INC-180858 · Issue 660801
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.5.5
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-227878 · Issue 727855
UPDATE IMPACT FOR PEGA CALL
Resolved in Pega Version 8.7.3
Log4j-1.2.14.jar and Log4j-1.2.17.jar have been removed to address the security concerns with these versions, and logger jars have been upgraded to 12.7.2 version (from 12.7.1 version) to make Pega Call compatible. This change will impact Pega Call customer environments due to Avaya or Genesys, which are part of Pega Call, having an internal dependency on Log4j1.x version jars. As a result, the SDK logging for Avaya or Genesys will not be available in the 8.7.3 release unless the Log4j-1.x jar files are reimported locally.
INC-173596 · Issue 673089
Apache Commons HttpClient dependency removed
Resolved in Pega Version 8.7.3
As part of moving from the Apache Commons HttpClient project (which is at end of life and no longer being developed) to the Apache HttpComponents project, openws dependencies on the commons-httpclient jar have been removed.
INC-228169 · Issue 729187
Login error messages updated
Resolved in Pega Version 8.7.3
Exception response messages have been updated in order to improve security around attempts to bypass operator authentication.