SR-D90687 · Issue 560431
IOException handling improved to resolve broken pipe errors
Resolved in Pega Version 8.4.2
Frequent "connection reset by peers" exceptions were being generated and broken-pipe exceptions were seen in the logs. Investigation traced the issue to unhanded IOExceptions on the server side that were a result of the client application not always closing the TCP connection gracefully. To resolve this, error handling for IOExceptions has been improved.
SR-D67408 · Issue 554900
Directory traversal blocked in zip import
Resolved in Pega Version 8.4.2
One of the files contained in a zip archive was not deleted from the system after zip import. This was due to the file being created by a third-party archive that included of a directory traversal character that caused it to be inflated outside of the temp directory. To resolve this, a check has been added to that a file with directory traversal characters in its name will not be inflated.
SR-D81572 · Issue 551028
JDBC URL handling added for Oracle over TCPS
Resolved in Pega Version 8.4.2
While attempting to upgrade an environment over TCPS, the generateDDL.sh script was failing. The same environment ran without issue on Tomcat with the same URL. Investigation showed the JDBC url was not correctly generated while running the upgrade: in a standard scenario, there will be no spaces in the JDBC URL specified. However, because Oracle can send spaces as part of JDBC URL and cause this issue, an update has been made which will quote the JDBC URL argument for the ant target in setupDDL.xml.
SR-D84364 · Issue 551403
Check for circular references added to SearchInventoryImpl to prevent recursive call
Resolved in Pega Version 8.4.2
An out of memory error was traced to SearchInventoryImpl infinitely recursing over a clipboard property, where the child property referenced a parent property and resulted in an endless loop. This has been resolved with the addition of a depth check to ensure that the search does not recurse infinitely.
SR-D85100 · Issue 556262
ProductInfoReader updated to fetch only most recent version information
Resolved in Pega Version 8.4.2
After upgrade, running Hfix scanner on Pega Marketing 8.2 displayed missed critical Hfixes for Pega Marketing 8.1. This has been resolved by modifying ProductInfoReader.runQuery to fetch only latest version of DAPF instances during a scan.
SR-D98404 · Issue 558207
Handling added for hotfix Rule-Application instances
Resolved in Pega Version 8.4.2
A null pointer error during DL file expansion performed as part of the second phase of a hotfix installation caused the hotfix install to fail. The null-pointer exception was thrown because the code, primarily used for export, performed a database lookup of a Rule-Application and assumed the response would be non-null without checking the result. During export the Rule-Application would normally exist because the system would have interacted with it already during the export by identifying it and writing it to the archive. During phased hotfix installation, rules are staged to the database in a different table during the first phase and reconstituted during the second phase. The scenario for this error was a missed corner case specific to the unusual combination of including Rule-Application instances in a platform hotfix. To resolve this and prevent further issues, handling has been added for this use case.
SR-D85653 · Issue 548600
Repaired Tracer use with Google Chrome
Resolved in Pega Version 8.5
After running Tracer while using Chrome, closing it and trying to run another resulted in an error indicating "Cannot Launch multiple tracer sessions for a requestor". This was identified as a bug with Google Chrome Versions greater than 70 and was caused by Chrome deprecating the use of sync XHR on page dismissal, and has been resolved by modifying the system to use a beacon API instead.
SR-D54319 · Issue 532528
API added to sync presence with requestor to clear inactive operator sessions
Resolved in Pega Version 8.5
An intermittent error message was seen indicating the maximum number of active sessions for the current operator had been reached even though there were not multiple logins and there was no requestor displayed in the requestor management landing page. This was traced to sessions that were not properly closed and cleared, and has been resolved by exposing an API that will sync the presence record with the requestor state so inactive sessions will be cleared.
SR-D64608 · Issue 544388
Corrected filedownload extension header issue
Resolved in Pega Version 8.5
Filedownload header contained plain non-ascii characters which caused a security violation issue. This has been resolved by removing the filedownload header from the HTTP response when the sendfile API is used with inputstream to download a file.
SR-D56527 · Issue 538304
DSS PegaAESREmoteResetTableStats set to false
Resolved in Pega Version 8.5
In order to prevent an issue with resetting table stats that potentially impacts postgres in an unintended fashion, the DSS PegaAESREmoteResetTableStats has been set to false.