SR-D84190 · Issue 547172
Post-Import Migration Agent query optimized
Resolved in Pega Version 8.3.3
A Post-Import Migration agent belonging to the Pega-ImportExport Ruleset and set to run every 60 seconds by default triggered the SQL query "select ASTERISK from pegadata.pca_CWT_CXP_Work_Interaction" which ran for an excessive amount of time, caused a utilization spike, and then crashed the utility nodes. Investigation showed the excessive run time and load was caused by the query fetching a very large number of results. To better handle this scenario, the query usage has been updated.
SR-D78274 · Issue 544091
Handling added for dual privileges with MSSQL
Resolved in Pega Version 8.3.3
After setting up dual privileges, the Admin user was able to create a table but the base user received an "insufficient privileges" error. Investigation showed this was an issue when using MSSQL: the generated grant statements used the server login name as the user in the grant statement, instead of the database user. For all other databases, the username passed into the connection is the correct user to use for grants. Only MSSQL has a distinction between this connection user name (the login) and the database user, and since the login did not exist in the user table, the grant failed. To resolve this, when MSSQL is used, the system will fetch the underlying database user when determining the user for grant statement generation.
SR-D70872 · Issue 545856
Kerberos authentication parameters propagated for deployment
Resolved in Pega Version 8.3.3
Attempting to perform a deployment using Kerberos authentication to an Oracle database failed with an authentication error. This was traced to the java system properties (for example, -Dname=value) required by the Oracle JDBC driver for Kerberos authentication intermittently not being set when connections were being made to the database. When they were not being set, the connection would fail due to authentication. This has been resolved by ensuring the java system properties (-D's) that were provided to the 'custom.jvm.properties' property in the collection of deployment related *.properties files are being propagated to every part of the deployment scripts.
SR-D92877 · Issue 551030
SameSite cookie setting added for Mashup support in Google Chrome v80+
Resolved in Pega Version 8.3.3
The Google Chrome browser version 80 and above now treats SameSite with a blank value as "Lax" by default, causing mashup scenarios to break. In order to compensate for this change, support has been added for setting SameSite=None in Cookie Settings; this value automatically includes the “secure” cookie flag, which enforces HTTPS for the Pega server and mashup. For mashups to work, SameSite should be set as None. Create a Dynamic system setting in the Pega-Engine RuleSet with the name “security/csrf/samesitecookieattributevalue” and the value "None" and restart the server. (The SameSite value "None" works only in secure HTTPS connections.)Note: The SameSite cookie may be set to None/Lax/Strict, based on the requirement. For cookie requirements other than mashup, it should be set as either Strict or Lax, depending upon your application.
SR-D89002 · Issue 549102
SameSite cookie setting updated for pre-authentication
Resolved in Pega Version 8.3.3
In work done in previous versions to modify the SameSite cookie handling to support Mashups in Google Chrome v80+, SameSite was set to None only in case of an authenticated Pega-RULES cookie and not for a Pre-authenticated cookie. That caused the Samesite value to not be set when using a pre-authenticated cookie, and the blank value was treated as 'Lax', causing a login challenge. To resolve this, Samesite will be set to 'None' when using pre-authenticated cookie, which will match the way it is being set in authenticated cookie.
SR-D64523 · Issue 545670
Stream Registration deprecated and replaced
Resolved in Pega Version 8.3.3
Previously, Stream Registration, which was added as an extra layer of protection during the display of stream rules, automatically registered any streams being used in the context and checked this registry during reloadSection/reloadHarness calls to prevent Broken Access Control attacks. However, only an alert was thrown and no further action was being taken on it. With platform added support for URL Tampering, Stream Registration is no longer required and has been deprecated. The URL Tampering function has the capabilities to register for auto/non-auto rules and configure whether to display warning or reject the request for all the activities, and not just the stream rules. Note that URL Tampering will do registration/validation only when security/rejectTamperedRequests is explicitly set to true.
SR-D52604 · Issue 548060
Stream Registration deprecated and replaced
Resolved in Pega Version 8.3.3
Previously, Stream Registration, which was added as an extra layer of protection during the display of stream rules, automatically registered any streams being used in the context and checked this registry during reloadSection/reloadHarness calls to prevent Broken Access Control attacks. However, only an alert was thrown and no further action was being taken on it. With platform added support for URL Tampering, Stream Registration is no longer required and has been deprecated. The URL Tampering function has the capabilities to register for auto/non-auto rules and configure whether to display warning or reject the request for all the activities, and not just the stream rules. Note that URL Tampering will do registration/validation only when security/rejectTamperedRequests is explicitly set to true.
INC-154254 · Issue 674944
Correct Email Bot training text highlighted
Resolved in Pega Version 8.6.3
When a piece of text was selected and tagged against an entity while training the Email Bot, the entity selection was misplaced and partially covered the actual text selected. The incorrect selection was then carried forward to the training data spreadsheet. To resolve this, rule changes have been made that will update HTML entities to HTML encoded forms.
INC-181797 · Issue 679337
FocusSection timeout updated
Resolved in Pega Version 8.6.3
When being redirected from an email notification to a Pulse comment, the case opened but the Pulse post was not highlighted as expected. This was a purely cosmetic issue, and has been resolved.
INC-183960 · Issue 674382
Cases Created through email bots remain searchable
Resolved in Pega Version 8.6.3
When a case was created through Email Bot, the delete attachment link in pzCreateTriageWork activity was triggering a delete event in incremental indexing that removed the main work object. This has been resolved by adding a condition check in the SearchIncrementalIndexNotifier class for the link page, and the work object will be updated instead of deleted.