Skip to main content
circle-square
Outline Circle
square-square
Little Circle
square-square
Little Circle

Resolved Issues

View the resolved issues for a specific Platform release.

Go to download resolved issues by patch release.

Browse release notes for a selected Pega Version.

NOTE: Enter just the SR ID number in order to find the associated Support Request.

INC-137874 · Issue 599131

Cross-site scripting update for Dev Studio

Resolved in Pega Version 8.4.4

Cross Site Scripting (XSS) protections have been added to Developer Studio.

INC-140224 · Issue 604006

Corrected SAML SSO error

Resolved in Pega Version 8.4.4

After opening a case from the Pega-FCM portal or after logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint %27pr_data_saml_requestor_PK%27. Cannot insert duplicate key in object". This was a missed use case that happens only under the old SAML configuration, and has been resolved by removing a when condition that checks for stepstatus fail for the pySAMLwebSSOAuthentication activity.

INC-141595 · Issue 602715

CSRF and Browser fingerprint tokens added for testing custom scripts

Resolved in Pega Version 8.4.4

After upgrade, the test window appeared blank when attempting to test Decision Table rules. This was traced to there not being CSRF token and Browser fingerprint handling in the custom script used to show a prompt screen to the user. Because the CSRF token validation was missing, the request failed. To resolve this, CSRF and Browser fingerprint tokens have been added as hidden fields.

INC-141940 · Issue 601543

Revoke Access Token check removed from OAuth Client Registration

Resolved in Pega Version 8.4.4

When client credentials were implemented, the OAuth 2.0 Client Registration form was designed such that once the instance was created and a token issued, the access tokens were deleted on save. Process changes now indicate that it should be possible to save the form because it may only have History Description/Usage changes made to it and Revoke Token and Regenerate Secret buttons are already available. To address this, the Revoke Access Token check has been removed from the validate activity of Client Registration.

INC-144591 · Issue 601611

Oauth and beanutils jars upgraded

Resolved in Pega Version 8.4.4

The third party Oauth2 jars and commons-beanutils jar have been updated to the latest versions.

INC-144597 · Issue 598307

Updated handling for MT query of pr_data_admin table

Resolved in Pega Version 8.4.4

When using a multi-tenant environment with Oracle, as the number of users in the environment increased, the number of queries of the pr_data_admin table "WHERE pyEnableAuthService" increased exponentially and causes system slowness. This was traced to missed handling for the @ character in the authentication service cache while requesting, and has been resolved by updating authservicecache.java.

INC-145033 · Issue 599482

ForgotPassword responses made consistent

Resolved in Pega Version 8.4.4

To prevent possible exposure of valid usernames, the ForgotPassword logic has been updated so that it will show the same messages and set of screens to both valid and invalid users if a lost password request is made.

INC-146434 · Issue 602740

Accessibility added to Security Event Configuration headers

Resolved in Pega Version 8.4.4

Labels for the headers in the Security Event Configuration screen have been converted to dynamic layout headers so they will be detected by JAWS screen reader.

INC-146921 · Issue 601638

Cross-site scripting update for Dev Studio

Resolved in Pega Version 8.4.4

Cross Site Scripting (XSS) protections have been added to Developer Studio.

INC-154627 · Issue 619570

Re-enabled users are able to log in

Resolved in Pega Version 8.4.4

When disabled operators were re-enabled through operator management, the forced password change on next login was manually unchecked but the operators were unable to login because the change password screen was displayed without any password entry fields. This was a missed use case for handling the change password flag on a requestor , and has been resolved by having the system skip setting the change password on next login flag for disabled users.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us