INC-204897 · Issue 696150
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.8
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability
INC-204998 · Issue 705628
Data page definition reload made more robust
Resolved in Pega Version 8.8
The data page was intermittently being removed from the cache. This was traced to the use of a thread from ThreadContainer to reload the data page definition: a null thread could be returned if the request came from a master agent, which would then cause the definition reload to fail. This has been resolved by updating the system to use the current thread in context to reload the data page definition.
INC-205774 · Issue 721818
Data page definition reload made more robust
Resolved in Pega Version 8.8
The data page was intermittently being removed from the cache. This was traced to the use of a thread from ThreadContainer to reload the data page definition: a null thread could be returned if the request came from a master agent, which would then cause the definition reload to fail. This has been resolved by updating the system to use the current thread in context to reload the data page definition.
INC-207009 · Issue 718286
Explicit expiration added to avoid searching for expired requestor
Resolved in Pega Version 8.8
A login page was taking long time to display. This was traced to pre-authentication cookie in the browser pointing to the requestor object on the server which triggered a lookup across the entire cluster of servers to find the requestor. This was not only taking time, but the attempt to find the requestor in the cluster would always fail to return results as the requestor was not passivated but instead removed after two minutes. To resolve this, an expiration has been added to the Pega-RULES cookie when the value is pre-authenticated. The time to expire is derived based on the short-lived requestor time for unauthenticated requestors + 1 minute, and will be 2 minutes by default. This will avoid searching for a requestor across all nodes in cluster when the requestor has already timed out and been destroyed by server.
INC-207159 · Issue 707618
Localization added for delegated datatype tab
Resolved in Pega Version 8.8
Localization was not working for the title of a thread which opened when attempting to edit the delegated datatype. This has been corrected.
INC-208424 · Issue 707613
Custom header character encoding for Subject added
Resolved in Pega Version 8.8
Case correspondence that contained a Subject with accent characters such as "Invitation à être" was being rejected by MailJet on the basis of encoding issues on the "Thread-Topic" when using custom headers. The error "BAD HEADER SECTION, Non-encoded non-ASCII data (and not UTF-8)" was generated. This was traced to the Send Email Smart Shape handling when using custom headers, and has been resolved by encoding the Subject before appending it to the Thread-topic header while adding custom headers.
INC-210475 · Issue 705370
JVM check added for memory allocation metrics collection
Resolved in Pega Version 8.8
After update, frequent errors were logged regarding "ThreadMXBean) ERROR - Cannot get memory allocation data for thread". This was due to the collection of memory allocation data only being available for SUN based JVMs while the system experiencing the error runs IBM JDK. To resolve this, checks have been added to determine whether the thread memory allocation metrics collection attribute is supported by the JVM or not, and if not the collection will be disabled.
INC-210771 · Issue 708813
Updated access group handling for CurrentWorkPool property
Resolved in Pega Version 8.8
After update, the pxThread.pxCurrentWorkPool property was not properly populated in App Requestors when the activity was called from Rest service. This was caused by a difference in the authentication check after a security modification, and has been resolved.
INC-210855 · Issue 715821
BigDecimal handling updated for @ sum function
Resolved in Pega Version 8.8
The @ sum function was not behaving correctly. This was traced to the java code in the 'sum--(ClipboardPropertyCollection)' function which was not properly converting the double to Bigdecimal for some of the inputs like 500, 500, 600.11. This has been resolved by modifying the function to convert input properties to BigDecimal, add BigDecimal values, and return the result.
INC-211101 · Issue 709880
ClipboardPageImpl handling updated for virtual list variable mRepresentativeRow
Resolved in Pega Version 8.8
A Concurrent Modification exception was seen after update. This was traced to the ClipboardPageImpl use of a virtual list variable "mRepresentativeRow" in the "InMemoryStringTable" class's method where it was iterating the "InMemoryStringTable" while the same list("InMemoryStringTable") was being modified by another thread at the same time. This has been resolved by modifying the Java file InMemoryStringTable to create a copy of the variable mRepresentativeRow to make sure that while iterating over it, the application will iterate only on a copied variable and not the original variable to prevent the concurrent modification exception.