SR-D63668 · Issue 525479
Access Control Policy updated to handle NotEqual with valuelist
Resolved in Pega Version 8.1.8
When editing the Access Control Policy Condition rule in Designer Studio and setting condition to 'is not equal', comparing it to a list generated the error "function not found". The same configuration worked as expected for the 'is equal' condition. This has been resolved by updating policycondition to handle a not equal scenario combined with a valueList property.
SR-D74848 · Issue 536998
Updated key handling for ProcessJWT
Resolved in Pega Version 8.1.8
After configuring an authentication service which used the ProcessJWT activity to validate the token received, the error "Unable to process the Json Web Token " was seen. Analysis showed the error was caused by a duplicate Key Id in JWK Endpoint Response: the system removed keys after processing, and in the case of duplicate keys the system was throwing null pointer exception because the key had already been removed. To resolve this, the system has been updated to not remove the keys from the map as part of this process.
SR-D76409 · Issue 540299
Cleanup added for staging directory
Resolved in Pega Version 8.1.8
Temporary files from imports and exports (from DevOps) were filling up the staging area disk space because there was no automatic process for cleaning up these local files. This has been resolved by adding an enhancement that will clear the directory on Engine Startup and any time ParUtils.setStagingDirectory gets called to initialize the staging directory.
SR-D78987 · Issue 544060
Support for custom jvm.args added
Resolved in Pega Version 8.1.8
In order to support Oracle PKI and other ticket based authentication, support has been added for custom jvm.args properties to setupDatabase and prpcUtils properties files.
SR-D79178 · Issue 543311
SameSite cookie setting added for Mashup support in Google Chrome v80+
Resolved in Pega Version 8.1.8
The Google Chrome browser version 80 and above now treats SameSite with a blank value as "Lax" by default, causing mashup scenarios to break. In order to compensate for this change, support has been added for setting SameSite=None in Cookie Settings; this value automatically includes the “secure” cookie flag, which enforces HTTPS for the Pega server and mashup. For mashups to work, SameSite should be set as None. Create a Dynamic system setting in the Pega-Engine RuleSet with the name “security/csrf/samesitecookieattributevalue” and the value "None" and restart the server. (The SameSite value "None" works only in secure HTTPS connections.) Note: The SameSite cookie may be set to None/Lax/Strict, based on the requirement. For cookie requirements other than mashup, it should be set as either Strict or Lax, depending upon your application.
INC-184964 · Issue 705933
TextMask_Encrypted rule added for use with Oracle
Resolved in Pega Version 8.7.2
When a property was being encrypted by propertyEncrypt access control policy and masked by propertyRead access control policy, it showed a "@@getMaskedValueOfText" error. This has been resolved with the addition of a new rule pxTextMask_Encrypted for Oracle product type which will remove extra spaces from the SOURCE string to handle ORACLE specific usecases.
INC-200030 · Issue 719228
Handling added for external Kafka authorization exception
Resolved in Pega Version 8.7.2
When using external Kafka for stream service, the dataflow was failing with the error 'QueueProcessorDataSubscriberException' when topic create permission was missing. As a workaround, the topics could be pre-created, though a "Topic already exists" warning was generated. To resolve this, the cluster-wide right that a producer needs, IdempotentWrite, has been added. For more information please refer to the link https://docs.confluent.io/platform/current/kafka/authorization.html
INC-202793 · Issue 698506
Corrected malformed URL
Resolved in Pega Version 8.7.2
The function used in the session timer to log off the user was not working consistently, and attempting to discard a checked-out delegated Rule did discard the rule. Both issues reported the error "HTTP Status 400 - Bad request". This was traced to a badly formed URL, and has been resolved by wrapping the URL with SafeURL_createFromURL.
INC-202865 · Issue 709920
Shared partition operations performance improvements
Resolved in Pega Version 8.7.2
A significant performance degradation was seen in queue processor overhead related to maintaining the partition table. This has been resolved by adding an update which will improve partition operations in a shared context.
INC-206288 · Issue 705268
Addressed intermittent Issues with OAuth2
Resolved in Pega Version 8.7.2
Issues with logging in to a node by way of the access token endpoint were related to the error "JSON web token is rejected during signature verification due to bad signature". This has been resolved by adding clock skew value to the JWT processor bean during validation.