INC-210059 · Issue 712588
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.8
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability
INC-210346 · Issue 709712
Check added to ensure Job scheduler executed only once
Resolved in Pega Version 8.8
When Node A and Node B woke up at the same time to start executing the job scheduler, both were attempting to update the "now processing" node ID with their ID but only Node A succeeded. This caused Node B to generate a "lock already held" exception, then Node B would try to release the lock and update "now processing" node ID. If Node A released the lock before Node B tried to, then Node B updated the "now processing" nodeID and executed the scheduler, causing it to be run twice. This double-run has been resolved by adding a check for whether the job scheduler has been executed recently before starting it.
INC-211100 · Issue 708302
QueueProcessor timeout made configurable
Resolved in Pega Version 8.8
Queue Processor timeouts were causing thread interruptions, causing items to be processed more than once. To resolve this, the QueueProcessor kafka-write timeout has been made configurable via the DASS Pega-Engine:queueprocessor/dataset/write/timeoutMs
INC-211917 · Issue 709324
Scheduled-item operations performed in shared context
Resolved in Pega Version 8.8
Scheduled items were not getting processed either by DelayedItemsDataFlowService data flow or by reverting to the pzDelayedQueueProcessorSchedule Job Scheduler, and the number of scheduled items in the pr_sys_delayed_queue table continued to grow even though DelayedItemsDataFlowService showed the processed record count to be increasing. Because the Admin Studio portal was not equipped to show the scheduled record count for the tenant layer in a multi-tenant environment, only the scheduled record count for the shared layer was shown. This has been resolved by updating the system to perform scheduled-item operations in shared context.
INC-212753 · Issue 707309
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.8
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability
INC-213595 · Issue 709694
Hazelcast documentation updated
Resolved in Pega Version 8.8
The documentation for configuring Hazelcast servers has been updated to clarify how to implement the settings needed to support multiple servers. https://docs.pega.com/configuring-client-server-mode-hazelcast-pega-platform
INC-213610 · Issue 708115
Job Scheduler explicitly unlocked after nodes restart
Resolved in Pega Version 8.8
If a job scheduler was in running state and the utility nodes were restarted, the background processing nodes were not coming up and resuming as expected and PersistentJobCleanupFactory:PresentMembersJobCleanup was throwing a stale execution exception. Investigation showed locks were not being removed from the database for the job scheduler when the restart was performed (noted in pegadata.pr_sys_locks table), preventing further runs. This has been resolved by adding an explicit lock removal process for this condition.
INC-213763 · Issue 708111
Job Scheduler explicitly unlocked after nodes restart
Resolved in Pega Version 8.8
If a job scheduler was in running state and the utility nodes were restarted, the background processing nodes were not coming up and resuming as expected and PersistentJobCleanupFactory:PresentMembersJobCleanup was throwing a stale execution exception. Investigation showed locks were not being removed from the database for the job scheduler when the restart was performed (noted in pegadata.pr_sys_locks table), preventing further runs. This has been resolved by adding an explicit lock removal process for this condition.
INC-213808 · Issue 710300
Stability enhancement to improve platform reliability and resiliency
Resolved in Pega Version 8.8
During a NBA campaign run, the data flow partition became stuck in the in-progress status and the campaign run did not complete. NoClassDefFoundException errors were logged, indicating a connectivity issue with the database after which the node was not able to recover successfully. This has been resolved by adding an enhancement to better handle situations where a database outage is detected.
INC-215005 · Issue 713192
Made CommitLog messages more resilient to class change
Resolved in Pega Version 8.8
Persistent class mismatch exceptions were seen while refreshing the ADM models after updating from Pega 8.5. This was caused by changes to the Cassandra adm_commitlog message schema which caused the commit log messages generated to be incompatible with the deserialisation logic present in higher versions of Pega, but as the commit log messages had a time to live of 24 hours the issue self-resolved. However, this has been resolved by setting serialVersionUID for the ModelParameters class so CommitLog messages are now compatible with future minor and patch releases.