INC-155592 · Issue 621988
httpclients library upgraded
Resolved in Pega Version 8.5.3
Package import/export was not working using prpcserviceutils, and a SSLPeerUnverifiedException" error was seen. This was traced to an issue with the third party library httpclients v4.5.9, and has been resolved by upgrading to httpclients v4.5.13.
INC-155789 · Issue 622546
Third-party libraries upgraded
Resolved in Pega Version 8.5.3
The following third-party jar files have been updated to the most recent versions:ant: v1.10.9 httpclient: v4.5.13 xercesImpl: v2.12.1
INC-157196 · Issue 629298
Deprecated service package features now require authentication
Resolved in Pega Version 8.5.3
Authentication has been added to deprecated features of the standard service package to improve security. If issues are encountered during product migration, please use the Deployment Manager.
INC-158519 · Issue 625080
Filter considers all instances pages during deployment
Resolved in Pega Version 8.5.3
During package deployment, attempting to use Filter to skip some of the instances only displayed the result of the current active page instead of all pages. This was an unintended consequence of previous work, and has been resolved by adding the logic to strip quotes in the value and adding the "Pagination activity manages filtering" checkbox by default.
INC-160288 · Issue 626068
Kerberos handling updated for database remap
Resolved in Pega Version 8.5.3
After upgrade from Pega v7.2 to Pega v8.4, using Kerberos authentication was failing during the remap task. Investigation showed that null username and password values were being passed to SchemaAssignmentUtility along with the flags as arguments, causing the utility to misinterpret the arguments. As arguments should be populated only when flags and values are available and not null, an update has been made which will set the username and password flags only if they are not null in the Remap database tables target.
INC-159834 · Issue 632248
StackOverFlow logging improved
Resolved in Pega Version 8.5.4
Enhanced diagnostic logging information has been added to help find issues when StackOverFlow errors occur.
INC-161984 · Issue 638857
Web Tier busy threads released on timeout
Resolved in Pega Version 8.5.4
Tomcat Web Tier Busy Threads were not being correctly released, causing stability and performance problems that included health check pings not receiving a thread to service the request so the node was marked as bad, users were quiesced, and the node replaced. Investigation showed the 'put' on the blocking queue did not time out when the queue was full and waited indefinitely, keeping the thread blocked. To resolve this, the system will use 'offer' on the blocking queue instead of 'put' to force thread release on timeout. In addition, debug logs have been added to understand when the offer (or Put) does not succeed and the state of the queue that is causing this issue; the debug logs for class com.pega.pegarules.session.internal.serverpush.RoboticAutomationImpl should be enabled only if the thread busy issue is observed and for limited time window while actively debugging.
INC-164794 · Issue 637992
Apache Commons libraries updated
Resolved in Pega Version 8.5.4
Apache commons-codec has been updated to version 1.15 , and Apache commons-io has been updated to version 2.7.
INC-171587 · Issue 652187
Resolved Push Node Daily Information exception
Resolved in Pega Version 8.5.4
The "Push Nodes Info Daily" agent was generating an exception on each of the nodes. This has been resolved by enhancing the PegaAESRemote code to handle the exception and get the node info locally, then push it to the console when it is not able to get it via the cluster management API.
INC-173162 · Issue 650794
Certificate match will use Subject Distinguished Name
Resolved in Pega Version 8.5.4
Signature verification was failing due to the system not finding the matching root certificate for the chain. The root certificate was in the trust store, but the system found a different certificate first and that other certificate (an intermediate certificate) was not considered a valid certificate for validating the whole certificate chain. This was traced to filtering on the Issuer Distinguished Name (DN) instead of the Subject DN and was due to intermediate certificates potentially having the same Issuer as a root certificate (e.g. if that root certificate was used to create the intermediate certificate). To resolve this, an update has been made to check the Subject DN instead of Issuer DN.