SR-D20423 · Issue 503446
Improved upgrade handling for tables using classes with property references
Resolved in Pega Version 8.4
After upgrade, some page property values were blank and exposed database columns did not contain the values. Investigation showed that the reference properties did not have context and hence column population was not able to determine their value. To resolve this, instead of doing column population for all the columns, the system will identify classes that have property references and that are being optimized as part of upgrade process and maintain a list of specific columns to update.
SR-D21803 · Issue 502131
XSS protection added for embedded portal URI
Resolved in Pega Version 8.4
The URI used in the top window of embedded portals has been encoded to prevent DOM based XSS.
SR-D23862 · Issue 503897
Corrected test connection for LDAP AuthService using keystore
Resolved in Pega Version 8.4
When using a AuthService rule defined for LDAP using ldaps:// and a KeyStore rule that was defined to reference a local file in the server, the Test Connection button on the AuthService rule did not work and generated the following exception: "com.pega.apache.commons.httpclient.contrib.ssl.AuthSSLInitializationError: I/O error reading keystore/truststore file: null". Investigation showed that file reference keystore did not work with an LDAPS test connection because while run time used the LDAPVerifyCredentials activity, the design time validation used the activity “ValidateInfrastructure” which did not have the required code to support file reference keystore. This has been corrected.
SR-D25607 · Issue 495624
Added null-pointer exception handling to PegaInstaller
Resolved in Pega Version 8.4
When upgrading, the error "Error: java.lang.NullPointerException [java] at com.pega.pegarules.deploy.internal.exposecols.jobs.ExposeWrapper.runExposer" appeared and the installation would not proceed. Investigation showed that the null-pointer exception occurred because of class name validation not being performed at the right place. As the null-pointer exception occurred in the main class, it initiated thread pool executor shutdown. However, the consumer pool did not shutdown because it did not receive the correct specific producer message fto do so. This has been resolved by ensuring isValidClass is executed at the right place in ExposeWrapper.java to handle the null-pointer exception, and adding handling for the interrupt exception in consumer thread so that in case of any run time exceptions in the main thread, the consumer thread will not be stuck.
SR-D25711 · Issue 502136
Updated dependent role validation during rule deletion
Resolved in Pega Version 8.4
After checking out and attempting to private-edit the "PegaRULES:WorkMgr4" AR, the rule was still shown as checked out after the edit was discarded. This was a missed use case, as Private checkouts are generally not enabled for most of the customer rulesets. To resolve this, roles in private checkout and branch rulesets will be excluded from going through dependent role validation during rule deletion.
SR-D25972 · Issue 501483
Handling added for custom error message in post-authentication activity
Resolved in Pega Version 8.4
The error message in post authentication activity was always appearing as 'Login terminated because a post-authentication activity or policy failed' irrespective of the actual message being conditionally set in the activity based on post authentication logic. Investigation showed that the parameter page in the SSO post-authentication activity was not being passed to the 'pzShowAuthPolicyError' activity due to the post-authentication activity executing in authenticated context whereas the HTML fragment executed in the un-authenticated context. In order to support this use, post-authentication activity will set the error message on a predefined property and propagate that to the HTML fragment by appending the error message as a query parameter in the redirect exception URL post-authentication failure.
SR-D28034 · Issue 497839
Asynchprocessor generation code deprecated from distribution
Resolved in Pega Version 8.4
During a Pega Rules Upgrade of the environment, the error "duplicate key value violates unique constraint "pr_data_admin_pk" was observed. This exception originated from the "Upgrade Context" target while executing a query to fetch the missing ASYNCPROCESSOR requestors for all available system names, and was caused by the system attempting to insert a single ASYNCPROCESSOR requestor more that once in the shared layer. The need to generate missing requestors only applied for installations where a custom system name was provided to the deployment properties (setupDatabase), so by default the asyncprocessor generation code has been removed from the distribution as it is no longer required for upgrades. Default system behavior now is to use system-runtime-context in place of async requestors.
SR-D28342 · Issue 504972
ChatMashup loading issue with IDP resolved
Resolved in Pega Version 8.4
When using a harness containing chat scripts via Mashup that called an activity to set parameters, attempting to launch the Mashup from an external application failed on the first attempt: an incorrect URL was generated and the activity was not triggered, resulting in an empty harness. The second attempt to launch the Mashup worked as expected. This was seen when using an IDP initiated Login with query string - pyActivity= classname.ActivityName, and there was a workaround to use SP initiated login or to use the activity URL directly on the IDP portal. Investigation showed that the resourcePath was coming as http in SSL enabled system, but the reqURI was still https. To correct this, the system has been updated so that if the reqContextURI starts with https and the requestURL starts with http, then the requestURL will be converted to https.
SR-D28460 · Issue 509366
Added timeout handling for non-PRAuth servlets
Resolved in Pega Version 8.4
After logging in via external authentication service (SAML Single Sign On) and setting up a timeout in the access group RuleForm, when the user performed any action and the server identified the request to be timed-out, it was expected that a SAML request would be sent from the browser to the external Authentication Server (referred as IDP) and the flow would proceed from there. This worked as expected for a non-AJAX request. To resolve this, handling has been added for timeout when using non-PRAuth authentication services.
SR-D28719 · Issue 505968
Null archive check added to set import process status
Resolved in Pega Version 8.4
After running a 'prpcServiceUtils.sh import' which failed due to a low-level null pointer error, the job "IMPORTREQUEST-2" then incorrectly showed the status as 'IN PROGRESS' instead of 'FAILED'. In this case, the null-pointer exception occurred because two imports were unintentionally happening at the same time: the process copied up the same set of archives to the service export directory, but the first import processed an archive and deleted it so that the second process failed to find it. When it exited with the null-pointer exception, the status was not set to 'failed'. To resolve this, a null archive check has been added which will set the status to 'failed' if the archive is unsupported, corrupt, or not there at all.