Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Go to download resolved issues by patch release.

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

SR-D23239 · Issue 499591

Support added for multi-operator SAML logins

Resolved in Pega Version 8.4

When a SAML user logged in by Single Sign-On (SAML), the system processed the login to portal as a different operator if there was a function on the Attribute field under Operator identification in the SAML authentication service. In this scenario, using an expression for operator provisioning did not work because all SAML login sessions resolved to same first operator due to parseAndEvaluateExpression() in ExpressionHelper.java ignoring new expression arguments if the expression page already existed. To support the use of multiple operator logins in this format, the system has been updated to clone a new expression page for every session and update it with the correct expression arguments.

SR-D31734 · Issue 515657

XSS protection added for parameter page properties

Resolved in Pega Version 8.4

An XSS vulnerability was seen with the Edge browser when run on visibility on client check was enabled with dynamic layouts and some properties were accessed from parameter page. Because run on visibility on client check is not required in this scenario, is has been removed and the values will be accessed from the server instead.

SR-D47685 · Issue 514647

Cookie logging restored

Resolved in Pega Version 8.4

As part of security updates, Cookies were restricted from being logged. However, this caused some business use cases such as a custom function call to obtain the list of cookies that are present in the application to stop working. To resolve this, the cookie logging restriction has been reverted.

INC-157095 · Issue 638807

Enhancement added for tenant-level authentication

Resolved in Pega Version 8.5.4

In a multi-tenant PDC with a few tenants that utilize their own custom SSO, a pre-authentication activity inside a tenant that should block community access was also affecting tenants that did not have that pre-auth activity set. This was a missed use case and has been resolved by adding a tenantId hash in SchemePRAuth.makeUniqueSchemeName() to create the authServiceName.

INC-161260 · Issue 634051

Enhanced logging for CBAC policies

Resolved in Pega Version 8.5.4

Additional logs have been added to assist in easier debugging of any configuration issues with CBAC policies.

INC-161660 · Issue 633030

Authorization token handling and cleanup improved

Resolved in Pega Version 8.5.4

When using a mobile app configured with default authentication, clicking on the "Trouble logging in?" link opened a new window and displayed the message "please contact your system administrator" along with the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY CODE-SECURITY PZGETAUTHORIZATIONCODE". This has been resolved. In addition, the OAuth token generation and handling has been improved, and the purge agent has been updated to accept a DSS setting for the max number of expired records to purge each time it is run. The default value is 5000.

INC-162434 · Issue 640052

LookUpList correctly executes during SSO login with model operator

Resolved in Pega Version 8.5.4

After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.

INC-163201 · Issue 646911

BrowserFingerprint updated

Resolved in Pega Version 8.5.4

Security improvements have been added to the browser fingerprint process.

INC-168837 · Issue 646973

CSRF token updated for use with OKTA login

Resolved in Pega Version 8.5.4

An issue seen while connecting via OKTA has been resolved by updating the CSRF token validation for use with IDP initiated SSO login.

INC-169310 · Issue 649713

Cache check added for SQL queries

Resolved in Pega Version 8.5.4

When performing load testing, a high number of gets were seen for some SQL Queries. In order to improve performance, a check has been added in GlobalTrustStoreCacheImpl.java to assess whether the cache has been initialized or not.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us