Removed duplicate clipboard page creation

Resolved in Pega Version 8.7.1

An out of memory exception occurred due to the pyInstanceInfoForUpdate clipboard page having 6.5M Embed-InstanceInfo entries. This was traced to the ClientUpdateRequestHandler.getInstanceInfoPage method continuously appending to the ClipboardProperty instanceInfoPage. This has been resolved by removing the extra creation of instance pages within the loop.

INC-200303 · Issue 692845

OIDC authentication service token reload updated

Resolved in Pega Version 8.7.1

The exception “PRSecurityException: Invalid State Parameter received" was generated along with "Unable to execute OIDC flow : Caught exception while parsing the id token”. The issue was identified in the Keystore cache refresh strategy for the 'reload once per interaction' option. While the Refresh interval was one minute for reload once per interaction, if there was a login request/keystore request in that one minute then the refresh interval was pushed to one minute again from that timestamp. The system was also maintaining the cache refresh interval as one minute. That meant if there were continuous requests, then the refresh interval was pushed to one minute for each request. As a result, the Refresh interval was repeatedly extended until the exception occurred. To resolve this, the Refresh token will happen if there are no requests for a period of one minute, and the cache refresh interval for "Reload once per iteration" has been removed completely.

INC-200877 · Issue 693823

Functions supported in Authorization Service

Resolved in Pega Version 8.7.1

An enhancement has been added to support operator page context evaluation with a Rule-Utility-Function during property mapping evaluation.

INC-209298 · Issue 704142

Added security tokens to Worklist assignment error wizard

Resolved in Pega Version 8.7.1

After enabling CSRF, moving to 'Configure -> Case Management -> Tools -> Work Admin -> Worklist assignment errors' and then selecting a record and clicking on 'Delete' resulted in a '403 Forbidden' error. This has been resolved by adding CSRF and fingerprint tokens as part of the form data.

INC-135849 · Issue 582939

Encrypted SOAP response token generation updated

Resolved in Pega Version 8.5.1

After configuring a SOAP service that used signature and encryption on the response, the response being created was incorrect and could not be decrypted by the receiver. Investigation showed that the API used to generate the SOAP headers was not setting the wsse11:TokenType element, causing receivers which enforce BSP compliance to fail. This has been resolved by modifying the custom webservices-rt-pega2 jar to set the token type in the case of a response encryption policy.

INC-138354 · Issue 584722

Handling added for samesite cookies with httpOnly

Resolved in Pega Version 8.5.1

After enabling samesite cookies on Google Chrome to support Mashup login, intermittent issues were seen with a non-mashup login where entering the OperatorID and password only resulted in a refresh of the login screen. This was traced to a scenario where an httponly cookie attribute was present along with samesite cookie attributes, and has been resolved by adding handling for a condition where samesite is set and httpOnly is enabled.

INC-130145 · Issue 582855

Null checks added for the presence of roles and dependent roles

Resolved in Pega Version 8.5.1

Frequent Null Pointer errors were being generated relating to SecurityAnalysisForSecurityAdministratorsTask.getCurrentSecurityTaskDetails(). Investigation showed that the Origin and Stack trace tabs were empty, leading to the obj-open of the role failing when the role was not available in the system being utilized. This has been resolved by adding a series of null checks for role existence and dependent roles existence.

INC-139867 · Issue 588757

Additional security for encrypted passwords

Resolved in Pega Version 8.5.1

Handling and cleanup has been updated for encrypted values to enhance security.

INC-134315 · Issue 578366

Resolved 400 error on second browser session

Resolved in Pega Version 8.5.1

When accessing application URLs in two tabs of a browser window, logging into the second session was throwing a 400 invalid request. This has been resolved by adding specified activities to an allow list which will bypass URLObfuscation in un-authenticated mode. Non-listed activities will be processed using URLObfuscation if it is enabled.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us