Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Go to download resolved issues by patch release.

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please update your bookmarks. This site will be discontinued in Dec 2024.

Pega Platform Resolved Issues for 8.1 and newer are now available on the Support Center.

INC-140111 · Issue 594377

CSRF token handling added to Bulk Processing

Resolved in Pega Version 8.6

CSRF token handling added to Bulk ProcessingOn click of submit button from the bulk transfer screen, the pzbulkprocess harness was loaded and the portal was automatically logged off. Investigation showed that when CSRF was enabled, loading pzBulkProcess failed with a 403 error that resulted in logging off the current session due to a missing fingerprint token. This has been resolved by adding both CSRF token and fingerprint generation logic to pzBulkProcessingList.

INC-140224 · Issue 604004

Corrected SAML SSO error

Resolved in Pega Version 8.6

After opening a case from the Pega-FCM portal or after logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint %27pr_data_saml_requestor_PK%27. Cannot insert duplicate key in object". This was a missed use case that happens only under the old SAML configuration, and has been resolved by removing a when condition that checks for stepstatus fail for the pySAMLwebSSOAuthentication activity.

INC-141595 · Issue 602714

CSRF and Browser fingerprint tokens added for testing custom scripts

Resolved in Pega Version 8.6

After upgrade, the test window appeared blank when attempting to test Decision Table rules. This was traced to there not being CSRF token and Browser fingerprint handling in the custom script used to show a prompt screen to the user. Because the CSRF token validation was missing, the request failed. To resolve this, CSRF and Browser fingerprint tokens have been added as hidden fields.

INC-141940 · Issue 601541

Revoke Access Token check removed from OAuth Client Registration

Resolved in Pega Version 8.6

When client credentials were implemented, the OAuth 2.0 Client Registration form was designed such that once the instance was created and a token issued, the access tokens were deleted on save. Process changes now indicate that it should be possible to save the form because it may only have History Description/Usage changes made to it and Revoke Token and Regenerate Secret buttons are already available. To address this, the Revoke Access Token check has been removed from the validate activity of Client Registration.

INC-142145 · Issue 594917

Resolved 403 error for refresh of incognito window with CSRF

Resolved in Pega Version 8.6

Opening the simpleurl in a fresh incognito window opened the work object in a standard thread, but on refresh of the window a 403 error appeared and the screen went blank. This was a missed use case for the recently-added CSRF validation for non-ajax get requests which are redirected post requests. The CSRF token was being validated if pzPostData was in the request, but once the original request was complete the request map was cleared and the pzCtkn value in the request map was empty, resulting in the 403 error. To resolve this, the system will skip CSRF validation for a refresh scenario where the post data request map is empty after the original request, and validation has been added for the blank pyActivity in the request.

INC-142648 · Issue 594806

PRTraceServlet security check added

Resolved in Pega Version 8.6

Modifying the Pega application URL with PRTraceServlet displayed multiple user credentials and session information. This has been corrected with the addition of a privilege check in GetConnectionListCommand before allowing the connections list to be fetched.

INC-143181 · Issue 599591

Handling added for terminate session exception caused by null operatorID

Resolved in Pega Version 8.6

After the REST service called ((PegaAPI)tools).triggerRequestorTerminationPulseEvent(action,OperatorsList,message), which was being used for maintenance by handling the REST request for terminating user sessions before the system was brought down, all login attempts were resulting in a null pointer exception and the system had to be restarted to recover. This was a corner issue caused when a NULL operator was provided as input, and has been resolved by adding handling for that case.

INC-144591 · Issue 601608

Oauth and beanutils jars upgraded

Resolved in Pega Version 8.6

The third party Oauth2 jars and commons-beanutils jar have been updated to the latest versions.

INC-144597 · Issue 598304

Updated handling for MT query of pr_data_admin table

Resolved in Pega Version 8.6

When using a multi-tenant environment with Oracle, as the number of users in the environment increased, the number of queries of the pr_data_admin table "WHERE pyEnableAuthService" increased exponentially and causes system slowness. This was traced to missed handling for the @ character in the authentication service cache while requesting, and has been resolved by updating authservicecache.java.

INC-144756 · Issue 602723

Security improved for searches

Resolved in Pega Version 8.6

Authentication requirements have been added to activities associated with searching.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us