INC-207009 · Issue 701554
Explicit expiration added to avoid searching for expired requestor
Resolved in Pega Version 8.6.4
A login page was taking long time to display. This was traced to pre-authentication cookie in the browser pointing to the requestor object on the server which triggered a lookup across the entire cluster of servers to find the requestor. This was not only taking time, but the attempt to find the requestor in the cluster would always fail to return results as the requestor was not passivated but instead removed after two minutes. To resolve this, an expiration has been added to the Pega-RULES cookie when the value is pre-authenticated. The time to expire is derived based on the short-lived requestor time for unauthenticated requestors + 1 minute, and will be 2 minutes by default. This will avoid searching for a requestor across all nodes in cluster when the requestor has already timed out and been destroyed by server.
INC-208207 · Issue 702799
GET API will consider case locking mechanism
Resolved in Pega Version 8.6.4
After update, performing a GET call on an assignment was unexpectedly locking the case. This was traced to a difference in handling: Pega 8.3 performed an Obj-Open-By-Handle of the workobject without acquiring a lock, while Pega 8.6 calls Assign-.acquireWorkObject which acquires a lock on the work object thereby affecting the other requestors from accessing the case. This has been resolved by enabling ConsiderLockingMode to independently determine the locking mechanism set for the case type.
INC-208366 · Issue 701894
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.4
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-208424 · Issue 704598
Custom header character encoding for Subject added
Resolved in Pega Version 8.6.4
Case correspondence that contained a Subject with accent characters such as "Invitation à être" was being rejected by MailJet on the basis of encoding issues on the "Thread-Topic" when using custom headers. The error "BAD HEADER SECTION, Non-encoded non-ASCII data (and not UTF-8)" was generated. This was traced to the Send Email Smart Shape handling when using custom headers, and has been resolved by encoding the Subject before appending it to the Thread-topic header while adding custom headers.
INC-208516 · Issue 700979
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.4
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-208556 · Issue 702174
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.4
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-210059 · Issue 706889
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.4
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-210771 · Issue 708811
Updated access group handling for CurrentWorkPool property
Resolved in Pega Version 8.6.4
After update, the pxThread.pxCurrentWorkPool property was not properly populated in App Requestors when the activity was called from Rest service. This was caused by a difference in the authentication check after a security modification, and has been resolved.
INC-211101 · Issue 709878
ClipboardPageImpl handling updated for virtual list variable mRepresentativeRow
Resolved in Pega Version 8.6.4
A Concurrent Modification exception was seen after update. This was traced to the ClipboardPageImpl use of a virtual list variable "mRepresentativeRow" in the "InMemoryStringTable" class's method where it was iterating the "InMemoryStringTable" while the same list("InMemoryStringTable") was being modified by another thread at the same time. This has been resolved by modifying the Java file InMemoryStringTable to create a copy of the variable mRepresentativeRow to make sure that while iterating over it, the application will iterate only on a copied variable and not the original variable to prevent the concurrent modification exception.
INC-211178 · Issue 704593
Decimal parameters retain null value instead of being set to 0
Resolved in Pega Version 8.6.4
When mapping any data in 8.6+, if the source is a decimal property rule and the target is a parameter defined as decimal, the decimal parameter's value will be 0 if the source property is null. This was a behavior change from previous versions of Pega where the target parameter would be null. This has been resolved by changing the code generation for the read operation on the parameter decimal type assignment to use resolveToString() instead of calling resolveToBigDecimal() so a null value is retained..