SR-D54319 · Issue 532526
API added to sync presence with requestor to clear inactive operator sessions
Resolved in Pega Version 8.3.2
An intermittent error message was seen indicating the maximum number of active sessions for the current operator had been reached even though there were not multiple logins and there was no requestor displayed in the requestor management landing page. This was traced to sessions that were not properly closed and cleared, and has been resolved by exposing an API that will sync the presence record with the requestor state so inactive sessions will be cleared.
SR-D54628 · Issue 524567
jFreeChart upgraded
Resolved in Pega Version 8.3.2
Chart generation activities have been updated to use JFreeChart v1.0.19.
SR-D55160 · Issue 520354
Namibia and Botswana added to Currency Symbol values
Resolved in Pega Version 8.3.2
Support has been added for the Namibia (en_NA) and Botswana (en_BW) locales in the default Currency Symbol values.
SR-D55449 · Issue 523501
Cross-site scripting protection added to layout runtime java and whitelist validation available for host/XFHost
Resolved in Pega Version 8.3.2
In order to protect against Cross-site scripting issues, filtering has been added to the RepeatDynamicIndex parameter value in layout runtime java. In addition, a validation for X-Forward-Host value has been added which will be read from a local configuration. This is in the form of a white list regex filter for the host/XFHost header to ensure the URL's actions cannot be redirected.
SR-D55508 · Issue 521859
CSRF and Fingerprint token handling added to custom URL generation
Resolved in Pega Version 8.3.2
An error screen appeared with the message "Server response error, no update data returned" while doing a check out and check in of the offer rule. This was traced to CSRF token validation: in this scenario, a custom URL was being framed and the corresponding request did not have a valid CSRF/ Fingerprint token, which can occur when there are custom AJAX/Non-ajax URLs constructed manually in the non-autogenerated/HTML streams. To address this, handling has been added for CSRF and fingerprint tokens as part of the custom URL generation.
SR-D56063 · Issue 522857
Hazelcast upgraded to resolve node startup issue
Resolved in Pega Version 8.3.2
Post data upgrade, the ADM tier failed to start and the error "java.lang.IllegalStateException: Node failed to start!" appeared. This was traced to a dormant bug in Hazelcast 3.11 that caused starting nodes to fail when the Hazelcast master node was shutting down, which was exposed by recent Pega changes made to enable parallel restarts of nodes in Cloud environments. Hazelcast delivered a fix for the parallel restart problem and the hotfixed jar has been merged into the platform. In addition, previous logic for loading Admin Studio waited 30 seconds before timing out when fetching information for each node. This caused issues with large clusters and Admin Studio not loading. The logic has been updated in the Admin Studio UI to load the page despite delays/issues waiting for nodes to respond to the gathering of cluster data, and the algorithm to detect remote-call timeout has been updated and is applicable to batch operation.
SR-D56409 · Issue 520742
URL Encryption and Obfuscation made compatible with site-minder
Resolved in Pega Version 8.3.2
Attempting to install a DL using Hfix Manager worked when not going through SSO but failed when using SSO. Investigation showed that this was due to the use of URLEncryption: URLEncryption uses a Pega-supplied base64 to encode the cipher text with MIME type encoding by default, which adds newline character after every 72 characters. This is not compatible with site-minder. which has policies to restrict newline characters in the URL. As a result, none of the encrypted requests were being processed. To resolve this, post-processing logic has been added to remove newline characters from encoded text. This change has also been applied top URLObfuscation.
SR-D56527 · Issue 538301
DSS PegaAESREmote*ResetTableStats set to false
Resolved in Pega Version 8.3.2
In order to prevent an issue with resetting table stats that potentially impacts postgres in an unintended fashion, the DSS PegaAESREmote*ResetTableStats has been set to false.
SR-D57038 · Issue 519379
JobScheduler DST handling updated
Resolved in Pega Version 8.3.2
When the locale being used changed out of Daylight Savings Time, scheduled jobs did run at the same local time as before but instead ran an hour earlier than expected. Investigation showed that jobscheduler calculated the next runtime based on the time difference from the cluster reference time and current time in milliseconds, and this offset in milliseconds was added to next run time. Since the cluster was started in DST, the job was running on same time due to the time difference. To resolve this, the system will use a calculation offset and set hours/minutes to nextRunTime object so that calendar lib handles daylight savings.
SR-D57444 · Issue 519166
Scripts provided to remove unneeded TenantID for Cloud upgrade
Resolved in Pega Version 8.3.2
Cloud upgrade from 8.3 to 8.3.1 was failing in a multi-tenant environment during creation of the Data-MigrationPoint instance. This was traced to pzTenantId not being included in the insert statement when the table included the pzTenantId column. As the column is unnecessary and was only included in the table for completeness, scripts have been provided to remove the pzTenantId column from the table for 8.3.0 and 8.3.1 MT deployments and remove pzTenantId from table in pegarules-master.xml to resolve this issue.