Skip to main content
circle-square
Outline Circle
square-square
Little Circle
square-square
Little Circle

Resolved Issues

View the resolved issues for a specific Platform release.

Go to download resolved issues by patch release.

Browse release notes for a selected Pega Version.

NOTE: Enter just the SR ID number in order to find the associated Support Request.

INC-155276 · Issue 622816

Null check added for step page

Resolved in Pega Version 8.3.6

After creating and adding new Access Roles and application 'Access When' to the privileges instead of Production level, during run time the error "runtime.IndeterminateConditionalException: Trying to evaluate Rule-Access-When conditions L:IsProdAccess when there is no page to evaluate them against" appeared for the specific privileges. This was traced to a missed use case where the system falls back to the step page if the page for evaluating the 'when' condition is null, which did not account for scenarios where the step page can be null. To resolve this, a null check has been added which will fetch the primary page if the step page for the access 'when' condition is null.

INC-156647 · Issue 626293

Improved disconnected requestor cleanup for FieldService

Resolved in Pega Version 8.3.6

A large number of requestors from FieldService with the status as 'Disconnected' were accumulating and causing performance issues. This was traced to the requestors not getting passivated due to users not logging out and new requestors being created for the same users next time, and was caused by the value of the DSS Initialization/PersistRequestor being set as "OnTimeout". When the DSS prconfig/timeout/browser/default is not configured, the default browser requestor timeout is 60 minutes. In this scenario, requestors were not passivating as the requestor passivation timeout was set to the refresh token lifetime for mobile users, which was very large and overwrote the DSS value. This has been resolved by removing the code which set the passivation timeout to the OAuth2 refresh token lifetime.

SR-A12775 · Issue 236646

ChangePassword screen now allows custom messages

Resolved in Pega Version 7.2.1

The pzChangePassword activity has been enhanced to allow customizing the change password screen

SR-A14879 · Issue 232530

Improved security for JSON stack

Resolved in Pega Version 7.2.1

To increase security, the response to invalid JSON input will display a generic InvalidStream message rather than the full class name and method name. The complete information will be available in the log.

SR-A15922 · Issue 231258

Support added for cleartext passwords in Snapstart

Resolved in Pega Version 7.2.1

When posting credentials from an external source, the code makes the assumption that the Password value is encoded and therefore it is decoded prior to being handed to the authentication activity in Pega. This is not always the case. If the Password value is passed as clear text the result in the activity is garbled. This creates problems when subsequent authentication is attempted to an external source. To support this handling, a new DASS 'authentication/Snapstart/pwddecode' has been added. When the setting is false, the password is not decoded in Snapstart cases and will necessitate a cleartext password.

SR-A16543 · Issue 235300

Resolved Interaction Portal unexpected close

Resolved in Pega Version 7.2.1

In Google Chrome, launching a secondary portal and encountering a Content Security Policy issue relating to an image caused the secondary portal to automatically close and the developer portal to be refreshed. This was an issue with a mismatch in the pyrequestor token, and has been corrected.

SR-A16960 · Issue 233576

Predictive Analytics rulesets excluded from RSA

Resolved in Pega Version 7.2.1

The Pega-provided Predictive Analytics rulesets were being incorrectly being checked and flagged by the Rule Security Analyzer. The PAD rulesets have now been properly excluded from the RSA check, and further analysis was done to find and fix other RSA flags that should have been excluded.

SR-A19297 · Issue 237347

Added ability to set custom HTTP security headers

Resolved in Pega Version 7.2.1

XSS protections were interfering with the ability to set custom HTTP headers. To enable this, the system will use dynamic system settings from http/responseHeaders and add them to every HTTP response.

SR-A21378 · Issue 245075

Resolved Interaction Portal unexpected close

Resolved in Pega Version 7.2.1

In Google Chrome, launching a secondary portal and encountering a Content Security Policy issue relating to an image caused the secondary portal to automatically close and the developer portal to be refreshed. This was an issue with a mismatch in the pyrequestor token, and has been corrected.

SR-A22198 · Issue 244738

Empty access groups handling added for organizational instance

Resolved in Pega Version 7.2.1

If an unauthenticated access group was configured in the organizational instance, errors occurred because the organization instance access groups are only considered for session authorization once the user is authenticated. This will now be handled through a validate activity change in the Data-admin-organization to honor the emptiness of access groups

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us