INC-169186 · Issue 655536
Disconnect button availability extended
Resolved in Pega Version 8.5.5
A case was not refreshing when the disconnect button was selected while using the standard section for authorization grant type authentication. This was traced to a query executed to find a div with attribute pzInsHandle, but that attribute was not applicable in the user portal. To support this use, the query has been extended to be applicable for user portal (attribute data-ui-meta) and Dev Studio landing page.
INC-171875 · Issue 653891
Skip restored for browser request CSRF token
Resolved in Pega Version 8.5.5
Many SECU0008 alerts were seen in the production logs. This was the result of a CSRF token check on requests without pyActivity or pyStream, and has been resolved by restoring a conditional skip of the check as those other browser requests do not contain a CSRF token.
INC-174321 · Issue 664237
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.5.5
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-175058 · Issue 660935
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.5.5
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-175706 · Issue 659529
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.5.5
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-179188 · Issue 661955
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.5.5
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-179360 · Issue 662180
Check added for allowed editing with CSRF
Resolved in Pega Version 8.5.5
After enabling CSRF, it was not possible to edit a data table used to define ACL rules due to security preventing the adding/editing of rows and user group entitlements. This has been resolved by using browser FingerPrint validation to check whether an activity is in a secured list and skipping validation for allowed activities.
INC-180858 · Issue 660801
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.5.5
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-155406 · Issue 638705
Clipboard security updated
Resolved in Pega Version 8.5.5
Security has been enhanced for clipboard properties by restricting registration for readonly properties.
INC-157404 · Issue 630693
Adaptive Model report information exports correctly
Resolved in Pega Version 8.5.5
Clicking export to Excel or PDF in the Prediction Studio Adaptive Model report was not working. Investigation showed the first double quote of the propositionName was getting replaced from & quot ; to "", which resulted in an error while performing openUrlWindow action. This has been resolved by adding a new helper handler, while creating context menu using Handlebars.