SR-D46681 · Issue 514432
SnapStart supports SAML2 Authentication
Resolved in Pega Version 8.3.2
When using an HTTP Post to SnapStart into Pega using PRCustom style or PRAuth style SAML authentication, the login was looping back to the login request. Investigation showed that the Pega ACS was posting data properly back to the RelayState URL, however the login activity was not getting the SAMLResponse and simply sent a SAML Login Request again. This has been fixed by updating reqContextURI in case of SAML2 Authentication service so pyActivity=value will be passed.
SR-D47685 · Issue 514645
Cookie logging restored
Resolved in Pega Version 8.3.2
As part of security updates, Cookies were restricted from being logged. However, this caused some business use cases such as a custom function call to obtain the list of cookies that are present in the application to stop working. To resolve this, the cookie logging restriction has been reverted.
SR-D48433 · Issue 529854
Exception handling added for Redirect URL fetched from GRS
Resolved in Pega Version 8.3.2
When the application definition under “integration and security" tab was configured to use "Store in web storage provider" to allow choosing the storage name and the authentication profile, configuring the authentication profile to use an OpenID connect provider with the pyEndpointURL property given as a global resource setting such as (=D_SharepointDetails.url) was not working as expected. Clicking browse in the application definition sent the request to the OpenID connect provider and was returned with the error "The reference =D_SharepointDetails.url is not valid. Reason: Page name (D_SharepointDetails) from indirect reference was not found." This was traced to the Redirect URL (fetched from GRS) throwing an unhandled exception, and has been resolved.
SR-D48762 · Issue 518296
Enhancement added to support DB2 CREATE OR REPLACE view syntax
Resolved in Pega Version 8.3.2
After creating the product, attempting to import it on another environment failed due to incompatibilities with the syntax. In SQLGeneratorDb2.getViewSourceStatement(), when the View definition is fetched there is a check whether the view starts with "CREATE VIEW". Since the customer view of "CREATE OR REPLACE" was not supported in Db2LUW, it didn't match and appended the "CREATE VIEW" statement again. This happened only when using DB2, and has been resolved by updating the logic in SQLGeneratorDb2.getViewSourceStatement() to support CREATE OR REPLACE VIEW statements.
SR-D49804 · Issue 518225
Hierarchical view support added for moving packages
Resolved in Pega Version 8.3.2
After exporting a package from a DEV environment, attempting to import it to a TEST environment resulted in the query becoming corrupted and the process failing. This was traced to the regex used to fetch the select statement table name not supporting hierarchical views, and has been resolved by adding that support.
SR-D50539 · Issue 521149
DB locking improved for login performance
Resolved in Pega Version 8.3.2
A slowness issue seen when trying to login to my.pega.com was traced to numerous DB locks occurring on the pr_data_saml_authreqcontext table during the SAML flow. Analysis showed that while running Obj-Save on AuthRequestContext with 'OnlyIfNew' as false, the check caused a select query to run on the table to determine if the context was already there and insert it if it was not. To resolve this, the onlyIfNew check will default to true to avoid running the query; if the context is already present it will be overridden. Duplicate key exception handling has also been added to avoid any issues if a resave is done with same key.
SR-D51324 · Issue 523433
Authentication state refreshed after failure in mobile
Resolved in Pega Version 8.3.2
When using the mobile app, if the log in was started and incorrect credentials or empty fields were submitted and then the credentials screen was X-ed out or canceled, attempting to log in again using the correct information still received the "Authentication failed" error. A subsequent attempt with the correct credentials would then work. This was traced to the server persisting the state from the first request (per browser session), and has been resolved.
SR-D52785 · Issue 518408
Cross-site scripting protection added to layout runtime java and whitelist validation available for host/XFHost
Resolved in Pega Version 8.3.2
In order to protect against Cross-site scripting issues, filtering has been added to the RepeatDynamicIndex parameter value in layout runtime java. In addition, a validation for X-Forward-Host value has been added which will be read from a local configuration. This is in the form of a white list regex filter for the host/XFHost header to ensure the URL's actions cannot be redirected.
SR-D52969 · Issue 514702
Column population honors thread count of 1
Resolved in Pega Version 8.3.2
The thread count parameter in the column population activity was not being honored, causing repeated deadlocks when trying to populate columns. Investigation showed that the ExposeCols process did not honor the thread count when it was 1 (the default is 4), and this has been fixed by adding the necessary code so that if the thread count is 1, it will not run in multhreaded mode.
SR-D53838 · Issue 521478
Run Ruleset Cleanup defaults to true
Resolved in Pega Version 8.3.2
After upgrade, the rule categories and rules were not showing correctly in the App view of the Dev Portal. Many warning messages were also logged related to the Decisioning DM Sample application. This was traced to the rules cleanup script not running properly. While there was a workaround of applying the ruleset cleanup scripts manually after removing the queries that reference the pr_engineclasses table, the cleanup will now be set to run by default (run.ruleset.cleanup=true). In addition, the logic to determine which RuleSets to include has been simplified and most of the pr4_rule_vw deletions have been combined.