INC-219233 · Issue 716177
ReportStats delete query performance improvements
Resolved in Pega Version 8.6.5
A database connection spike was maxing out the allowed database connections, causing login delays and termination of stream nodes. Investigation traced this to the delete query on pr_log_reportstats, which was a full table scan generated from SQLGeneratorPostgres.purgeTableContainingClass. To improve performance, the full table scan sub-query has been removed and 'limit' syntax has been added to run the necessary deletion in batches.
INC-219453 · Issue 716000
Security update enhanced to support custom implementations of InvokeAxis2
Resolved in Pega Version 8.6.5
The QueueProcessor activity indirectly invokes a Connect-SOAP. After installing the Security A22 patch, custom implementations on InvokeAxis2 reported runtime failure. This has been resolved by replacing reflection library use with explicit type checking and casting to get the array length in step 14 of InvokeAxis2.
INC-219627 · Issue 715996
InvokeHTTPConnector security updated
Resolved in Pega Version 8.6.5
"Allow invocation from browser" has been disabled for InvokeHTTPConnector, and "Require authentication to run" has been enabled. In addition, an unsafe reflection used to load JCIFS libraries for NTLM operations has been removed, which removes support for custom JCIFS libraries in Connect HTTP.
INC-219995 · Issue 717158
Security update enhanced to support custom implementations of InvokeAxis2
Resolved in Pega Version 8.6.5
The QueueProcessor activity indirectly invokes a Connect-SOAP. After installing the Security A22 patch, custom implementations on InvokeAxis2 reported runtime failure. This has been resolved by replacing reflection library use with explicit type checking and casting to get the array length in step 14 of InvokeAxis2.
INC-220652 · Issue 721386
Added explicit clearing for AsyncServiceManager cache
Resolved in Pega Version 8.6.5
Heap size for multiple JVMs increased after update. Investigation showed data pages loaded via Load-DataPage during service processing using requestor pools were cleared after each service interaction but the AsyncServiceManager cache was not cleared. To resolve this, an update has been made that will clear the async cache when the requestor is returned and when flush all is called.
INC-222791 · Issue 721372
GET API will skip case locking
Resolved in Pega Version 8.6.5
After update, performing a GET call on an assignment was unexpectedly locking the case. This was traced to a difference in handling: Pega 8.3 performed an Obj-Open-By-Handle of the workobject without acquiring a lock, while Pega 8.6 calls Assign-.acquireWorkObject which acquires a lock on the work object thereby affecting the other requestors from accessing the case. An initial fix for this issue enabled optimistic locking, however this did not resolve the issue in scenarios where there were concurrent calls and optimistic locking was not used. This additional update will skip locks on the work object for V1 GET assignments/{id}, GET assignments/{assignmentId}/actions/{actionId} and GET cases/{caseId}/actions/{actionId} and corresponding action refresh APIs.
INC-214974 · Issue 721181
Documentation updated for accessing D_pyUserInfoClaims
Resolved in Pega Version 8.6.5
When logging in using Org Credentials, trying to get the user details from D_pyUserInfoClaims did not return any information. This was due to the D_pyUserInfoClaims datapage being available only after authentication, so the claims information was not available during operator provisioning. The documentation located at https://docs.pega.com/security/86/mapping-operator-information-openid-connect-sso-authentication-service has been updated to include the following note: "This page becomes available and can only be accessed post authentication."
INC-239902 · Issue 628577
Handling added for multi-file upload of duplicated files
Resolved in Pega Version 8.7
Attaching the same file multiple times during a single upload caused some of the duplicated files to not be included. The issue was not seen when attaching the same file multiple times but in different attempts. The exception "Can't continue with file attachment. FileData.xlsx is missing and might have been quarantined by anti-malware software" was logged. This was caused by the files being uploaded without updating filenames to have a unique ID, so multiple files with the same name were overwriting the previous file. This has been resolved by setting the appendUniqueIdToFileName parameter to true in the upload request so each copy of the filename is treated as an individual file.