SR-C98068 · Issue 483991
Installer files updated with class loader conflict resolution assistance
Resolved in Pega Version 8.2.4
When sending emails with attachments, errors were observed relating to a loader constraint violation indicating that when resolving interface method, the class loader of the current class and the class loader for the method's defining class had different Class objects for the type used in the signature. The resolution for this requires user configuration of the app server, and the following files for the install guide have been updated with the appropriate information:Deployment-guides-dita/install.ditamap Deployment-guides-dita/Content/Topics/app-server-config/creating-jdbc-driver-module-jboss-tsk.dita Deployment-guides-dita/Content/Topics/app-server-config/delegating-javax-activation-to-JRE-loader-tsk.dita
SR-D28460 · Issue 509365
Added timeout handling for non-PRAuth servlets
Resolved in Pega Version 8.2.4
After logging in via external authentication service (SAML Single Sign On) and setting up a timeout in the access group RuleForm, when the user performed any action and the server identified the request to be timed-out, it was expected that a SAML request would be sent from the browser to the external Authentication Server (referred as IDP) and the flow would proceed from there. This worked as expected for a non-AJAX request. To resolve this, handling has been added for timeout when using non-PRAuth authentication services.
SR-D29127 · Issue 506863
SAML data pages restored after passivation
Resolved in Pega Version 8.2.4
If login used SAML SSO, resuming the session after passivation resulted in missing or empty data pages when using an SAP integration with Pega Cloud. This was traced to a security change that modified the D_SAMLAssertionDataPage and D_SamlSsoLoginInfo data pages as readonly, causing them to not be passivated under these conditions. To resolve this, the data pages have been made editable so they will be restored as expected. This change also resolves any difficulty with SAML logoff activities in conjunction with SAP and Pega Cloud.
SR-D37872 · Issue 507341
prproductmigration build.gradle updated for new mime4j asset name
Resolved in Pega Version 8.2.4
While running the getMigrationLog for ProductMigration script provided in the Pega 8.2.2 media files, errors appeared referencing "NoClassDefFoundErrors when running getLogs". This was caused by the referenced class not being found on the classpath: the version of the included jar did not include the class needed due to Praxiom's default version being updated to use a new version of mime4j that required an asset name change. To resolve this, the mime4j asset name in prproductmigration build.gradle has been updated to pick up the correct version of the dependency for Praxiom.
SR-D24900 · Issue 503873
Security update for RequestMap error logging
Resolved in Pega Version 8.3.1
In HttpAPI, the RequestMap contains Cookie information. In error conditions, this map gets logged. An update has been made to ensure that the Cookie value is not logged if there is an error.
SR-D27644 · Issue 497611
Uploaded attachments will receive a unique name to prevent overwriting
Resolved in Pega Version 8.3.1
An issue with an incorrect file being attached to a work object was traced to overlapping processes. When files are uploaded, they are first saved to common HDD directory and then read into memory and deleted from the HDD area. Files will overwrite other file carrying the same name, which is a problem if the first file is not completely uploaded and is waiting in the common directory and some other file with the same name is uploaded on top of it. To resolve this, an update has been made to ensure file names are appended with a unique identifier to distinguish between files carrying the same names and keep them from overwriting each other.
SR-D28184 · Issue 497165
Verbose debug logging removed from LockUtils
Resolved in Pega Version 8.3.1
Verbose debug logging that had been added to the "LockUtils" class to print when the lock was acquired or released and include the associated stacktrace has now been removed as it interfered with diagnosing locking issues when threads were getting blocked.
SR-D28538 · Issue 502056
Corrected requestor status flag for direct map
Resolved in Pega Version 8.3.1
Numerous "Unable to create requestor" alerts were logged. This was traced to an error in HttpAPI where after retrieving the requestor from the internal requestor map directly, the requestor creation status flag was not set properly. This caused last action to post that alert instead of the correct notice of "existing requestor retrieved". This has been resolved so the flag reflects the correct status.
SR-D31066 · Issue 502252
Improved performance for "Show-HTML" in a grid with numerous controls
Resolved in Pega Version 8.3.1
‘Show-HTML’ was taking an excessive amount of time to render a UI for grid with a large number of controls. This was traced to the handling for generating and clearing markup creating an exponential growth situation, and has been resolved by modifying the system to remove redundant copies of a string in the markup string buffer.
SR-D33491 · Issue 511726
Code fragment removed to resolve CookieDisabledException
Resolved in Pega Version 8.3.1
After upgrade, a CookieDisabledException occurred after a post activity was invoked in the single sign-on (SSO) authentication service. This was traced to the site using the deprecated flag "redirectguests" as part of SSO-based login for mashup usecases. This flag was used to check if a cookiedisabled exception was thrown or not, and if there was no cookie, if a requestor was authenticated in first request. However, the flag has been removed as part of work done to omit the Cookie support check on Mobile App UAs. Code that supported the use of this flag remained after that work and led to the exception being generated, but has now been removed as well.