SR-D96368 · Issue 555742
10 minute cap added to lockout time interval for failed logins
Resolved in Pega Version 8.4.2
After a certain number of failed attempts, there is a process that locks out the operator for a time interval. When the interval has expired and the operator is able to try again, the next "lockout" uses a time interval double the prior size. Previously, this was able to grow without any restriction. In order to improve effective requestor management, an upper limit has been added for maximum lockout period. The default has been set at 10 minutes or 600 seconds, but this may be configured using the DSS : authPolicy/delay/maxDelay in the Ruleset: Pega-Engine. The value is set in seconds: if the value specified in the DSS is greater than 600 seconds, then the maximum lockout period will fall back to 600 seconds (10 minutes).
SR-D96395 · Issue 555119
CDK key loading modified for better database compatibility
Resolved in Pega Version 8.4.2
Users were unable to log on to the system and received the error "There has been an issue; please consult your system administrator." Investigation showed the log errors stating "(dataencryption.DataKeyProvider) ERROR localhost - Could not get CDK from systemKeyManagementCache - System CDK is null". This was an issue specific to the MS SQL Server database when there were 6 or more CDKs in the database: CDK keys are loaded from database into Cache using an SQL statement which had the ORDER clause. By default, the ORDER clause treats NULL values differently on different databases, and this caused MS SQL databases to not load a necessary CDK key. To resolve this, the SQL query has been modified so the result will be the same for all supported daatbases (Oracle, Postgres & MS SQL Server).