SR-D90687 · Issue 560431
IOException handling improved to resolve broken pipe errors
Resolved in Pega Version 8.4.2
Frequent "connection reset by peers" exceptions were being generated and broken-pipe exceptions were seen in the logs. Investigation traced the issue to unhanded IOExceptions on the server side that were a result of the client application not always closing the TCP connection gracefully. To resolve this, error handling for IOExceptions has been improved.
SR-D67408 · Issue 554900
Directory traversal blocked in zip import
Resolved in Pega Version 8.4.2
One of the files contained in a zip archive was not deleted from the system after zip import. This was due to the file being created by a third-party archive that included of a directory traversal character that caused it to be inflated outside of the temp directory. To resolve this, a check has been added to that a file with directory traversal characters in its name will not be inflated.
SR-D81572 · Issue 551028
JDBC URL handling added for Oracle over TCPS
Resolved in Pega Version 8.4.2
While attempting to upgrade an environment over TCPS, the generateDDL.sh script was failing. The same environment ran without issue on Tomcat with the same URL. Investigation showed the JDBC url was not correctly generated while running the upgrade: in a standard scenario, there will be no spaces in the JDBC URL specified. However, because Oracle can send spaces as part of JDBC URL and cause this issue, an update has been made which will quote the JDBC URL argument for the ant target in setupDDL.xml.
SR-D84364 · Issue 551403
Check for circular references added to SearchInventoryImpl to prevent recursive call
Resolved in Pega Version 8.4.2
An out of memory error was traced to SearchInventoryImpl infinitely recursing over a clipboard property, where the child property referenced a parent property and resulted in an endless loop. This has been resolved with the addition of a depth check to ensure that the search does not recurse infinitely.
SR-D85100 · Issue 556262
ProductInfoReader updated to fetch only most recent version information
Resolved in Pega Version 8.4.2
After upgrade, running Hfix scanner on Pega Marketing 8.2 displayed missed critical Hfixes for Pega Marketing 8.1. This has been resolved by modifying ProductInfoReader.runQuery to fetch only latest version of DAPF instances during a scan.
SR-D98404 · Issue 558207
Handling added for hotfix Rule-Application instances
Resolved in Pega Version 8.4.2
A null pointer error during DL file expansion performed as part of the second phase of a hotfix installation caused the hotfix install to fail. The null-pointer exception was thrown because the code, primarily used for export, performed a database lookup of a Rule-Application and assumed the response would be non-null without checking the result. During export the Rule-Application would normally exist because the system would have interacted with it already during the export by identifying it and writing it to the archive. During phased hotfix installation, rules are staged to the database in a different table during the first phase and reconstituted during the second phase. The scenario for this error was a missed corner case specific to the unusual combination of including Rule-Application instances in a platform hotfix. To resolve this and prevent further issues, handling has been added for this use case.
SR-D24900 · Issue 503873
Security update for RequestMap error logging
Resolved in Pega Version 8.3.1
In HttpAPI, the RequestMap contains Cookie information. In error conditions, this map gets logged. An update has been made to ensure that the Cookie value is not logged if there is an error.
SR-D27644 · Issue 497611
Uploaded attachments will receive a unique name to prevent overwriting
Resolved in Pega Version 8.3.1
An issue with an incorrect file being attached to a work object was traced to overlapping processes. When files are uploaded, they are first saved to common HDD directory and then read into memory and deleted from the HDD area. Files will overwrite other file carrying the same name, which is a problem if the first file is not completely uploaded and is waiting in the common directory and some other file with the same name is uploaded on top of it. To resolve this, an update has been made to ensure file names are appended with a unique identifier to distinguish between files carrying the same names and keep them from overwriting each other.
SR-D28184 · Issue 497165
Verbose debug logging removed from LockUtils
Resolved in Pega Version 8.3.1
Verbose debug logging that had been added to the "LockUtils" class to print when the lock was acquired or released and include the associated stacktrace has now been removed as it interfered with diagnosing locking issues when threads were getting blocked.
SR-D28538 · Issue 502056
Corrected requestor status flag for direct map
Resolved in Pega Version 8.3.1
Numerous "Unable to create requestor" alerts were logged. This was traced to an error in HttpAPI where after retrieving the requestor from the internal requestor map directly, the requestor creation status flag was not set properly. This caused last action to post that alert instead of the correct notice of "existing requestor retrieved". This has been resolved so the flag reflects the correct status.