INC-141940 · Issue 601543
Revoke Access Token check removed from OAuth Client Registration
Resolved in Pega Version 8.4.4
When client credentials were implemented, the OAuth 2.0 Client Registration form was designed such that once the instance was created and a token issued, the access tokens were deleted on save. Process changes now indicate that it should be possible to save the form because it may only have History Description/Usage changes made to it and Revoke Token and Regenerate Secret buttons are already available. To address this, the Revoke Access Token check has been removed from the validate activity of Client Registration.
INC-144591 · Issue 601611
Oauth and beanutils jars upgraded
Resolved in Pega Version 8.4.4
The third party Oauth2 jars and commons-beanutils jar have been updated to the latest versions.
INC-144597 · Issue 598307
Updated handling for MT query of pr_data_admin table
Resolved in Pega Version 8.4.4
When using a multi-tenant environment with Oracle, as the number of users in the environment increased, the number of queries of the pr_data_admin table "WHERE pyEnableAuthService" increased exponentially and causes system slowness. This was traced to missed handling for the @ character in the authentication service cache while requesting, and has been resolved by updating authservicecache.java.
INC-145033 · Issue 599482
ForgotPassword responses made consistent
Resolved in Pega Version 8.4.4
To prevent possible exposure of valid usernames, the ForgotPassword logic has been updated so that it will show the same messages and set of screens to both valid and invalid users if a lost password request is made.
INC-146434 · Issue 602740
Accessibility added to Security Event Configuration headers
Resolved in Pega Version 8.4.4
Labels for the headers in the Security Event Configuration screen have been converted to dynamic layout headers so they will be detected by JAWS screen reader.
INC-146921 · Issue 601638
Cross-site scripting update for Dev Studio
Resolved in Pega Version 8.4.4
Cross Site Scripting (XSS) protections have been added to Developer Studio.
INC-154627 · Issue 619570
Re-enabled users are able to log in
Resolved in Pega Version 8.4.4
When disabled operators were re-enabled through operator management, the forced password change on next login was manually unchecked but the operators were unable to login because the change password screen was displayed without any password entry fields. This was a missed use case for handling the change password flag on a requestor , and has been resolved by having the system skip setting the change password on next login flag for disabled users.
INC-151185 · Issue 618729
OptimizeForLargeResults flag set in BasicListSpecification to avoid OOM
Resolved in Pega Version 8.4.5
As soon as dedicated indexing started for a data type, the JVM heap occupation went beyond 99 and eventually caused a system crash due to an out of memory error. This was traced to the use of the BasicListSpecification API for retrieving results from the database always having the autocommit mode on, which loaded all instances for indexing into memory and interfered with PostgreSQL's cursors (query encapsulation). This has been resolved by adding an OptimizeForLargeResults flag that will be set to on in the BasicListSpecification activity before fetching the keys from the database.
INC-151293 · Issue 630345
Out of memory condition resolved for BIX extraction
Resolved in Pega Version 8.4.5
A node was going down automatically during execution of a BIX Extract rule when working with old objects. Investigation showed this was related to an out of memory error: the work object had nested page lists, and when one of the page lists contained a propertylist which contained more records, the system was trying to add entries to the LinkedList if any properties were missing the reference during extraction. Because LinkedList allowed duplicates, it filled with enough errors to cause the out of memory condition. To resolve this, LinkedList has been replaced with LinkedHasSet, which does not allow duplicates.
INC-152108 · Issue 622371
Logic updated for exporting customized multi-column report definition
Resolved in Pega Version 8.4.5
While attempting to perform an export to Excel for the results of a report definition which had two custom functions for two columns, the error "PRRuntimeException: Section 'pzRDExportWrapper' execution error on page '' of class 'Rule-Obj-Report-Definition'. : The Reference .pyTextValue(2) is not valid. " was logged. The export worked if either one of the columns was removed or if "Display values across columns" in the column settings was unchecked. This has been resolved by updating the logic in PivotTableDataGridGenerator for rowheaders to handle using DisplayValuesacrossColumns with FunctionAliases when not checked on in sequence.