INC-163173 · Issue 651077
Datatype import updated to handle null value
Resolved in Pega Version 8.5.4
After upgrade, attempting to import CSV files in Data type using the import option provided was not working. This was traced to the AccessPolicy Filter value being set to null in the filterLogic, and has been resolved by modifying the 'if' condition in the NativeSQLSecurityPolicyHelper file to handle an empty value in the logic string of an access control policy condition for a datatype class.
INC-168203 · Issue 641338
Improved performance for data flow runs
Resolved in Pega Version 8.5.4
Nodes were intermittently going into safe mode after a service registry heartbeat failure. Investigation found that some of the activities were performing an Obj-Browse that invoked report definition logic to call the database classmap. This has been resolved by modifying the implementation for the initialization and caching of list of classes in a table.
INC-169856 · Issue 649459
Personalized table sort order limited
Resolved in Pega Version 8.5.4
After implementing a personalized table, the query started adding more 'order by' sorts, causing system impact. This was traced to the pzPopulateSortOrder activity Implementation having different constants assumed for the same purpose (999 in one place and 99999 in another), and has been resolved by updating the logic in step 1 and step 2 to disregard sort orders higher than 999.
INC-170389 · Issue 645002
Updated authentication for report filter screen
Resolved in Pega Version 8.5.4
If the report filter screen was shown first after clicking on the report link in the report browser, an error is generated for users but not for administrators. This has been resolved by registering the activity and adding a BAC registration section to the prompt filter section.
INC-157095 · Issue 638807
Enhancement added for tenant-level authentication
Resolved in Pega Version 8.5.4
In a multi-tenant PDC with a few tenants that utilize their own custom SSO, a pre-authentication activity inside a tenant that should block community access was also affecting tenants that did not have that pre-auth activity set. This was a missed use case and has been resolved by adding a tenantId hash in SchemePRAuth.makeUniqueSchemeName() to create the authServiceName.
INC-161260 · Issue 634051
Enhanced logging for CBAC policies
Resolved in Pega Version 8.5.4
Additional logs have been added to assist in easier debugging of any configuration issues with CBAC policies.
INC-161660 · Issue 633030
Authorization token handling and cleanup improved
Resolved in Pega Version 8.5.4
When using a mobile app configured with default authentication, clicking on the "Trouble logging in?" link opened a new window and displayed the message "please contact your system administrator" along with the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY CODE-SECURITY PZGETAUTHORIZATIONCODE". This has been resolved. In addition, the OAuth token generation and handling has been improved, and the purge agent has been updated to accept a DSS setting for the max number of expired records to purge each time it is run. The default value is 5000.
INC-162434 · Issue 640052
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.5.4
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-163201 · Issue 646911
BrowserFingerprint updated
Resolved in Pega Version 8.5.4
Security improvements have been added to the browser fingerprint process.
INC-168837 · Issue 646973
CSRF token updated for use with OKTA login
Resolved in Pega Version 8.5.4
An issue seen while connecting via OKTA has been resolved by updating the CSRF token validation for use with IDP initiated SSO login.