SR-D70872 · Issue 545856
Kerberos authentication parameters propagated for deployment
Resolved in Pega Version 8.3.3
Attempting to perform a deployment using Kerberos authentication to an Oracle database failed with an authentication error. This was traced to the java system properties (for example, -Dname=value) required by the Oracle JDBC driver for Kerberos authentication intermittently not being set when connections were being made to the database. When they were not being set, the connection would fail due to authentication. This has been resolved by ensuring the java system properties (-D's) that were provided to the 'custom.jvm.properties' property in the collection of deployment related *.properties files are being propagated to every part of the deployment scripts.
SR-D92877 · Issue 551030
SameSite cookie setting added for Mashup support in Google Chrome v80+
Resolved in Pega Version 8.3.3
The Google Chrome browser version 80 and above now treats SameSite with a blank value as "Lax" by default, causing mashup scenarios to break. In order to compensate for this change, support has been added for setting SameSite=None in Cookie Settings; this value automatically includes the “secure” cookie flag, which enforces HTTPS for the Pega server and mashup. For mashups to work, SameSite should be set as None. Create a Dynamic system setting in the Pega-Engine RuleSet with the name “security/csrf/samesitecookieattributevalue” and the value "None" and restart the server. (The SameSite value "None" works only in secure HTTPS connections.)Note: The SameSite cookie may be set to None/Lax/Strict, based on the requirement. For cookie requirements other than mashup, it should be set as either Strict or Lax, depending upon your application.
SR-D89002 · Issue 549102
SameSite cookie setting updated for pre-authentication
Resolved in Pega Version 8.3.3
In work done in previous versions to modify the SameSite cookie handling to support Mashups in Google Chrome v80+, SameSite was set to None only in case of an authenticated Pega-RULES cookie and not for a Pre-authenticated cookie. That caused the Samesite value to not be set when using a pre-authenticated cookie, and the blank value was treated as 'Lax', causing a login challenge. To resolve this, Samesite will be set to 'None' when using pre-authenticated cookie, which will match the way it is being set in authenticated cookie.
SR-D64523 · Issue 545670
Stream Registration deprecated and replaced
Resolved in Pega Version 8.3.3
Previously, Stream Registration, which was added as an extra layer of protection during the display of stream rules, automatically registered any streams being used in the context and checked this registry during reloadSection/reloadHarness calls to prevent Broken Access Control attacks. However, only an alert was thrown and no further action was being taken on it. With platform added support for URL Tampering, Stream Registration is no longer required and has been deprecated. The URL Tampering function has the capabilities to register for auto/non-auto rules and configure whether to display warning or reject the request for all the activities, and not just the stream rules. Note that URL Tampering will do registration/validation only when security/rejectTamperedRequests is explicitly set to true.
SR-D52604 · Issue 548060
Stream Registration deprecated and replaced
Resolved in Pega Version 8.3.3
Previously, Stream Registration, which was added as an extra layer of protection during the display of stream rules, automatically registered any streams being used in the context and checked this registry during reloadSection/reloadHarness calls to prevent Broken Access Control attacks. However, only an alert was thrown and no further action was being taken on it. With platform added support for URL Tampering, Stream Registration is no longer required and has been deprecated. The URL Tampering function has the capabilities to register for auto/non-auto rules and configure whether to display warning or reject the request for all the activities, and not just the stream rules. Note that URL Tampering will do registration/validation only when security/rejectTamperedRequests is explicitly set to true.
INC-215937 · Issue 713773
Added exception handling for PageGroup alerts
Resolved in Pega Version 8.6.5
Queue items were going to the broken queue if there was an issue fetching the alert configuration from the Queue Processor rule. The error "java.lang.IllegalArgumentException: Alert id cannot be blank" was seen. This has been resolved by adding exception handling while gathering alerts from PageGroup so that a malformed alert configuration will not cause overall failure of a processed message, but instead an empty alert will be returned if configuration-data is corrupted.
INC-217781 · Issue 714185
JobScheduler updated to better handle DST change
Resolved in Pega Version 8.6.5
If a job scheduler was set to run on a weekly basis between 1 AM CET and 3 AM CET, the DST time change caused the job scheduler to skip that week. During DST, there is one 23-hour day in the year, and if execution time is set to that missing hour the system was throwing an IllegalArgumentException for the non-existent date. This has been resolved by adding a check that verifies whether a given date does exist; if it does not exist, the system will postpone execution time by one hour.
INC-218001 · Issue 719922
Error text revised for parameterized data page used for token generation
Resolved in Pega Version 8.6.5
While trying to add a claim in the header of a Token Generation Profile instance, selecting Map From as "Clipboard" and trying to give any DataPage(parameterized) as the source property failed to be saved and the error "JWS Alias— Please provide correct algorithm key with correct key length." appeared. Changing the "Map From" to a Constant and giving a dummy value worked as expected. Tracer showed the error "declare page parameters not supported by PropertyReference", indicating the actual issue: at this time, the Token profile does not support using a parameterized data page. This has been addressed by ensuring an appropriate error message is shown on save of the token profile rule form when a parameterized data page reference is configured. The error will now read "The reference D_pzPreferenceStore[PreferenceOperatorID:"[email protected]"].pxObjClass is not valid. Reason: Parameterized data page reference is not supported." Support for a parameterized data page used with Map From will be taken as an enhancement for a future release.
INC-218340 · Issue 714663
Override added to delete records for a stream dataset after processing
Resolved in Pega Version 8.6.5
Kafka data was accumulating for a Stream data set due to huge volume of inbound calls. This has been resolved by adding support to override pyDeletedProcessed through a DASS in order to remove the records for a particular stream dataset (topic) as soon as they are processed by Pega.
INC-218909 · Issue 715282
Override added to delete records for a stream dataset after processing
Resolved in Pega Version 8.6.5
Kafka data was accumulating for a Stream data set due to huge volume of inbound calls. This has been resolved by adding support to override pyDeletedProcessed through a DASS in order to remove the records for a particular stream dataset (topic) as soon as they are processed by Pega.