Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Go to download resolved issues by patch release.

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please update your bookmarks. This site will be discontinued in Dec 2024.

Pega Platform Resolved Issues for 8.1 and newer are now available on the Support Center.

SR-B95798 · Issue 344526

XSS filtering added to GetTour

Resolved in Pega Version 7.4

Cross scripting filtering has been added to pxGetTour java step 7, which prepares JSON.

SR-C1107 · Issue 351146

Oauth tokens obtained on login timeout

Resolved in Pega Version 7.4

When the client idle time expires, the user must perform a login in order to get back into the application. If OAuth is being used for authentication there is no need to re-send the credentials to NetIQ if neither the refresh token nor access token are expired yet, but the hybrid client was repeating the ROPC flow and obtaining a new refresh token each time the user logged in after the client idle timeout expires. With this change, the tokens are obtained on login timeout. There will be a further update targeted for the next release to show the lock screen and not log the user out.

SR-C1107 · Issue 351606

Oauth tokens obtained on login timeout

Resolved in Pega Version 7.4

When the client idle time expires, the user must perform a login in order to get back into the application. If OAuth is being used for authentication there is no need to re-send the credentials to NetIQ if neither the refresh token nor access token are expired yet, but the hybrid client was repeating the ROPC flow and obtaining a new refresh token each time the user logged in after the client idle timeout expires. With this change, the tokens are obtained on login timeout. There will be a further update targeted for the next release to show the lock screen and not log the user out.

SR-C147 · Issue 343884

Security improvements for generateCellContent RUF

Resolved in Pega Version 7.4

Code changes have been made to improve security for getting the parameter value in the generateCellContent RUF.

SR-C1787 · Issue 346038

XSS filtering added for insHandle

Resolved in Pega Version 7.4

XSS filtering has been added for the inshandle parameter in the downloadFile activity.

SR-C1787 · Issue 320158

Exception message will not include invalid filename

Resolved in Pega Version 7.4

To enhance security, the exception message In the activity Rule-File-Binary.downloadFile will not display the invalid filename.

SR-B47858 · Issue 304348

Access Group Guardrail warning removed from password change

Resolved in Pega Version 7.4

Changing the password for the '[email protected]' operator generated the warning: 'The same Access Group should not be shared by Operators and Requestor Types. Access group PRPC:Agents was also referenced by Requestor Type DATA-ADMIN-REQUESTOR PRPC!BATCH'. The password change did take effect as expected. This guardrail warning was shown if the Access group used by the [email protected] operator, i.e. PRPC:Agents, was specified in any of Data-Admin-Requestor instance, and has been resolved by removing the unnecessary check.

SR-B66932 · Issue 334833

Indexes created on a MT system automatically contain pzTenantID column

Resolved in Pega Version 7.4

When installing PDC on a multi-tenant system the pzTenantID column is automatically added to every application table (pegaam_*). This is expected. However, the indexes contained in the schema jar were not automatically extended to contain the pzTenantID, which created the need to manually update all indexes post-install to include the pzTenantID column on the first place. A similar problem existed when updating to a newer version of PDC that contains schema changes. This has been addressed by adding MultiTenantPolicy and Import/Default concrete classes that inform DatabaseSchemaGenerator.IndexElement whether or not to include pzTenantID in the column list. During Import, pzTenantID will be added to all indexes on shared context tables. In other utilities (UAS, clone table, etc.) the column will only be added to primary key and unique indexes/constraints (existing behavior).

SR-B83849 · Issue 337067

Exception handling added for XML with invalid characters

Resolved in Pega Version 7.4

When PDC receives an Exception alert in the form of a SOAP Message from one of its monitored nodes, it parses the XML and creates a work object from it. However, if the Exception was caused by an XML with invalid characters, the Exception SOAP Alert message carried the invalid characters when arriving on AES/PDC PRSOAPServlet, causing the engine to fail in parsing the XML and generate an exception. Logic has now been added to SOAP envelope parsing to catch the exception, sanitize the payload, and then re-feed it to the parser.

SR-C445 · Issue 344716

cluster rule watch lock expires on crash

Resolved in Pega Version 7.4

If the cluster rule watch was in progress and the browser / system crashed, the rule watch became locked until the system (cluster) was restarted. In this case, the disconnect command from Req1 has an encrypted requestor ID because it is an unauthenticated requestor, leading to all String-matches failing. A hook to delete all entries in the distributed rule watch map for a given requestor during its clean up has now been added to resolve this.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us