INC-219627 · Issue 715996
InvokeHTTPConnector security updated
Resolved in Pega Version 8.6.5
"Allow invocation from browser" has been disabled for InvokeHTTPConnector, and "Require authentication to run" has been enabled. In addition, an unsafe reflection used to load JCIFS libraries for NTLM operations has been removed, which removes support for custom JCIFS libraries in Connect HTTP.
INC-219995 · Issue 717158
Security update enhanced to support custom implementations of InvokeAxis2
Resolved in Pega Version 8.6.5
The QueueProcessor activity indirectly invokes a Connect-SOAP. After installing the Security A22 patch, custom implementations on InvokeAxis2 reported runtime failure. This has been resolved by replacing reflection library use with explicit type checking and casting to get the array length in step 14 of InvokeAxis2.
INC-220652 · Issue 721386
Added explicit clearing for AsyncServiceManager cache
Resolved in Pega Version 8.6.5
Heap size for multiple JVMs increased after update. Investigation showed data pages loaded via Load-DataPage during service processing using requestor pools were cleared after each service interaction but the AsyncServiceManager cache was not cleared. To resolve this, an update has been made that will clear the async cache when the requestor is returned and when flush all is called.
INC-222791 · Issue 721372
GET API will skip case locking
Resolved in Pega Version 8.6.5
After update, performing a GET call on an assignment was unexpectedly locking the case. This was traced to a difference in handling: Pega 8.3 performed an Obj-Open-By-Handle of the workobject without acquiring a lock, while Pega 8.6 calls Assign-.acquireWorkObject which acquires a lock on the work object thereby affecting the other requestors from accessing the case. An initial fix for this issue enabled optimistic locking, however this did not resolve the issue in scenarios where there were concurrent calls and optimistic locking was not used. This additional update will skip locks on the work object for V1 GET assignments/{id}, GET assignments/{assignmentId}/actions/{actionId} and GET cases/{caseId}/actions/{actionId} and corresponding action refresh APIs.