Skip to main content

- Get Started with Community
  
  Tools and knowledge to help you succeed.
- Get Inspired
- Get Involved
- Roles
- Products
- Concepts
- What's New
- Browse Documentation
- Visit Pega Documentation
- Learn
  - My Training
    - My Dashboard
  - Find Training
- Certifications
  - Get Certified
  - Find Certifications
    - Verify a Certification
    - Find Pega Certified Professionals
- About
  - Learning
  - Programs
- Visit Pega Academy
- Get Support
- Support Resources
- Working with Support
- EXPERT INSIGHTS
  
  Master Pega products and capabilities with advice from our experts.
- Browse the Marketplace
- Get Involved
- Visit Pega Marketplace

- Pega.com
  
  Explore solutions, events, and customers
  
  PegaWorld iNspire
  
  Register for our flagship event
  
  Partners
  
  Discover program benefits and enablement resources
  
  Marketplace
  
  Extend Pega with components and apps
  
  My Pega
  
  Manage your organization's relationship with Pega
  
  Pega Community
  
  Drive success with centralized content and resources
  
  Documentation
  
  Find product guides and reference docs
  
  Academy
  
  Complete missions, earn badges, and stay current
  
  Pega Constellation Design System
  
  Browse library of UI/UX templates, patterns, and components
  
  Careers
  
  Pega Support

- Log in or sign up to set up user profile.
- Log in or sign up to set up personalized notifications.

Resolved Issues

View the resolved issues for a specific Platform release.

Download resolved issues

Go to download resolved issues by patch release.

See Platform Release Notes

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please note: beginning with the Pega Platform 8.7.4 Patch, the Resolved Issues have moved to the Support Center.

Platform Version

Capability

User Experience (159)

Data Integration (152)

Decision Management (81)

Case Management (61)

Low-Code App Development (58)

System Administration (43)

Conversational Channels (32)

Project Delivery (11)

Cloud Services (3)

Search

(Clear filters)

INC-217461 · Issue 714310

Key ID made optional for JWT

Resolved in Pega Version 8.6.5

After update, Connect-REST services were failing with a Admin_Security_Token.Action error. This was traced to kID (key ID) being mandated following previous work done to address an issue. To resolve this and better support backwards compatibility, the kID has been made optional in the JWT header.

INC-219208 · Issue 717217

Updated OAuth2 registration handling for modified application definition

Resolved in Pega Version 8.6.5

After update, attempting to resave an application definition after any modification resulted in the error "Application OAuth2 client registration is failed. Error Message: PegaApp_XXBase:Client already exists". This was due to pxCreateRecord being called to create the authentication profile: as it was already present, it failed to create a new one. This has been resolved by changing pxCreateRecord to Obj-Save in this process. This change will only be applied on newly created applications using the Data-Application-OAuth2ClientRegistration instance. The solution for already exported applications is to delete the corresponding OAuth2 client (PegaApp_<application id>) and resave the application to create a new client along with the needed metadata.

INC-222213 · Issue 722507

Updated support for Client Assertion in Open ID Connect to generate unique JTI

Resolved in Pega Version 8.6.5

Following an update with an enhancement which added UI and code changes to support Client Assertion in Open ID Connect, the token expiry and issue dates were not getting set properly and the JTI was not getting generated. This has been resolved by adding code to generate a unique client_assertion on OIDC login with private_key_jwt so the JTI in client assertion will be be unique for every login.

INC-135849 · Issue 582939

Encrypted SOAP response token generation updated

Resolved in Pega Version 8.5.1

After configuring a SOAP service that used signature and encryption on the response, the response being created was incorrect and could not be decrypted by the receiver. Investigation showed that the API used to generate the SOAP headers was not setting the wsse11:TokenType element, causing receivers which enforce BSP compliance to fail. This has been resolved by modifying the custom webservices-rt-pega2 jar to set the token type in the case of a response encryption policy.

INC-138354 · Issue 584722

Handling added for samesite cookies with httpOnly

Resolved in Pega Version 8.5.1

After enabling samesite cookies on Google Chrome to support Mashup login, intermittent issues were seen with a non-mashup login where entering the OperatorID and password only resulted in a refresh of the login screen. This was traced to a scenario where an httponly cookie attribute was present along with samesite cookie attributes, and has been resolved by adding handling for a condition where samesite is set and httpOnly is enabled.

INC-130145 · Issue 582855

Null checks added for the presence of roles and dependent roles

Resolved in Pega Version 8.5.1

Frequent Null Pointer errors were being generated relating to SecurityAnalysisForSecurityAdministratorsTask.getCurrentSecurityTaskDetails(). Investigation showed that the Origin and Stack trace tabs were empty, leading to the obj-open of the role failing when the role was not available in the system being utilized. This has been resolved by adding a series of null checks for role existence and dependent roles existence.

INC-139867 · Issue 588757

Additional security for encrypted passwords

Resolved in Pega Version 8.5.1

Handling and cleanup has been updated for encrypted values to enhance security.

INC-134315 · Issue 578366

Resolved 400 error on second browser session

Resolved in Pega Version 8.5.1

When accessing application URLs in two tabs of a browser window, logging into the second session was throwing a 400 invalid request. This has been resolved by adding specified activities to an allow list which will bypass URLObfuscation in un-authenticated mode. Non-listed activities will be processed using URLObfuscation if it is enabled.

INC-130500 · Issue 580623

Cross-site scripting protections updated for authorization

Resolved in Pega Version 8.5.1

Cross-site scripting protections have been updated for various URLs associated with authorization.

Previous Navigate to page 1 Navigate to page 2 Navigate to page 3 Navigate to page 4 Navigate to page 5 You are currently on page 6

About Pegasystems

Pegasystems is the leader in cloud software for customer engagement and operational excellence. If you’ve driven a car, used a credit card, called a company for service, opened an account, flown on a plane, submitted a claim, or performed countless other everyday tasks, chances are you’ve interacted with Pega. For the past 30 years, our technology – CRM, digital process automation, robotics, AI, and more – has empowered the world’s leading companies to achieve breakthrough results.

Join the conversation

X (Twitter)
Facebook
Linkedin
Youtube

Company

About Pega
Office Locations
Careers
Contact Us

Pega Sites

Pega Community
Pega Academy
PegaWorld
Pega Blog
Product Design

Resources

Get Started with Pega
Documentation
Training
Support
Marketplace

Legal

Terms of Use
Support
Glossary
Privacy
Your Privacy Choices
Trademarks

©2024 Pegasystems Inc.

Open in new window

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

Join Now

Log in

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Google Chrome
Mozilla Firefox
Microsoft Edge

Close Deprecation Notice Close Deprecation Notice

Contact us