INC-148154 · Issue 602921
Hot Fix Manager updated to use installation order for schema import
Resolved in Pega Version 8.3.5
Schema changes were not being imported during the hot fix manager DL import process. Investigation showed this was due to hotfixes in the DL being iterated over from newest to oldest, causing older hotfixes to replace the value added to a map by the newer. To resolve this, the system has been updated to use hotfix install order, which considers selected and dependent hotfixes, rather than ordering newest to oldest. This ensures that newer table representations will override older rather than the other way around.
SR-D22505 · Issue 493366
Circumstancing template and definitions assembly modified to avoid calling RD
Resolved in Pega Version 8.4
After deploying a new rollout, errors such as "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY RULE-OBJ-REPORT-DEFINITION" and "You lack access required to execute RULE-OBJ-ACTIVITY RULE-OBJ-REPORT-DEFINITION" appeared. Investigation showed that during an unauthenticated session, executing Report Definitions or accessing database (with securityCheck enabled) are not allowed. When someone wants to use circumstanced rules during the custom authentication process, and if the circumstancing rules are not assembled yet, then assembly of the circumstanced rules triggers the assembly of circumstance template and definitions. During this process the system used Report definition, but since execution of RD is not allowed without authentication the assembly was failing. This has been resolved with two changes: the MergeDefintions activity which is invoked during assembly of CircumstanceTemplate : database.open() has replaced the pxRetrieverReportData activity (which invokes RD to fetch circumstances definitions), and the GetAllDefinitionRows activity which is invoked from MergeDefinitions : database.open has replaced Obj-open in step 3.
SR-D24900 · Issue 503875
Security update for RequestMap error logging
Resolved in Pega Version 8.4
In HttpAPI, the RequestMap contains Cookie information. In error conditions, this map gets logged. An update has been made to ensure that the Cookie value is not logged if there is an error.
SR-D27644 · Issue 497614
Uploaded attachments will receive a unique name to prevent overwriting
Resolved in Pega Version 8.4
An issue with an incorrect file being attached to a work object was traced to overlapping processes. When files are uploaded, they are first saved to common HDD directory and then read into memory and deleted from the HDD area. Files will overwrite other file carrying the same name, which is a problem if the first file is not completely uploaded and is waiting in the common directory and some other file with the same name is uploaded on top of it. To resolve this, an update has been made to ensure file names are appended with a unique identifier to distinguish between files carrying the same names and keep them from overwriting each other.
SR-D28083 · Issue 512937
DeleteOrphanStaticContent CacheConfigID populated on node startup
Resolved in Pega Version 8.4
The pzDeleteOrphanStaticContent activity which triggers to clear cache was unable to clear the files in the static content folder and in the database when the files were more than one week old. In order to correctly cleanup old static content, pzAsmCacheConfigID must be populated in py_sys_statusnodes. However, when SystemNodesDAO was introduced to populate pr_sys_statusnodes, pzAsmCacheConfigID was not populated. To resolve this, pzAsmCacheConfigID is now populated on node startup when node information is added to pr_sys_statusnodes.
SR-D28184 · Issue 497168
Verbose debug logging removed from LockUtils
Resolved in Pega Version 8.4
Verbose debug logging that had been added to the "LockUtils" class to print when the lock was acquired or released and include the associated stacktrace has now been removed as it interfered with diagnosing locking issues when threads were getting blocked.
SR-D28538 · Issue 502058
Corrected requestor status flag for direct map
Resolved in Pega Version 8.4
Numerous "Unable to create requestor" alerts were logged. This was traced to an error in HttpAPI where after retrieving the requestor from the internal requestor map directly, the requestor creation status flag was not set properly. This caused last action to post that alert instead of the correct notice of "existing requestor retrieved". This has been resolved so the flag reflects the correct status.
SR-D31066 · Issue 502254
Improved performance for "Show-HTML" in a grid with numerous controls
Resolved in Pega Version 8.4
‘Show-HTML’ was taking an excessive amount of time to render a UI for grid with a large number of controls. This was traced to the handling for generating and clearing markup creating an exponential growth situation, and has been resolved by modifying the system to remove redundant copies of a string in the markup string buffer.
SR-D31259 · Issue 502024
Passivation restoration will not continually re-queue on failure
Resolved in Pega Version 8.4
When an operator record was passivated with the Access Groups it had at that time, during restoration it attempted to validate it even if it had been removed. In this case, an Access Group with RuleSets and the Rule-Application to match was created and added to an operator record, then changes were made and the access group was removed from the operator record. The requestor was passivated and saved to the pr_sys_context table, and when the system tried to restore the requestor (the connected browser was left open), it started throwing exceptions because the access group it was trying to use no longer existed. The system continued to retry until a new session was started or the row was deleted from the pr_sys_context and the pr_page_store manually to remove the offending requestor that was now invalid. To resolve this, a layer has been added within the Passivation Daemon to better handle this failure case. NodeRequestorMgt has been updated to catch the PRRuntimeException explicitly and not re-queue activations that fail due to their root cause being an invalid configuration exception. By targeting only PRRuntimeExceptions which wrap InvalidConfigurationExceptions, this will fix this specific issue without impact to other cases.
SR-D33491 · Issue 511728
Code fragment removed to resolve CookieDisabledException
Resolved in Pega Version 8.4
After upgrade, a CookieDisabledException occurred after a post activity was invoked in the single sign-on (SSO) authentication service. This was traced to the site using the deprecated flag "redirectguests" as part of SSO-based login for mashup usecases. This flag was used to check if a cookiedisabled exception was thrown or not, and if there was no cookie, if a requestor was authenticated in first request. However, the flag has been removed as part of work done to omit the Cookie support check on Mobile App UAs. Code that supported the use of this flag remained after that work and led to the exception being generated, but has now been removed as well.