INC-206288 · Issue 705268
Addressed intermittent Issues with OAuth2
Resolved in Pega Version 8.7.2
Issues with logging in to a node by way of the access token endpoint were related to the error "JSON web token is rejected during signature verification due to bad signature". This has been resolved by adding clock skew value to the JWT processor bean during validation.
INC-207307 · Issue 709715
Corrected OAuth jar version for custom Keystore rule
Resolved in Pega Version 8.7.2
Attempting to create a custom JKS and Keystore rule so it could be pointed to the Pega cipher and use the encrypt and decrypt functionalities failed with an error indicating it was not a valid KMS keystore. This was traced to an issue with a jar version mismatch: upon checking the dependencies for the nimbus-oauth-sdk jar, even though version 6.18.1 was specified the system picked the 8.27 version through transitive dependencies, and the 8.27 version doesn't have the needed CommonContentTypes class. This has been resolved by reducing the version to 6.18.1 in conflicting build.gradle.
INC-209387 · Issue 706151
Security updates
Resolved in Pega Version 8.7.2
Security updates have been made relating to rulesets using allow lists, checks for Java code injections, SAML-based SSO code, and supporting SFTP as part of the validation in the pxValidateURL rule.
INC-210346 · Issue 709711
Check added to ensure Job scheduler executed only once
Resolved in Pega Version 8.7.2
When Node A and Node B woke up at the same time to start executing the job scheduler, both were attempting to update the "now processing" node ID with their ID but only Node A succeeded. This caused Node B to generate a "lock already held" exception, then Node B would try to release the lock and update "now processing" node ID. If Node A released the lock before Node B tried to, then Node B updated the "now processing" nodeID and executed the scheduler, causing it to be run twice. This double-run has been resolved by adding a check for whether the job scheduler has been executed recently before starting it.
INC-211917 · Issue 709323
Scheduled-item operations performed in shared context
Resolved in Pega Version 8.7.2
Scheduled items were not getting processed either by DelayedItemsDataFlowService data flow or by reverting to the pzDelayedQueueProcessorSchedule Job Scheduler, and the number of scheduled items in the pr_sys_delayed_queue table continued to grow even though DelayedItemsDataFlowService showed the processed record count to be increasing. Because the Admin Studio portal was not equipped to show the scheduled record count for the tenant layer in a multi-tenant environment, only the scheduled record count for the shared layer was shown. This has been resolved by updating the system to perform scheduled-item operations in shared context.
INC-213502 · Issue 711796
Updated context handling for DxAPI Perform Assignment lock
Resolved in Pega Version 8.7.2
The DxAPI Perform Assignment was generating the error "ValidationMessage:Unable to unlock GROUP-DISPUTES-WORK". This has been resolved by adding an update to ensure proper context is set for getting an additional lock handle.
INC-213610 · Issue 708114
Job Scheduler explicitly unlocked after nodes restart
Resolved in Pega Version 8.7.2
If a job scheduler was in running state and the utility nodes were restarted, the background processing nodes were not coming up and resuming as expected and PersistentJobCleanupFactory:PresentMembersJobCleanup was throwing a stale execution exception. Investigation showed locks were not being removed from the database for the job scheduler when the restart was performed (noted in pegadata.pr_sys_locks table), preventing further runs. This has been resolved by adding an explicit lock removal process for this condition.
INC-213763 · Issue 708110
Job Scheduler explicitly unlocked after nodes restart
Resolved in Pega Version 8.7.2
If a job scheduler was in running state and the utility nodes were restarted, the background processing nodes were not coming up and resuming as expected and PersistentJobCleanupFactory:PresentMembersJobCleanup was throwing a stale execution exception. Investigation showed locks were not being removed from the database for the job scheduler when the restart was performed (noted in pegadata.pr_sys_locks table), preventing further runs. This has been resolved by adding an explicit lock removal process for this condition.
INC-213821 · Issue 708314
QueueProcessor timeout made configurable
Resolved in Pega Version 8.7.2
Queue Processor timeouts were causing thread interruptions, causing items to be processed more than once. To resolve this, the QueueProcessor kafka-write timeout has been made configurable via the DASS Pega-Engine:queueprocessor/dataset/write/timeoutMs
INC-215937 · Issue 713771
Added exception handling for PageGroup alerts
Resolved in Pega Version 8.7.2
Queue items were going to the broken queue if there was an issue fetching the alert configuration from the Queue Processor rule. The error "java.lang.IllegalArgumentException: Alert id cannot be blank" was seen. This has been resolved by adding exception handling while gathering alerts from PageGroup so that a malformed alert configuration will not cause overall failure of a processed message, but instead an empty alert will be returned if configuration-data is corrupted.