SR-D51554 · Issue 514061
Local UUID cache will be updated when merge event is detected
Resolved in Pega Version 8.2.5
Cluster-related issues were seen in multiple production clusters. For some nodes in the cluster the Cluster Management screen showed all expected nodes with valid Node IDs displayed, and on other nodes the Cluster Management screen showed the node ID of itself, SERVER@localhost:5701. On an impacted node displaying the wrong ID, the Node Information landing page did not work and displayed the error "Unable to execute job on ." Multiple advanced agents running on nodes in the affected clusters, both with correct and incorrect IDs, also failed with a similar error "Unable to execute job on <node's job id>". This was traced to a merge performed after a split brain. To resolve this, the code has been updated to handle merge events: when the node UUID is changed as part of a split brain recovery, the local UUID cache will be updated when the merge event is detected.
SR-D52969 · Issue 514703
Column population honors thread count of 1
Resolved in Pega Version 8.2.5
The thread count parameter in the column population activity was not being honored, causing repeated deadlocks when trying to populate columns. Investigation showed that the ExposeCols process did not honor the thread count when it was 1 (the default is 4), and this has been fixed by adding the necessary code so that if the thread count is 1, it will not run in multhreaded mode.
SR-D53408 · Issue 516735
Expired Oauth Refresh Token will persist for obtaining new token
Resolved in Pega Version 8.2.5
OAuth2.0 was providing the refresh token only once in the first time response of the token endpoint. Once the token expired for first time, it was possible to get a new access token using the refresh token. However, if the access token expired for the second time, it was not possible to generate the new access token automatically because the expired token was set as null. To resolve this, the system has been updated to persist the previous refresh token in order to get a new access token.
INC-184964 · Issue 705933
TextMask_Encrypted rule added for use with Oracle
Resolved in Pega Version 8.7.2
When a property was being encrypted by propertyEncrypt access control policy and masked by propertyRead access control policy, it showed a "@@getMaskedValueOfText" error. This has been resolved with the addition of a new rule pxTextMask_Encrypted for Oracle product type which will remove extra spaces from the SOURCE string to handle ORACLE specific usecases.
INC-200030 · Issue 719228
Handling added for external Kafka authorization exception
Resolved in Pega Version 8.7.2
When using external Kafka for stream service, the dataflow was failing with the error 'QueueProcessorDataSubscriberException' when topic create permission was missing. As a workaround, the topics could be pre-created, though a "Topic already exists" warning was generated. To resolve this, the cluster-wide right that a producer needs, IdempotentWrite, has been added. For more information please refer to the link https://docs.confluent.io/platform/current/kafka/authorization.html
INC-202793 · Issue 698506
Corrected malformed URL
Resolved in Pega Version 8.7.2
The function used in the session timer to log off the user was not working consistently, and attempting to discard a checked-out delegated Rule did discard the rule. Both issues reported the error "HTTP Status 400 - Bad request". This was traced to a badly formed URL, and has been resolved by wrapping the URL with SafeURL_createFromURL.
INC-202865 · Issue 709920
Shared partition operations performance improvements
Resolved in Pega Version 8.7.2
A significant performance degradation was seen in queue processor overhead related to maintaining the partition table. This has been resolved by adding an update which will improve partition operations in a shared context.
INC-206288 · Issue 705268
Addressed intermittent Issues with OAuth2
Resolved in Pega Version 8.7.2
Issues with logging in to a node by way of the access token endpoint were related to the error "JSON web token is rejected during signature verification due to bad signature". This has been resolved by adding clock skew value to the JWT processor bean during validation.
INC-207307 · Issue 709715
Corrected OAuth jar version for custom Keystore rule
Resolved in Pega Version 8.7.2
Attempting to create a custom JKS and Keystore rule so it could be pointed to the Pega cipher and use the encrypt and decrypt functionalities failed with an error indicating it was not a valid KMS keystore. This was traced to an issue with a jar version mismatch: upon checking the dependencies for the nimbus-oauth-sdk jar, even though version 6.18.1 was specified the system picked the 8.27 version through transitive dependencies, and the 8.27 version doesn't have the needed CommonContentTypes class. This has been resolved by reducing the version to 6.18.1 in conflicting build.gradle.
INC-209387 · Issue 706151
Security updates
Resolved in Pega Version 8.7.2
Security updates have been made relating to rulesets using allow lists, checks for Java code injections, SAML-based SSO code, and supporting SFTP as part of the validation in the pxValidateURL rule.