SR-D70872 · Issue 545856
Kerberos authentication parameters propagated for deployment
Resolved in Pega Version 8.3.3
Attempting to perform a deployment using Kerberos authentication to an Oracle database failed with an authentication error. This was traced to the java system properties (for example, -Dname=value) required by the Oracle JDBC driver for Kerberos authentication intermittently not being set when connections were being made to the database. When they were not being set, the connection would fail due to authentication. This has been resolved by ensuring the java system properties (-D's) that were provided to the 'custom.jvm.properties' property in the collection of deployment related *.properties files are being propagated to every part of the deployment scripts.
SR-D92877 · Issue 551030
SameSite cookie setting added for Mashup support in Google Chrome v80+
Resolved in Pega Version 8.3.3
The Google Chrome browser version 80 and above now treats SameSite with a blank value as "Lax" by default, causing mashup scenarios to break. In order to compensate for this change, support has been added for setting SameSite=None in Cookie Settings; this value automatically includes the “secure” cookie flag, which enforces HTTPS for the Pega server and mashup. For mashups to work, SameSite should be set as None. Create a Dynamic system setting in the Pega-Engine RuleSet with the name “security/csrf/samesitecookieattributevalue” and the value "None" and restart the server. (The SameSite value "None" works only in secure HTTPS connections.)Note: The SameSite cookie may be set to None/Lax/Strict, based on the requirement. For cookie requirements other than mashup, it should be set as either Strict or Lax, depending upon your application.
SR-D89002 · Issue 549102
SameSite cookie setting updated for pre-authentication
Resolved in Pega Version 8.3.3
In work done in previous versions to modify the SameSite cookie handling to support Mashups in Google Chrome v80+, SameSite was set to None only in case of an authenticated Pega-RULES cookie and not for a Pre-authenticated cookie. That caused the Samesite value to not be set when using a pre-authenticated cookie, and the blank value was treated as 'Lax', causing a login challenge. To resolve this, Samesite will be set to 'None' when using pre-authenticated cookie, which will match the way it is being set in authenticated cookie.
SR-D64523 · Issue 545670
Stream Registration deprecated and replaced
Resolved in Pega Version 8.3.3
Previously, Stream Registration, which was added as an extra layer of protection during the display of stream rules, automatically registered any streams being used in the context and checked this registry during reloadSection/reloadHarness calls to prevent Broken Access Control attacks. However, only an alert was thrown and no further action was being taken on it. With platform added support for URL Tampering, Stream Registration is no longer required and has been deprecated. The URL Tampering function has the capabilities to register for auto/non-auto rules and configure whether to display warning or reject the request for all the activities, and not just the stream rules. Note that URL Tampering will do registration/validation only when security/rejectTamperedRequests is explicitly set to true.
SR-D52604 · Issue 548060
Stream Registration deprecated and replaced
Resolved in Pega Version 8.3.3
Previously, Stream Registration, which was added as an extra layer of protection during the display of stream rules, automatically registered any streams being used in the context and checked this registry during reloadSection/reloadHarness calls to prevent Broken Access Control attacks. However, only an alert was thrown and no further action was being taken on it. With platform added support for URL Tampering, Stream Registration is no longer required and has been deprecated. The URL Tampering function has the capabilities to register for auto/non-auto rules and configure whether to display warning or reject the request for all the activities, and not just the stream rules. Note that URL Tampering will do registration/validation only when security/rejectTamperedRequests is explicitly set to true.
SR-132637 · Issue 203591
Added path checking to FirstLogCreationTime.log
Resolved in Pega Version 7.1.9
FirstLogCreationTime.log was being written to a temp folder using hard-coded logic to use a relative path within the install directory. This caused errors if the installer was trying to write the logs in an absolute path. FirstLogCreationTime.log should be written to the same directory as the rest of the logs, and this issue has been fixed by adding a condition in LogDeleteUtil.getLogCreationTimeFile() method to check for absolute paths.
SR-133747 · Issue 203813
Corrected hashtag handling for Oracle SQL generation
Resolved in Pega Version 7.1.9
Given a column name with a hashtag in an Oracle environment, the system was compiling SQL statements which caused ORA-00904 errors due to replacing the # in one variable name with an _ but leaving it as a # in another. This has been corrected.
SR-133057 · Issue 205124
System updated to better handle multi-node rule resolution
Resolved in Pega Version 7.1.9
In an upgraded multi-node environment, the error 'com.pega.pegarules.pub.database.MultipleRuleVersionException: Rule resolution identified 2 versions of the rule' was sporadically appearing. Once the issue occurred, it would persist and the only way to resolve it was to bounce the server. This was an issue with an instance of one rule being found in one node and not found in other node, and was related to the trigger logic. This should not occur with the current Pega7 version, as trigger logic has been moved into the engine and there is no longer a database trigger to fix. In order to ensure continued smooth trigger resolution, tests have been added that will check for this condition in the updates cache table to ensure that this scenario does not occur again
SR-A1479 · Issue 205900
UpgradeDataSchema target sets resume.action correctly
Resolved in Pega Version 7.1.9
Attempting to resume an upgrade after correcting a local error failed due to resume.properties having the default resume.action=install instead of =upgrade, causing the system to attempt to create tables in the data schema which already existed. The default of "install" that is set for resume mode has been removed, and the install process will now specifically set it when appropriate. A check has also been added to ensure the flag is set properly for the work being done.
SR-A1479 · Issue 205896
UpgradeDataSchema target sets resume.action correctly
Resolved in Pega Version 7.1.9
Attempting to resume an upgrade after correcting a local error failed due to resume.properties having the default resume.action=install instead of =upgrade, causing the system to attempt to create tables in the data schema which already existed. The default of "install" that is set for resume mode has been removed, and the install process will now specifically set it when appropriate. A check has also been added to ensure the flag is set properly for the work being done.