SR-D33491 · Issue 511726
Code fragment removed to resolve CookieDisabledException
Resolved in Pega Version 8.3.1
After upgrade, a CookieDisabledException occurred after a post activity was invoked in the single sign-on (SSO) authentication service. This was traced to the site using the deprecated flag "redirectguests" as part of SSO-based login for mashup usecases. This flag was used to check if a cookiedisabled exception was thrown or not, and if there was no cookie, if a requestor was authenticated in first request. However, the flag has been removed as part of work done to omit the Cookie support check on Mobile App UAs. Code that supported the use of this flag remained after that work and led to the exception being generated, but has now been removed as well.
SR-D43811 · Issue 511920
Code fragment removed to resolve CookieDisabledException
Resolved in Pega Version 8.3.1
After upgrade, a CookieDisabledException occurred after a post activity was invoked in the single sign-on (SSO) authentication service. This was traced to the site using the deprecated flag "redirectguests" as part of SSO-based login for mashup usecases. This flag was used to check if a cookiedisabled exception was thrown or not, and if there was no cookie, if a requestor was authenticated in first request. However, the flag has been removed as part of work done to omit the Cookie support check on Mobile App UAs. Code that supported the use of this flag remained after that work and led to the exception being generated, but has now been removed as well.
SR-D11655 · Issue 485707
JMS Listener modified to ensure connections are closed after encountering an exception
Resolved in Pega Version 8.3.1
JMS listener logs were detailing exceptConnection leaks with the message " J000100: Closing a connection for you. Please close them yourself". Investigation showed that when the JMSListener is configured for JBOSS, it goes via EngineImpl. However, connections opened during engineimpl.ivokeEngine were prevented from closing if they encountered an exception. To resolve this, the execution of the connection close command has been moved to the finally block.
SR-D41532 · Issue 512002
Handling added for padding character changes in StatiContent generation
Resolved in Pega Version 8.3.1
After upgrade, only 3 tenants were accessible in a MultiTenant environment with 52 tenants. A trace showed 500 and 403 errors, and the message "com.pega.pegarules.pub.context.PRSecurityException: Undefined tenant configuration". This was traced to a different padding character used in the StatiContent code that resulted in the tenant URL being encoded and decoded differently, and has been resolved by adding handling for better padding character compatibility.
SR-D20423 · Issue 503445
Improved upgrade handling for tables using classes with property references
Resolved in Pega Version 8.3.1
After upgrade, some page property values were blank and exposed database columns did not contain the values. Investigation showed that the reference properties did not have context and hence column population was not able to determine their value. To resolve this, instead of doing column population for all the columns, the system will identify classes that have property references and that are being optimized as part of upgrade process and maintain a list of specific columns to update.
SR-D20439 · Issue 496403
Hotfix hashmap cleanup improved
Resolved in Pega Version 8.3.1
A DL installation failed with an out-of-memory error. It was observed that many CacheEntry(VersionedJdbcJarRwader.java) hashmaps were being created to store the details for each hotfix but that were then never cleared. This has been resolved by adding the finally block in CodeImportProcessImpl.java class to call the shutdown method for proper cleanup. In addition, the default command line utility (prpcUtils) has been updated to use JVM settings of Xmx 4GB and capture a heap dump if an out-of-memory error is encountered. The auto-generated prconfig.xml has also been updated to leverage its minimal startup setting which will avoid loading the conclusion cache into memory.
SR-D21803 · Issue 502129
Cross-site scripting protection added for embedded portal URI
Resolved in Pega Version 8.3.1
The URI used in the top window of embedded portals has been encoded to prevent DOM based cross-site scripting.
SR-D23862 · Issue 503895
Corrected test connection for LDAP AuthService using keystore
Resolved in Pega Version 8.3.1
When using a AuthService rule defined for LDAP using ldaps:// and a KeyStore rule that was defined to reference a local file in the server, the Test Connection button on the AuthService rule did not work and generated the following exception: "com.pega.apache.commons.httpclient.contrib.ssl.AuthSSLInitializationError: I/O error reading keystore/truststore file: null". Investigation showed that file reference keystore did not work with an LDAPS test connection because while run time used the LDAPVerifyCredentials activity, the design time validation used the activity “ValidateInfrastructure” which did not have the required code to support file reference keystore. This has been corrected.
SR-D25607 · Issue 495621
Added null pointer exception handling to PegaInstaller
Resolved in Pega Version 8.3.1
When upgrading, the error "Error: java.lang.NullPointerException [java] at com.pega.pegarules.deploy.internal.exposecols.jobs.ExposeWrapper.runExposer" appeared and the installation would not proceed. Investigation showed that the null pointer exception occurred because of class name validation not being performed at the right place. As the null pointer exception occurred in the main class, it initiated thread pool executor shutdown. However, the consumer pool did not shutdown because it did not receive the correct specific producer message to do so. This has been resolved by ensuring isValidClass is executed at the right place in ExposeWrapper.java to handle the null pointer exception, and adding handling for the interrupt exception in consumer thread so that in case of any run time exceptions in the main thread, the consumer thread will not be stuck.
SR-D25711 · Issue 502134
Updated dependent role validation during rule deletion
Resolved in Pega Version 8.3.1
After checking out and attempting to private-edit the "PegaRULES:WorkMgr4" AR, the rule was still shown as checked out after the edit was discarded. This was a missed use case, as Private checkouts are generally not enabled for most of the customer rulesets. To resolve this, roles in private checkout and branch rulesets will be excluded from going through dependent role validation during rule deletion.