SR-A98390 · Issue 252437
Scheduled report cleanup error resolved
Resolved in Pega Version 7.2.2
Exceptions were thrown in the logs by the scheduled reports task when trying to clean up the previous day's generated attachment reports. This was due to the name exceeding the length restriction on the property (60 characters) and failing validation, and has been fixed by truncating the field.
SR-A87928 · Issue 255259
Fixed cataloging for v5 hotfixes
Resolved in Pega Version 7.2.2
Recent modifications to obtaining catalogs for supporting additional products (i.e. frameworks) caused a regression in being able to check dependency information on v5 hotfixes, preventing DL files from being created for them. This has been fixed.
INC-148154 · Issue 602921
Hot Fix Manager updated to use installation order for schema import
Resolved in Pega Version 8.3.5
Schema changes were not being imported during the hot fix manager DL import process. Investigation showed this was due to hotfixes in the DL being iterated over from newest to oldest, causing older hotfixes to replace the value added to a map by the newer. To resolve this, the system has been updated to use hotfix install order, which considers selected and dependent hotfixes, rather than ordering newest to oldest. This ensures that newer table representations will override older rather than the other way around.
SR-C93602 · Issue 485517
White list filter added for X-Forward-Host value security
Resolved in Pega Version 8.3.2
In order to improve security, a validation for X-Forward-Host value has been added which will be read from a local configuration. This is in the form of a white list regex filter for the host/XFHost header to ensure the URL's actions cannot be redirected.
SR-D37894 · Issue 505974
Query parameters will be cleared after redirection from authentication
Resolved in Pega Version 8.3.2
When using the /PRAuth Servlet, running a snapstart URL generated from a secondary application correctly executed SAML Authentication and Pega processing, but a second URL generated with different parameters ran with the parameters from the first request. The third and subsequent requests processed as expected with the parameters sent in with the request. Investigation showed that the previous parameters were picked due to the query string parameters not being cleared after redirection, and this issue has been resolved by updating the system so it will clear the parameters after issuing a redirect from the authentication policy engine.
SR-D41454 · Issue 506535
Updated HotFix Manager for use in older versions
Resolved in Pega Version 8.3.2
The DL logic in Hotfix Manager was changed in 8.3 to include the catalog of all framework changes. This had the unintended side effect of preventing DLs from being installed in Pega 7.3.1 and lower versions as the versions included in the catalog are not present on those systems and the validation failed. This has been resolved by revising the DL update so the system will only add all apps to the catalog for platform 7.4+ DLs.
SR-D46133 · Issue 534649
Colon in folder or file name will be replaced with underscore during unzip
Resolved in Pega Version 8.3.2
After creating a product file (zip), attempting to import the same file into an updated system resulted in an exception. Investigation showed that in this case the zip file was a Product rule form which had applications packaged with a colon(:) in the name of the application, a format that was allowed in 6.x versions. Because Windows machines restrict creating creating any folder or file with : in its name, the zip file could not be inflated as part of the import process. To resolve this, the system has been updated so that a colon(:) will be replaced by underscore(_) during inflate operations.
SR-D46536 · Issue 515792
Custom agent next run time will be rescheduled if the run failed
Resolved in Pega Version 8.3.2
If a customized agent that was set to run every day encountered an exception and failed to run, restarting the agent did not update it to the next run time; it still returned the passed trigger time as its next execution time. This has been resolved with an update that will reschedule the run if the next run time is in the past.
SR-D46681 · Issue 514432
SnapStart supports SAML2 Authentication
Resolved in Pega Version 8.3.2
When using an HTTP Post to SnapStart into Pega using PRCustom style or PRAuth style SAML authentication, the login was looping back to the login request. Investigation showed that the Pega ACS was posting data properly back to the RelayState URL, however the login activity was not getting the SAMLResponse and simply sent a SAML Login Request again. This has been fixed by updating reqContextURI in case of SAML2 Authentication service so pyActivity=value will be passed.
SR-D47685 · Issue 514645
Cookie logging restored
Resolved in Pega Version 8.3.2
As part of security updates, Cookies were restricted from being logged. However, this caused some business use cases such as a custom function call to obtain the list of cookies that are present in the application to stop working. To resolve this, the cookie logging restriction has been reverted.