SR-D74848 · Issue 536998
Updated key handling for ProcessJWT
Resolved in Pega Version 8.1.8
After configuring an authentication service which used the ProcessJWT activity to validate the token received, the error "Unable to process the Json Web Token " was seen. Analysis showed the error was caused by a duplicate Key Id in JWK Endpoint Response: the system removed keys after processing, and in the case of duplicate keys the system was throwing null pointer exception because the key had already been removed. To resolve this, the system has been updated to not remove the keys from the map as part of this process.
SR-D76409 · Issue 540299
Cleanup added for staging directory
Resolved in Pega Version 8.1.8
Temporary files from imports and exports (from DevOps) were filling up the staging area disk space because there was no automatic process for cleaning up these local files. This has been resolved by adding an enhancement that will clear the directory on Engine Startup and any time ParUtils.setStagingDirectory gets called to initialize the staging directory.
SR-D78987 · Issue 544060
Support for custom jvm.args added
Resolved in Pega Version 8.1.8
In order to support Oracle PKI and other ticket based authentication, support has been added for custom jvm.args properties to setupDatabase and prpcUtils properties files.
SR-D79178 · Issue 543311
SameSite cookie setting added for Mashup support in Google Chrome v80+
Resolved in Pega Version 8.1.8
The Google Chrome browser version 80 and above now treats SameSite with a blank value as "Lax" by default, causing mashup scenarios to break. In order to compensate for this change, support has been added for setting SameSite=None in Cookie Settings; this value automatically includes the “secure” cookie flag, which enforces HTTPS for the Pega server and mashup. For mashups to work, SameSite should be set as None. Create a Dynamic system setting in the Pega-Engine RuleSet with the name “security/csrf/samesitecookieattributevalue” and the value "None" and restart the server. (The SameSite value "None" works only in secure HTTPS connections.) Note: The SameSite cookie may be set to None/Lax/Strict, based on the requirement. For cookie requirements other than mashup, it should be set as either Strict or Lax, depending upon your application.
SR-D42451 · Issue 518067
ExecuteRDB call updated to use NativeSQL for blob
Resolved in Pega Version 8.2.6
After creating a test activity to clear data set records that used the DataSet-Execute method and passed the data set name and truncate operation, only 51 records were deleted in a single run when the data set had more than 51 records. Investigation showed that for blob tables, the database truncate operation was using executeRDB with an empty results page, i.e. it didn't specify pyMaxRecords, which on some databases might have limited the number affected records. To resolve this, the executeRDB call in the database truncate operation has been modified to use NativeSQL for blob tables.
SR-D45608 · Issue 519901
Correct service instance name passed for data flow in DSMStatus
Resolved in Pega Version 8.2.6
When using the Connect-HTTP service "DSMStatus" to provide the node and status information as seen on the various tabs of the Designer Studio > Decisioning > Infrastructure > Services landing page, using DataFlow as the service parameter for the HTTP service method resulted in an empty response when the expectation was to get the information regarding the cluster details of Dataflow node type. This was traced to the service instance name not being parsed correctly when used for Data Flow services, and has been resolved by ensuring the correct service instance name is passed for this use.
SR-D54218 · Issue 518600
Deadlock in static Initialization of IntList resolved
Resolved in Pega Version 8.2.6
JVM Deadlock was seen related to the static Initialization of a subclass field in class com.pega.decision.strategy.ssa.runtime.collections.api.IntList . Thread dumps showed threads in RUNNABLE State that were parked to wait for class initialization, and this was traced to a missed sonar alert which failed in multi-threading. To resolve this, the system handling has been updated to prevent potential deadlock.
SR-D57822 · Issue 524199
Internal Cassandra memory leak fixed
Resolved in Pega Version 8.2.6
A memory leak was found on internal Cassandra that caused temporary log files to fill up the heap. This has been resolved by updating the system to ignore non-log files and properly increment the index.
SR-D60268 · Issue 521461
Performance and thread-handling improvements for SSA
Resolved in Pega Version 8.2.6
The SecureRandom class was used internally by SSAExecutionContext indirectly via UUID generation. Because this exhibited performance issues on some Linux environments, UUID has been replaced with static AtomicLong. In addition, a memory leak was observed when the strategy (SSA) execution resulted in an exception, and the strategy template has been modified to gracefully shutdown the VM under all circumstances. Thread-safety measures have also been tuned to be more fine-grained to reduce the potential thread contention that was seen while borrowing the SSAInterpreter object from SSAInterpreterPool.
SR-D66397 · Issue 530332
ADM out-of-sync corrected for multi-datacenter Cassandra cluster
Resolved in Pega Version 8.2.6
After setting up the multi-datacenter configuration for a Cassandra cluster that consisted of six nodes in datacenter 1 and three nodes in datacenter 2, failover testing revealed a mismatch in the number of ADM models stored in each datacenter. The mismatch was observed mostly in the number of records present in the "adm_scoringmodel" and "adm_response_commit_log_date_tiered" tables. When Cassandra nodes are down, the other nodes in the cluster will store hints (records to be written) for the down nodes. When these nodes come back online the hints are replayed to those nodes and the data is written. Hints are written for 3 hours, so if a node come back up within 3 hours data is recovered and repairs are not required. The gc_grace_seconds for the above tables that were getting out of sync across the two datacenters was set to zero seconds. The "gc_grace_seconds" attribute is not just used as the time for removal of tombstones, it's also used to set the TTL for records written to the system.hints table. That meant that when the hints were written for the ADM tables for the nodes that were down, they were immediately expired since it was set to 0 and not played back when the terminated nodes restarted and joined the cluster. This has been resolved with this fix for all customers new to this release. Existing customers already on v7.3 or higher will need to complete the local change detailed below:Connect to the Cassandra cluster using cqlsh in the Pega Cassandra distribution and then run ALTER TABLE adm_commitlog.adm_response_commit_log_date_tiered WITH gc_grace_seconds = 86400; to change the relevant setting from zero to the equivalent of one day - the same length of time that the data in the table lives for. This will mean that any hints written can still be used to replay data to another node while the data itself is alive. It does also mean, however, that, given a constant load, a day's worth of expired ADM event data in the table will always be present on the disk, as the tombstones can now not be cleaned up for a day.