INC-137317 · Issue 585402
Security improved for searches
Resolved in Pega Version 8.5.1
Authentication requirements have been added to activities associated with searching.
INC-125641 · Issue 573384
Column Filter working with class join
Resolved in Pega Version 8.5.1
When a class join was configured in the report definition and the report was edited to include new columns from the joined class, a "Filter condition invalid" error appeared in the tracer after adding a filter condition to a new column. This was only observed when the property added was a decimal property, and did not happen for a text property. The filter worked as expected after re-saving the property in the report definition in Designer Studio. This was traced to the data type being passed as "DECIMAL" for decimal fields, which did not match the logic used to set the filter value, and has been resolved.
INC-132169 · Issue 584759
NativeSQL will use inline rule resolution for core components
Resolved in Pega Version 8.5.1
After upgrade, nodes were going down with a heartbeat error. This was traced to issues with NativeSQL taking a very long time to generate queries due to the overhead in calling multiple complex functions to resolve rules. To correct this, updates have been made to resolve the standard set of functions used by core components inline in NativeSQL function resolution.
INC-135849 · Issue 582939
Encrypted SOAP response token generation updated
Resolved in Pega Version 8.5.1
After configuring a SOAP service that used signature and encryption on the response, the response being created was incorrect and could not be decrypted by the receiver. Investigation showed that the API used to generate the SOAP headers was not setting the wsse11:TokenType element, causing receivers which enforce BSP compliance to fail. This has been resolved by modifying the custom webservices-rt-pega2 jar to set the token type in the case of a response encryption policy.
INC-138354 · Issue 584722
Handling added for samesite cookies with httpOnly
Resolved in Pega Version 8.5.1
After enabling samesite cookies on Google Chrome to support Mashup login, intermittent issues were seen with a non-mashup login where entering the OperatorID and password only resulted in a refresh of the login screen. This was traced to a scenario where an httponly cookie attribute was present along with samesite cookie attributes, and has been resolved by adding handling for a condition where samesite is set and httpOnly is enabled.
INC-130145 · Issue 582855
Null checks added for the presence of roles and dependent roles
Resolved in Pega Version 8.5.1
Frequent Null Pointer errors were being generated relating to SecurityAnalysisForSecurityAdministratorsTask.getCurrentSecurityTaskDetails(). Investigation showed that the Origin and Stack trace tabs were empty, leading to the obj-open of the role failing when the role was not available in the system being utilized. This has been resolved by adding a series of null checks for role existence and dependent roles existence.
INC-139867 · Issue 588757
Additional security for encrypted passwords
Resolved in Pega Version 8.5.1
Handling and cleanup has been updated for encrypted values to enhance security.
INC-134315 · Issue 578366
Resolved 400 error on second browser session
Resolved in Pega Version 8.5.1
When accessing application URLs in two tabs of a browser window, logging into the second session was throwing a 400 invalid request. This has been resolved by adding specified activities to an allow list which will bypass URLObfuscation in un-authenticated mode. Non-listed activities will be processed using URLObfuscation if it is enabled.
INC-130500 · Issue 580623
Cross-site scripting protections updated for authorization
Resolved in Pega Version 8.5.1
Cross-site scripting protections have been updated for various URLs associated with authorization.
INC-130304 · Issue 567923
Retry logic added for downloading upgraded rules
Resolved in Pega Version 8.5.1
A Rules upgrade failed while downloading applications from the maintenance server due to an SFTP server connection failure. This has been resolved by adding logic to retry if the first connection attempt fails.