INC-178148 · Issue 660926
Handling added for SSO servlet name
Resolved in Pega Version 8.5.5
After update, logging into an external site was not working correctly due to the SSO URL being appended with "/app/default". This has been resolved by updating the code to handle the servlet name properly.
INC-178923 · Issue 660887
Resolved startup error related to business calendar object
Resolved in Pega Version 8.5.5
An error recorded in the log file when the server started was traced to a cache update that removed the old business calendar object and added the new business calendar object to the business cal list. This has been resolved by updating the system to replace the business calendar object instead of removing the old one from the cache first.
INC-179025 · Issue 665544
Null check added for getTargetNodeUUID
Resolved in Pega Version 8.5.5
A null pointer error was seen from the tracer during a security scan. This has been resolved with the addition of a null check for TracerRequest.getTargetNodeUUID.
INC-179167 · Issue 659592
Atmosphere update
Resolved in Pega Version 8.5.5
The Atmosphere jar has been updated to version 2.4.5.
INC-179448 · Issue 664314
Tracer protections updated
Resolved in Pega Version 8.5.5
Cross-site scripting protections have been updated for Tracer.
INC-182572 · Issue 663555
Support added for multiple host proxy architecture
Resolved in Pega Version 8.5.5
When using an architecture where certain types of users were sent through multiple proxy servers to get the Pega Cloud instance, an exception was generated at the point of accessing the environment. This was traced to the use of Apache 2.4 with mod_proxy. As the request passed through each proxy, the x-forwarded-host header had values appended to it by mod_proxy which resulted in the error "com.pega.pegarules.pub.context.PRSecurityException: Multiple host names in header X-forwarded-Host". This has been resolved by updating the code to support using a multiple host proxy configuration.
INC-184668 · Issue 665956
Check added for null mColumn values while estimating size
Resolved in Pega Version 8.5.5
A null pointer error indicating an issue with AbstractDataPageHandler.estimateDataSize was traced to missing handling for null values in mColumns while calculating size. This has been resolved with the addition of a null check.
INC-159836 · Issue 631205
Resolved unnecessary Apache UIMA Ruta logging
Resolved in Pega Version 8.5.5
A high level of exception logging related to Apache UIMA Ruta was seen under high loads due to annotations in the standard Ruta scripts; this did not impact execution, and has been resolved so only relevant events are logged.
INC-169412 · Issue 648881
Cross-site scripting protections updated for Graph Models
Resolved in Pega Version 8.5.5
Cross-site scripting protections have been updated for Graph Models.
INC-170721 · Issue 658959
Stricter criteria set for reusing an SSAExecutionContext
Resolved in Pega Version 8.5.5
After a Strategy was configured with an existing Proposition Filter and the Explain Results box was unchecked, executing the strategy resulted in the error "Stack is empty, cannot pop any more frames". Investigation showed that the SSAExecutionContext object was reused across the two criteria evaluation in Proposition Filter rule: this works well as long as the input is the same across the two evaluations. However, the SSAExecutionContext object also stashed a reference to a PublicAPI object which became stale in the second evaluation and caused the empty stack issue for the given scenario. This has been resolved by providing stricter criteria in deciding when an SSAExecutionContext can be reused or not in the case of Proposition Filter rule.