SR-D80539 · Issue 544794
Testcases are not available for 'access when' rules
Resolved in Pega Version 8.5
Attempting to create test cases for access when rules resulted in guardrail warnings about the need to create a test case. Because Test Cases are not available for the Access When rule type as per Pega expected behavior, the guardrail warnings are not valid and have been removed.
SR-D72672 · Issue 536389
Security updated for CreateOperator
Resolved in Pega Version 8.5
In order to improve security, CreateOperator in Pega-ProCom will require authentication to run with pxCanManageUsers privilege.
SR-D69927 · Issue 537480
Cleanup added for staging directory
Resolved in Pega Version 8.5
Temporary files from imports and exports (from DevOps) were filling up the staging area disk space because there was no automatic process for cleaning up these local files. This has been resolved by adding an enhancement that will clear the directory on Engine Startup and any time ParUtils.setStagingDirectory gets called to initialize the staging directory.
SR-D76492 · Issue 549969
Added check for test case creation when Cross-site scripting security enabled
Resolved in Pega Version 8.5
Test case creation was failing. Investigation showed that when the "Cross-Site Request Forgery" security setting was enabled, the CSRF token and Browser fingerprint were not included in AJAX calls, and the Ruleinskey was not getting passed. This has been resolved by adding a check to evaluate whether security measures are included or not when making a server call from AJAX, and including the tokens required when appropriate.
SR-D79397 · Issue 546416
Rule-Utility-Function references updated with library information
Resolved in Pega Version 8.5
The "changeSystemName” operation failed. This was traced to the function “getLocalizedValue” (Rule-Utility-Function) being saved into the PegaFS library due to runtime resolution based on the function signature even though the actual Rule-Utility-Function from “Pega-Rules” ruleset needed to be picked in this case. To ensure the correct ruleset is picked, Rule-Utility-Function references have been updated with library information to resolve the resolution collision scenario.
SR-D52138 · Issue 537506
Property setting corrected for On Join and Exclusion shapes in Expression Builder
Resolved in Pega Version 8.5
The properties for the defined page did not appear when using the type-ahead feature to select properties for the On Data Join and Exclusion shapes in Expression Builder. This was an issue related to the property being referenced for setting the context in the expression builder, and has been corrected.
SR-D67316 · Issue 541205
Cross-site scripting protection for PegaRULESMove_Skimming_Query
Resolved in Pega Version 8.5
Cross-site scripting protection has been added for input parameter toRSV of the activity PegaRULESMove_Skimming_Query.
INC-134046 · Issue 575238
database locking improved for login performance
Resolved in Pega Version 8.5
A slowness issue seen when trying to login to my.pega.com was traced to numerous database locks occurring on the pr_data_saml_authreqcontext table during the SAML flow. Analysis showed that while running Obj-Save on AuthRequestContext with 'OnlyIfNew' as false, the check caused a select query to run on the table to determine if the context was already there and insert it if it was not. To resolve this, the onlyIfNew check will default to true to avoid running the query; if the context is already present it will be overridden. Duplicate key exception handling has also been added to avoid any issues if a resave is done with same key.
SR-D96395 · Issue 555118
CDK key loading modified for better database compatibility
Resolved in Pega Version 8.5
Users were unable to log on to the system and received the error "There has been an issue; please consult your system administrator." Investigation showed the log errors stating "(dataencryption.DataKeyProvider) ERROR localhost - Could not get CDK from systemKeyManagementCache - System CDK is null". This was an issue specific to the MS SQL Server database when there were 6 or more CDKs in the database: CDK keys are loaded from database into Cache using an SQL statement which had the ORDER clause. By default, the ORDER clause treats NULL values differently on different databases, and this caused MS SQL databases to not load a necessary CDK key. To resolve this, the SQL query has been modified so the result will be the same for all supported daatbases (Oracle, Postgres & MS SQL Server).
INC-132209 · Issue 577000
CDK key loading modified for better database compatibility
Resolved in Pega Version 8.5
Users were unable to log on to the system and received the error "There has been an issue; please consult your system administrator." Investigation showed the log errors stating "(dataencryption.DataKeyProvider) ERROR localhost - Could not get CDK from systemKeyManagementCache - System CDK is null". This was an issue specific to the MS SQL Server database when there were 6 or more CDKs in the database: CDK keys are loaded from database into Cache using an SQL statement which had the ORDER clause. By default, the ORDER clause treats NULL values differently on different databases, and this caused MS SQL databases to not load a necessary CDK key. To resolve this, the SQL query has been modified so the result will be the same for all supported daatbases (Oracle, Postgres & MS SQL Server).