SR-D53835 · Issue 524213
Handling added for custom authentication in embedded mashup
Resolved in Pega Version 8.2.6
After embedding the Mashup gadget in an external application, at browser refresh a Cross-Origin Read Blocking (CORB) warning appeared and the gadget did not load as expected. A second refresh cleared the error. Investigation showed that when custom authentication is configured, 'use SSL' is checked in Authentication service. That meant that when the user was authenticated, the redirection was not considering the query string entered before authentication and the CORB warning was issued due to a change in response. Because there is special handling for the above use case and post-authentication redirection does not happen through the normal flow (HttpAPI), this issue has been resolved by honoring the query string stored in requestor (entered by user) while redirecting.
SR-D54319 · Issue 532527
API added to sync presence with requestor to clear inactive operator sessions
Resolved in Pega Version 8.2.6
An intermittent error message was seen indicating the maximum number of active sessions for the current operator had been reached even though there were not multiple logins and there was no requestor displayed in the requestor management landing page. This was traced to sessions that were not properly closed and cleared, and has been resolved by exposing an API that will sync the presence record with the requestor state so inactive sessions will be cleared.
SR-D55160 · Issue 520355
Namibia and Botswana added to Currency Symbol values
Resolved in Pega Version 8.2.6
Support has been added for the Namibia (en_NA) and Botswana (en_BW) locales in the default Currency Symbol values.
SR-D55449 · Issue 523502
Cross-site scripting protection added to layout runtime java and whitelist validation available for host/XFHost
Resolved in Pega Version 8.2.6
In order to protect against Cross-site scripting issues, filtering has been added to the RepeatDynamicIndex parameter value in layout runtime java. In addition, a validation for X-Forward-Host value has been added which will be read from a local configuration. This is in the form of a white list regex filter for the host/XFHost header to ensure the URL's actions cannot be redirected.
SR-D56063 · Issue 522858
Hazelcast upgraded to resolve node startup issue
Resolved in Pega Version 8.2.6
Post data upgrade, the ADM tier failed to start and the error "java.lang.IllegalStateException: Node failed to start!" appeared. This was traced to a dormant bug in Hazelcast 3.11 that caused starting nodes to fail when the Hazelcast master node was shutting down, which was exposed by recent Pega changes made to enable parallel restarts of nodes in Cloud environments. Hazelcast delivered a fix for the parallel restart problem and the hotfixed jar has been merged into the platform. In addition, previous logic for loading Admin Studio waited 30 seconds before timing out when fetching information for each node. This caused issues with large clusters and Admin Studio not loading. The logic has been updated in the Admin Studio UI to load the page despite delays/issues waiting for nodes to respond to the gathering of cluster data, and the algorithm to detect remote-call timeout has been updated and is applicable to batch operation.
SR-D57038 · Issue 519380
JobScheduler DST handling updated
Resolved in Pega Version 8.2.6
When the locale being used changed out of Daylight Savings Time, scheduled jobs did run at the same local time as before but instead ran an hour earlier than expected. Investigation showed that jobscheduler calculated the next runtime based on the time difference from the cluster reference time and current time in milliseconds, and this offset in milliseconds was added to next run time. Since the cluster was started in DST, the job was running on same time due to the time difference. To resolve this, the system will use a calculation offset and set hours/minutes to nextRunTime object so that calendar lib handles daylight savings.
SR-D58927 · Issue 522290
Added expiration for orphaned tracers
Resolved in Pega Version 8.2.6
After tracing a REST service, the tracer was persisting but not showing in the requestor list from Admin studio. The operator shown in the error did not have access to the system anymore, and other users were not able to trace the service rule. Trying to clear the requestors in all the nodes using API POST /nodes/{nodeID}/pools/requestor/clear also did not resolve the issue. To address this, a distributed rule watch expiration has been added.
SR-D59262 · Issue 523616
Cleanup added for staging directory
Resolved in Pega Version 8.2.6
Temporary files from imports and exports (from DevOps) were filling up the staging area disk space because there was no automatic process for cleaning up these local files. This has been resolved by adding an enhancement that will clear the directory on Engine Startup and any time ParUtils.setStagingDirectory gets called to initialize the staging directory.
SR-D59619 · Issue 520345
Handling updated for comparing timestamps during daylight savings
Resolved in Pega Version 8.2.6
An issue with SOAP authentication that generated the error "wsse:FailedAuthentication The creation time is older than currenttime" was traced to the java library not handling daylight savings time properly. This has been resolved by using joda time to compare time stamps.
SR-D61967 · Issue 528216
Updated key handling for ProcessJWT
Resolved in Pega Version 8.2.6
After configuring an authentication service which used the ProcessJWT activity to validate the token received, the error "Unable to process the Json Web Token " was seen. Analysis showed the error was caused by a duplicate Key Id in JWK Endpoint Response: the system removed keys after processing, and in the case of duplicate keys the system was throwing null pointer exception because the key had already been removed. To resolve this, the system has been updated to not remove the keys from the map as part of this process.