SR-D29485 · Issue 503513
Enhancement added to modify URL encryption for load testing
Resolved in Pega Version 8.4
An enhancement has been added which allows conditionally modifying URL encryption for load testing. This uses the flag crypto/useportablecipherforurlencryption: if true, a portable hardcoded key is used to encrypt the URLs and if false, a dynamically generated key per thread/requestor is used to encrypt the URL.
SR-D30955 · Issue 499873
Security updated for access roles
Resolved in Pega Version 8.4
Updates have been made in order to prevent a potential security issue related to browsing access for the Organization and Security: Groups and Roles view in Dev Studio.
SR-D36004 · Issue 513617
Check added before OperatorID page in the clipboard is deleted
Resolved in Pega Version 8.4
After configuring an access group with security policies and a one minute timeout, triggering the timeout and then failing authentication before correctly authenticating was resulting in the .operatorID page being deleted from the thread->System pages and the workIDs were listed from all workbaskets in the portal. This has been resolved by adding a check for whether the operator id page is in thread level or not before deleting it.
SR-D37872 · Issue 507342
prproductmigration build.gradle updated for new mime4j asset name
Resolved in Pega Version 8.4
While running the getMigrationLog for ProductMigration script provided in the Pega 8.2.2 media files, errors appeared referencing "NoClassDefFoundErrors when running getLogs". This was caused by the referenced class not being found on the classpath: the version of the included jar did not include the class needed due to Praxiom's default version being updated to use a new version of mime4j that required an asset name change. To resolve this, the mime4j asset name in prproductmigration build.gradle has been updated to pick up the correct version of the dependency for Praxiom.
SR-D37894 · Issue 505976
Query parameters will be cleared after redirection from authentication
Resolved in Pega Version 8.4
When using the /PRAuth Servlet, running a snapstart URL generated from a secondary application correctly executed SAML Authentication and Pega processing, but a second URL generated with different parameters ran with the parameters from the first request. The third and subsequent requests processed as expected with the parameters sent in with the request. Investigation showed that the previous parameters were picked due to the query string parameters not being cleared after redirection, and this issue has been resolved by updating the system so it will clear the parameters after issuing a redirect from the authentication policy engine.
SR-D38232 · Issue 509856
Keystore certificate alias updated to support mixed case names
Resolved in Pega Version 8.4
The Java Keystore stored aliases only in lower case letters, but it accepted uppercase letters also during retrieval. This was causing the error "No certificate found in truststore : Azure AD SSOIDPCertStore with Alias : CN=Microsoft Azure Federated SSO Certificate" when the names didn't match. To resolve this, the keystore layer has been modified to support upper case letters in the certificate alias.
SR-D38522 · Issue 504674
Timeout error notification regarding waiting for package removed
Resolved in Pega Version 8.4
During long-running deployments, an error message appeared indicating that the system was awaiting completion of the package install. This was not a genuine error, and has been addressed by removing the timeout warning. The system will wait as long as necessary to install an archive.
SR-D38613 · Issue 510004
Login will not obfuscate data for unauthenticated requestor
Resolved in Pega Version 8.4
If prconfig.xml had URLencryption and SubmitObfuscatedURL enabled, logging off from the application and idling the login screen for 5-10 minutes resulted in an Http 400 error during the next login attempt and the app data had to be manually cleared. This has been resolved by setting the system to not obfuscate data if the requestor is unauthenticated.
SR-D40756 · Issue 508098
Null check added for missing IDP RelayState
Resolved in Pega Version 8.4
An "ArrayIndexOutOfBounds" exception was showing sporadically when using IDP Initiated SAML Login requests. This was traced to IDP not consistently providing the RelayState parameter to Pega, and the exception has been resolved with the addition of a null check. When the RelayState parameter is empty, the message "Missing Relaystate information in IDP Response" will be shown.
SR-D41454 · Issue 506536
Updated HotFix Manager for use in older versions
Resolved in Pega Version 8.4
The DL logic in Hotfix Manager was changed in 8.3 to include the catalog of all framework changes. This had the unintended side effect of preventing DLs from being installed in Pega 7.3.1 and lower versions as the versions included in the catalog are not present on those systems and the validation failed. This has been resolved by revising the DL update so the system will only add all apps to the catalog for platform 7.4+ DLs.