Resolved Issues

UseSSL correctly set for password reset email

Email was not being sent as part of the password reset functionality for Agile Studio when the email account was set to use SSL. An EmailClientException was logged. This was traced to the 'forgot password' flow reading .pyUseSSL as false, and has been resolved by setting pyUseSSL from the email account page.

Context updated for IACAuthentication activity trace

After upgrade, tracing the IACAuthentication activity was not working. Investigation showed that the context object had a null tracer value, which has been resolved by updating the system so the tracer runs with the correct context.

Resolved 400 error on second browser session

When accessing application URLs in two tabs of a browser window, logging into the second session was throwing a 400 invalid request. This has been resolved by adding specified activities to an allow list which will bypass URLObfuscation in un-authenticated mode. Non-listed activities will be processed using URLObfuscation if it is enabled.

Added handling for password containing a colon on Pega Client for Windows

If a password included a colon (:), it was possible to log in on the desktop but not Pega Client for Windows. This was due to authentication files specific to the Windows mobility client, and handling has been added to resolve the issue.

Invalid redirect URI logging changed from error to warn

The Pega Mobile client was reporting an Invalid redirect URI error triggered by the OOTB AuthorizationService. This warning is not an error, and the log method has been changed form error to warn.

New security role added to restrict access to development-specific classes

A new security role and related RAROs have been implemented to allow better security for end users on non-BAC systems. This restricts access to Rules and execution of activities on classes that are development-specific.

Updated handling for MT query of pr_data_admin table

When using a multi-tenant environment with Oracle, as the number of users in the environment increased, the number of queries of the pr_data_admin table "WHERE pyEnableAuthService" increased exponentially and causes system slowness. This was traced to missed handling for the @ character in the authentication service cache while requesting, and has been resolved by updating authservicecache.java.

Property check handling updated for Ajax requestor

SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.

PRTraceServlet security check added

Modifying the Pega application URL with PRTraceServlet displayed multiple user credentials and session information. This has been corrected with the addition of a privilege check in GetConnectionListCommand before allowing the connections list to be fetched.

Enhancements added to S3 repository implementation

The following changes have been made to avoid redundant/unnecessary S3 SDK calls to look-up metadata for files/folders related to integrated S3 Repository API implementation:

 - Provided storage/AWSSDK/enableSDKMetrics DASS to enable AWS SDK metrics for S3 repositories system-wide to troubleshoot performance issues
 - Added timers for Pega platform repository APIs. To see these timers in Pega application log, set log level to WARN for the log category pxIntegration.Repository.S3 and set log level to DEBUG for the logger com.amazonaws.latency
 - Optimized FileS3Adapter.getMetadata() by avoiding object-metadata lookup for directories and caching rootpath directory metadata for 5 mins
 - Handled exceptions while uploading file to S3 bucket and convey appropriate error message to RepositoryManager.createFile() API consumer
 - Refined DEBUG logging and introduced new loggers to emit stacktraces
 - Enhanced RepositoryManager.initCache() and  FileStorageManager.registerStorageClasses() to maintain non-overridable repositories (that are initialized based on DASS/DNode settings on node start-up) and to prohibit overriding the same.