INC-208366 · Issue 701894
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.4
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-208424 · Issue 704598
Custom header character encoding for Subject added
Resolved in Pega Version 8.6.4
Case correspondence that contained a Subject with accent characters such as "Invitation à être" was being rejected by MailJet on the basis of encoding issues on the "Thread-Topic" when using custom headers. The error "BAD HEADER SECTION, Non-encoded non-ASCII data (and not UTF-8)" was generated. This was traced to the Send Email Smart Shape handling when using custom headers, and has been resolved by encoding the Subject before appending it to the Thread-topic header while adding custom headers.
INC-208516 · Issue 700979
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.4
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-208556 · Issue 702174
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.4
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-210059 · Issue 706889
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.4
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-210771 · Issue 708811
Updated access group handling for CurrentWorkPool property
Resolved in Pega Version 8.6.4
After update, the pxThread.pxCurrentWorkPool property was not properly populated in App Requestors when the activity was called from Rest service. This was caused by a difference in the authentication check after a security modification, and has been resolved.
INC-211101 · Issue 709878
ClipboardPageImpl handling updated for virtual list variable mRepresentativeRow
Resolved in Pega Version 8.6.4
A Concurrent Modification exception was seen after update. This was traced to the ClipboardPageImpl use of a virtual list variable "mRepresentativeRow" in the "InMemoryStringTable" class's method where it was iterating the "InMemoryStringTable" while the same list("InMemoryStringTable") was being modified by another thread at the same time. This has been resolved by modifying the Java file InMemoryStringTable to create a copy of the variable mRepresentativeRow to make sure that while iterating over it, the application will iterate only on a copied variable and not the original variable to prevent the concurrent modification exception.
INC-211178 · Issue 704593
Decimal parameters retain null value instead of being set to 0
Resolved in Pega Version 8.6.4
When mapping any data in 8.6+, if the source is a decimal property rule and the target is a parameter defined as decimal, the decimal parameter's value will be 0 if the source property is null. This was a behavior change from previous versions of Pega where the target parameter would be null. This has been resolved by changing the code generation for the read operation on the parameter decimal type assignment to use resolveToString() instead of calling resolveToBigDecimal() so a null value is retained..
INC-211292 · Issue 705886
Updated handling for last_access to improve backwards compatibility
Resolved in Pega Version 8.6.4
After update from Pega 8.3 to Pega 8.6, many errors were seen in the logs regarding the call of the Pega API /api/v1/nodes/all/requestors. In 8.3, the API was responding with the field last_access populated properly, but this field was blank in the new version. This was an unintended consequence of work done to resolve inconsistencies with the date format in Admin Studio, and has been resolved.
INC-211480 · Issue 712419
Handling added updates involving Oracle descending column
Resolved in Pega Version 8.6.4
The build was failing when attempting to update to Pega 8.6, and an error indicating an issue with Oracle columns was generated. Investigation showed that when a column changed that belonged to an index which had a 'desc' column (even if the changed column was not specified as desc), an Oracle restriction was triggered. This occurred with any column size increase if the column participated in an index containing a descending column or a function index. This has been resolved by adding a step to drop the index before altering the column if a Descending index is involved, and to catch the case where the resized index is part of an index that has a descending column but is not necessarily a descending column itself.