SR-D70872 · Issue 545858
Kerberos authentication parameters propagated for deployment
Resolved in Pega Version 8.4.1
Attempting to perform a deployment using Kerberos authentication to an Oracle database failed with an authentication error. This was traced to the java system properties (for example, -Dname=value) required by the Oracle JDBC driver for Kerberos authentication intermittently not being set when connections were being made to the database. When they were not being set, the connection would fail due to authentication. This has been resolved by ensuring the java system properties (-D's) that were provided to the 'custom.jvm.properties' property in the collection of deployment related *.properties files are being propagated to every part of the deployment scripts.
SR-D72636 · Issue 536090
Added handling for Authorization Server login loop
Resolved in Pega Version 8.4.1
When the Authorization server returned an error, it was redirecting back with error, error_description, and parameters. The system then tried to start the login process again, the same error parameters were returned again, and it continued to loop this way. To resolve this issue, handling has been added for this error scenario from the Authorization Server.
SR-D77004 · Issue 542349
View Full History will not include private edits
Resolved in Pega Version 8.4.1
After upgrade, clicking 'View Full History' and then 'History of All Versions', showed the history of discarded private edits of other users. This was an inadvertent side effect of work done to improve the support for rollback and migration, and has been resolved by updating the system to not save the history when in a personal ruleset (checkouts/private edits). The help documentation has also been updated to note there is no history available for checkouts/private edits.
SR-D78274 · Issue 544094
Handling added for dual privileges with MSSQL
Resolved in Pega Version 8.4.1
After setting up dual privileges, the Admin user was able to create a table but the base user received an "insufficient privileges" error. Investigation showed this was an issue when using MSSQL: the generated grant statements used the server login name as the user in the grant statement, instead of the database user. For all other databases, the username passed into the connection is the correct user to use for grants. Only MSSQL has a distinction between this connection user name (the login) and the database user, and since the login did not exist in the user table, the grant failed. To resolve this, when MSSQL is used, the system will fetch the underlying database user when determining the user for grant statement generation.
SR-D79178 · Issue 543314
SameSite cookie setting added for Mashup support in Google Chrome v80+
Resolved in Pega Version 8.4.1
The Google Chrome browser version 80 and above now treats SameSite with a blank value as "Lax" by default, causing mashup scenarios to break. In order to compensate for this change, support has been added for setting SameSite=None in Cookie Settings; this value automatically includes the “secure” cookie flag, which enforces HTTPS for the Pega server and mashup. For mashups to work, SameSite should be set as None. Create a Dynamic system setting in the Pega-Engine RuleSet with the name “security/csrf/samesitecookieattributevalue” and the value "None" and restart the server. (The SameSite value "None" works only in secure HTTPS connections.) Note: The SameSite cookie may be set to None/Lax/Strict, based on the requirement. For cookie requirements other than mashup, it should be set as either Strict or Lax, depending upon your application.
SR-D83053 · Issue 544270
SameSite cookie setting added for Mashup support in Google Chrome v80+
Resolved in Pega Version 8.4.1
The Google Chrome browser version 80 and above now treats SameSite with a blank value as "Lax" by default, causing mashup scenarios to break. In order to compensate for this change, support has been added for setting SameSite=None in Cookie Settings; this value automatically includes the “secure” cookie flag, which enforces HTTPS for the Pega server and mashup. For mashups to work, SameSite should be set as None. Create a Dynamic system setting in the Pega-Engine RuleSet with the name “security/csrf/samesitecookieattributevalue” and the value "None" and restart the server. (The SameSite value "None" works only in secure HTTPS connections.) Note: The SameSite cookie may be set to None/Lax/Strict, based on the requirement. For cookie requirements other than mashup, it should be set as either Strict or Lax, depending upon your application.
SR-D84190 · Issue 547175
Post-Import Migration Agent query optimized
Resolved in Pega Version 8.4.1
A Post-Import Migration agent belonging to the Pega-ImportExport Ruleset and set to run every 60 seconds by default triggered the SQL query "select ASTERISK from pegadata.pca_CWT_CXP_Work_Interaction" which ran for an excessive amount of time, caused a utilization spike, and then crashed the utility nodes. Investigation showed the excessive run time and load was caused by the query fetching a very large number of results. To better handle this scenario, the query usage has been updated.
SR-D84795 · Issue 546204
Handling added for NOT NULL primary key requirement
Resolved in Pega Version 8.4.1
The CRMFS application upgrade failed during an upgrade of a Production-clone environment to Pega 8.3.1 with the error "Encountered an issue applying DDL: ALTER TABLE pegadata.pr_History_PegaSAFS_Data_ReasonCode ALTER COLUMN pzinskey DROP NOT NULL: Database-General Problem executing SQL to update database schema ERROR: column "pzinskey" is in a primary key." This occurred because the database had a table column as primary key with a NOT NULL modifier while the archive that needed to be imported had a table column with neither the primary key nor NOT NULL modifier in it. Therefore during import the system was trying to drop the NOT NULL modifier first, resulting in the error as NOT NULL cannot be removed if it is a primary key. To resolve this, handling has been added for the use case of not dropping the NOT NULL requirement for the primary key.
SR-D85745 · Issue 545906
DASS and DAS associated to the Pega-ProcessCommander Ruleset
Resolved in Pega Version 8.4.1
An upgrade was failing at the point of Pega Rules Upgrade in the Installer Instance with the error "Encountered database exception when preprocessing deferred operations <insert updatesCache instance DATA-ADMIN-SYSTEM PEGA not only if new>. This node not found in the database - Either the record was never saved or was deleted. Unable to join the cluster." This error occurred because the strategic application import during upgrade manually included a "systemname" DASS instance which had a value other than "prpc". This caused a override of the platform shipped DASS (with value "prpc), which is required by the upgrade. In order to avoid this condition, DASS and DAS have been associated to the Pega-ProcessCommander Ruleset.
SR-D89002 · Issue 549104
SameSite cookie setting updated for pre-authentication
Resolved in Pega Version 8.4.1
In work done in previous versions to modify the SameSite cookie handling to support Mashups in Google Chrome v80+, SameSite was set to None only in case of an authenticated Pega-RULES cookie and not for a Pre-authenticated cookie. That caused the Samesite value to not be set when using a pre-authenticated cookie, and the blank value was treated as 'Lax', causing a login challenge. To resolve this, Samesite will be set to 'None' when using pre-authenticated cookie, which will match the way it is being set in authenticated cookie.