INC-161260 · Issue 634050
Enhanced logging for CBAC policies
Resolved in Pega Version 8.4.5
Additional logs have been added to assist in easier debugging of any configuration issues with CBAC policies.
INC-163226 · Issue 632964
Alert resolved for query parameter in non-standard format
Resolved in Pega Version 8.4.5
A failure status occurred during refresh of an optimized grid section. Investigation showed this was caused by a parameterized datapage being used as a source for a section that passed a query parameter in a non-standard format. There was no functional impact, and the alert has been resolved by setting the system to call StreamParameter extraction only if the rejectTamperedRequests DSS is explicitly set to true.
INC-169186 · Issue 655539
Disconnect button availability extended
Resolved in Pega Version 8.4.5
A case was not refreshing when the disconnect button was selected while using the standard section for authorization grant type authentication. This was traced to a query executed to find a div with attribute pzInsHandle, but that attribute was not applicable in the user portal. To support this use, the query has been extended to be applicable for user portal (attribute data-ui-meta) and Dev Studio landing page.
INC-170423 · Issue 648982
Added catch for SAML WebSSO duplicate key exception
Resolved in Pega Version 8.4.5
After logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint. Cannot insert duplicate key in object." This has been resolved by updating the session index handling and adding a catch for the duplicate key exception.
INC-171838 · Issue 651438
Added mail/telephone link to allowed CSP child frame
Resolved in Pega Version 8.4.5
After upgrade from v8.3 to v8.5, clicking on the mail / telephone link in the out of the box case participants gadget generated the Content Security Policy error "This content is blocked. Contact the site owner to fix the issue." Examination of the browser dev-tools console indicated the object refused to frame because it violated the Content Security Policy directive: "frame-src *". This behavior was specific to the Google Chrome browser, and has been resolved by adding code so the mailto: and tel: will be added to the frame-src when Data is selected under Child Frame-Source option. Unchecking the Data checkbox for Child Frame-Source on the policy landing page will remove these from allowed actions under CSP.
INC-171875 · Issue 653894
Skip restored for browser request CSRF token
Resolved in Pega Version 8.4.5
Many SECU0008 alerts were seen in the production logs. This was the result of a CSRF token check on requests without pyActivity or pyStream, and has been resolved by restoring a conditional skip of the check as those other browser requests do not contain a CSRF token.
INC-153138 · Issue 625567
Database primary keys generated as NONCLUSTERED for imports
Resolved in Pega Version 8.4.5
When a primary key was defined for a table and the table was exported and then imported, the primary key was generated as CLUSTERED. This resulted in an MS SQL Cluster Index violation because all Pega-shipped tables generated during installs/upgrades have a PK constraint index with NONCLUSTERED index type as it allows for a longer key. This was a missed use case, and has been resolved by updating the system such that when importing with MS SQL database, the primary key index is made NONCLUSTERED all the time so it will be consistent with the base platform.
INC-154042 · Issue 621259
Pega Catalog custom upload control modified
Resolved in Pega Version 8.4.5
Attempting to upload a catalog.zip file caused the system to hang and thread dumps were seen in the logs. Investigation traced the issue to the custom control used to upload the catalog, which was posting the entire content in form data rather than sending a multi-part request. The control contained both legacy code which used form.submit() and encoding along with new code that used SafeURL and sent an async request. With this, encoding could not be set to multi-part in case of an AJAX request. To resolve this, the catalog upload control has been modified to use the appropriate legacy code that performs form.submit() and sets the encoding properly.
INC-157196 · Issue 629296
Deprecated service package features now require authentication
Resolved in Pega Version 8.4.5
Authentication has been added to deprecated features of the standard service package to improve security. If issues are encountered during product migration, please use the Deployment Manager.
INC-158519 · Issue 625078
Filter considers all instances pages during deployment
Resolved in Pega Version 8.4.5
During package deployment, attempting to use Filter to skip some of the instances only displayed the result of the current active page instead of all pages. This was an unintended consequence of previous work, and has been resolved by adding the logic to strip quotes in the value and adding the "Pagination activity manages filtering" checkbox by default.