INC-130304 · Issue 567924
Retry logic added for downloading upgraded rules
Resolved in Pega Version 8.1.9
A Rules upgrade failed while downloading applications from the maintenance server due to an SFTP server connection failure. This has been resolved by adding logic to retry if the first connection attempt fails.
INC-130695 · Issue 587659
Enhancements for upgrading in multi-tenant environment
Resolved in Pega Version 8.1.9
Some muti-tenant installations use the same applications or rule instances with the same pzInsKeys for different tenants. This can cause upgrades to time out due to the system fetching all pzInsKeys (which will have duplicates) and working with them in a default batch size of 500 each over 4 threads. This led to the same keys potentially being allocated and processed in different threads, resulting in duplicate processing and timeouts. This has been resolved by updating the select query to fetch the tentantid and pzInskeys in the MT system to avoid duplicate work in multiple threads. In addition, running Generate Declarative indexes fetches the pzinskeys and generates indexes for each record, but before generating, the existing index for the record is deleted and then inserted. Because the delete query to generate the index was not tenant aware, all of the records for the key were deleted for the tenants for that key, but the new index was created only in one tenant. This has been resolved by enhancing the DELETE query to be tenant aware, which will avoid deleting the indexes for all the tenants given an index key.
INC-132218 · Issue 573359
Resolved buffer overflow for Migration loadDatabase
Resolved in Pega Version 8.1.9
A Rules upgrade failed in the Migration step at loadDatabase stage, involving the move of all the table records from old schema to new schema. This was traced to the inability of Migration to load blob of sizes more than 100 MB, and has been resolved by updating Migration to use byte[] to read the blob content with the help of metadata that contains blob length.
INC-133202 · Issue 574701
TableRenameUtil hashing improved
Resolved in Pega Version 8.1.9
During index name generation, the algorithm that was responsible for index name uniqueness was sometimes insufficient and cerated a loop condition. This has been resolved by using a stronger hash algorithm and refactoring the code that could result in a loop.
SR-D84364 · Issue 551402
Check for circular references added to SearchInventoryImpl to prevent recursive call
Resolved in Pega Version 8.1.9
An out of memory error was traced to SearchInventoryImpl infinitely recursing over a clipboard property, where the child property referenced a parent property and resulted in an endless loop. This has been resolved with the addition of a depth check to ensure that the search does not recurse infinitely.
SR-D46133 · Issue 534651
Colon in folder or file name will be replaced with underscore during unzip
Resolved in Pega Version 8.4.1
After creating a product file (zip), attempting to import the same file into an updated system resulted in an exception. Investigation showed that in this case the zip file was a Product rule form which had applications packaged with a colon(:) in the name of the application, a format that was allowed in 6.x versions. Because Windows machines restrict creating creating any folder or file with : in its name, the zip file could not be inflated as part of the import process. To resolve this, the system has been updated so that a colon(:) will be replaced by underscore(_) during inflate operations.
SR-D52604 · Issue 548062
Stream Registration deprecated and replaced
Resolved in Pega Version 8.4.1
Previously, Stream Registration, which was added as an extra layer of protection during the display of stream rules, automatically registered any streams being used in the context and checked this registry during reloadSection/reloadHarness calls to prevent Broken Access Control attacks. However, only an alert was thrown and no further action was being taken on it. With platform added support for URL Tampering, Stream Registration is no longer required and has been deprecated. The URL Tampering function has the capabilities to register for auto/non-auto rules and configure whether to display warning or reject the request for all the activities, and not just the stream rules. Note that URL Tampering will do registration/validation only when security/rejectTamperedRequests is explicitly set to true.
SR-D64523 · Issue 545672
Stream Registration deprecated and replaced
Resolved in Pega Version 8.4.1
Previously, Stream Registration, which was added as an extra layer of protection during the display of stream rules, automatically registered any streams being used in the context and checked this registry during reloadSection/reloadHarness calls to prevent Broken Access Control attacks. However, only an alert was thrown and no further action was being taken on it. With platform added support for URL Tampering, Stream Registration is no longer required and has been deprecated. The URL Tampering function has the capabilities to register for auto/non-auto rules and configure whether to display warning or reject the request for all the activities, and not just the stream rules. Note that URL Tampering will do registration/validation only when security/rejectTamperedRequests is explicitly set to true.
SR-D66521 · Issue 536140
Logout Redirect updated to handle special characters in IDP parameters
Resolved in Pega Version 8.4.1
When using "HTTP Redirect" in Authentication Service, the Logout Redirect service was failing due to the query parameter name containing "_" (underscore). This was traced to IDP sending parameters to assertion consumer service or logout request endpoint with names which contained any special characters, as the system was trying to put those key values on the parameter page for additional processing. To resolve this, the system has been updated to suppress exceptions when the parameters from IDP includes special characters.
SR-D70872 · Issue 545858
Kerberos authentication parameters propagated for deployment
Resolved in Pega Version 8.4.1
Attempting to perform a deployment using Kerberos authentication to an Oracle database failed with an authentication error. This was traced to the java system properties (for example, -Dname=value) required by the Oracle JDBC driver for Kerberos authentication intermittently not being set when connections were being made to the database. When they were not being set, the connection would fail due to authentication. This has been resolved by ensuring the java system properties (-D's) that were provided to the 'custom.jvm.properties' property in the collection of deployment related *.properties files are being propagated to every part of the deployment scripts.