Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Go to download resolved issues by patch release.

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please note: beginning with the Pega Platform 8.7.4 Patch, the Resolved Issues have moved to the Support Center.

INC-128533 · Issue 588007

Property check handling updated for Ajax requestor

Resolved in Pega Version 8.6

SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.

INC-130703 · Issue 597254

Operator provisioning on authentication service corrected

Resolved in Pega Version 8.6

When operator provisioning was triggered on user login via authentication service, the error "ModelOperatorName is not valid. Reason: declare page parameters not supported by PropertyReference" was generated. This was traced to optimization work that had been done on the expression evaluation for operator identification, and has been resolved by adding the required GRS Syntax support in the Operator Provisioning section in SAML and OIDC.

INC-133518 · Issue 592228

Context updated for IACAuthentication activity trace

Resolved in Pega Version 8.6

After upgrade, tracing the IACAuthentication activity was not working. Investigation showed that the context object had a null tracer value, which has been resolved by updating the system so the tracer runs with the correct context.

INC-134808 · Issue 590712

Property check handling updated for Ajax requestor

Resolved in Pega Version 8.6

SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.

INC-137709 · Issue 584981

New security role added to restrict access to development-specific classes

Resolved in Pega Version 8.6

A new security role and related RAROs have been implemented to allow better security for end users on non-BAC systems. This restricts access to Rules and execution of activities on classes that are development-specific.

INC-137873 · Issue 596157

Java injection security updated

Resolved in Pega Version 8.6

Protections have been updated against a Java injection.

INC-137874 · Issue 599128

Cross site scripting update for Dev Studio

Resolved in Pega Version 8.6

Cross Site Scripting (XSS) protections have been added to Developer Studio.

INC-139084 · Issue 626647

Improvements for Report Definition OperatorID filtering

Resolved in Pega Version 8.6

Report Definition filters were not working as expected when data from the OperatorID page was used and authentication was enabled. This was traced to the OperatorID page not being correctly populated. To resolve this, the authentication logic has been modified to always create the OperatorID page at requestor level, and the HTTP API layer has been updated to remove the thread level OperatorID page if exists. In addition, an enhancement has been added for improved debugging on log appenders provided by log4j which allows log filtering based on the requestor and thread for a given appender at a specific log level.

INC-139867 · Issue 588758

Additional security for encrypted passwords

Resolved in Pega Version 8.6

Handling and cleanup has been updated for encrypted values to enhance security.

INC-140101 · Issue 597635

System will attempt to decrypt data ending in "+"

Resolved in Pega Version 8.6

Encrypting and decrypting one specific email address was not working properly when showing on the UI. It was possible to force a decryption using decryptproperty, but Pega generated an error. This was due to the actual encrypted value ending with '+', which conflicted with a system check that skips decryption if the encrypted property value ends with + . To resolve this, the system will attempt to decrypt the property even when encryptedText ends with + .

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us