SR-D41482 · Issue 507883
SAML data pages restored after passivation
Resolved in Pega Version 8.3.1
If login used SAML SSO, resuming the session after passivation resulted in missing or empty data pages when using an SAP integration with Pega Cloud. This was traced to a security change that modified the D_SAMLAssertionDataPage and D_SamlSsoLoginInfo data pages as read-only, causing them to not be passivated under these conditions. To resolve this, the data pages have been made editable so they will be restored as expected. This change also resolves any difficulty with SAML logoff activities in conjunction with SAP and Pega Cloud.
SR-D28460 · Issue 509364
Added timeout handling for non-PRAuth servlets
Resolved in Pega Version 8.3.1
After logging in via external authentication service (SAML Single Sign On) and setting up a timeout in the access group RuleForm, when the user performed any action and the server identified the request to be timed-out, it was expected that a SAML request would be sent from the browser to the external Authentication Server (referred as IDP) and the flow would proceed from there. This worked as expected for a non-AJAX request. To resolve this, handling has been added for timeout when using non-PRAuth authentication services.
SR-D37872 · Issue 507340
prproductmigration build.gradle updated for new mime4j asset name
Resolved in Pega Version 8.3.1
While running the getMigrationLog for ProductMigration script provided in the Pega 8.2.2 media files, errors appeared referencing "NoClassDefFoundErrors when running getLogs". This was caused by the referenced class not being found on the classpath: the version of the included jar did not include the class needed due to Praxiom's default version being updated to use a new version of mime4j that required an asset name change. To resolve this, the mime4j asset name in prproductmigration build.gradle has been updated to pick up the correct version of the dependency for Praxiom.
SR-D41637 · Issue 512268
Mashup URLs will include thread name for better passivation recovery
Resolved in Pega Version 8.3.1
Mashup screens were distorted after keeping the screen idle for more than 1 hour and then trying to switch between accounts. Investigation showed that during SSO authentication the relaystate generated without including thread name in the URL, leading to the threadname not being passivated or made available during reactivation. To resolve this, the thread name will now be included in the URL.
SR-D42602 · Issue 511583
PRCipher class references updated
Resolved in Pega Version 8.3.1
After upgrade, starting Tomcat resulted in the error "java.lang.ClassCastException: com.pega.platform.securitycore.encryption.internal.CipherDefault cannot be cast to com.pega.pegarules.exec.external.util.crypto.PRCipher"This was traced to an issue with the references for PRCipher: cipher was moved to be a security-core component, but the class structure changes were not fully updated. This has been corrected.
SR-D44307 · Issue 509000
Refined dependency checking for Hotfix Manager
Resolved in Pega Version 8.3.1
The logic in Hotfix Manager was changed in 8.3 to include all Strategic Application hotfixes in the Catalog for platform versions 7.4+. However, because there are some edge cases where multiple hotfixes for different strategic application products have been shipped with the same rule changes, it was found that a DL packaged for one application could pick up hotfixes intended for another app. This prevented the DL from installing on systems where both apps were not installed. To avoid picking up these additional hotfixes, while the catalog shipped in the DL will continue to contain all apps, the system has been updated to use only a list of selected products when generating a catalog for calculating dependencies.
SR-D46133 · Issue 534651
Colon in folder or file name will be replaced with underscore during unzip
Resolved in Pega Version 8.4.1
After creating a product file (zip), attempting to import the same file into an updated system resulted in an exception. Investigation showed that in this case the zip file was a Product rule form which had applications packaged with a colon(:) in the name of the application, a format that was allowed in 6.x versions. Because Windows machines restrict creating creating any folder or file with : in its name, the zip file could not be inflated as part of the import process. To resolve this, the system has been updated so that a colon(:) will be replaced by underscore(_) during inflate operations.
SR-D52604 · Issue 548062
Stream Registration deprecated and replaced
Resolved in Pega Version 8.4.1
Previously, Stream Registration, which was added as an extra layer of protection during the display of stream rules, automatically registered any streams being used in the context and checked this registry during reloadSection/reloadHarness calls to prevent Broken Access Control attacks. However, only an alert was thrown and no further action was being taken on it. With platform added support for URL Tampering, Stream Registration is no longer required and has been deprecated. The URL Tampering function has the capabilities to register for auto/non-auto rules and configure whether to display warning or reject the request for all the activities, and not just the stream rules. Note that URL Tampering will do registration/validation only when security/rejectTamperedRequests is explicitly set to true.
SR-D64523 · Issue 545672
Stream Registration deprecated and replaced
Resolved in Pega Version 8.4.1
Previously, Stream Registration, which was added as an extra layer of protection during the display of stream rules, automatically registered any streams being used in the context and checked this registry during reloadSection/reloadHarness calls to prevent Broken Access Control attacks. However, only an alert was thrown and no further action was being taken on it. With platform added support for URL Tampering, Stream Registration is no longer required and has been deprecated. The URL Tampering function has the capabilities to register for auto/non-auto rules and configure whether to display warning or reject the request for all the activities, and not just the stream rules. Note that URL Tampering will do registration/validation only when security/rejectTamperedRequests is explicitly set to true.
SR-D66521 · Issue 536140
Logout Redirect updated to handle special characters in IDP parameters
Resolved in Pega Version 8.4.1
When using "HTTP Redirect" in Authentication Service, the Logout Redirect service was failing due to the query parameter name containing "_" (underscore). This was traced to IDP sending parameters to assertion consumer service or logout request endpoint with names which contained any special characters, as the system was trying to put those key values on the parameter page for additional processing. To resolve this, the system has been updated to suppress exceptions when the parameters from IDP includes special characters.