Pega Infinity™ includes an industry-standard patch release process to simplify and maintain high-quality releases. Several cumulative patches are released a year for each release stream. The Resolved Issues page contains information about client-reported issues that have been addressed for the specific release.
For a complete set of the Resolved Issues for this release, download the PDF attachment at the bottom of this page. (Note that you must be logged in to access the attachment.)
As part of Pega's long-term security strategy, AI-assisted scanning has been implemented on a proactive basis. Pega strongly encourages all clients to stay current on the latest product versions, where security enhancements, patching, and hardening improvements are delivered.
Fixed issues with update impact
-
CORS allowed origin restrictions
- Beginning in Pega Platform release 24.2.5, allowed origins must include the HTTP protocol (http:// or https://) with the domain entry in the CORS Rule form. Additionally, there are new wildcard restrictions in effect.
- Update impact
-
At runtime, Pega Platform prepends
https://to existing allowed origins that are not configured with http:// or https://. If you intend to allowhttp://origins, you must explicitly list those origins with the http:// protocol. Allowed origins with https:// blockhttp://origins.Additionally, there are new wildcard restrictions in effect, including rejecting at runtime a configuration that uses * as an allowed origin with the Allow credentials checkbox selected, among other restrictions. This affects scenarios that depend on cross-origin requests, including API access and application access through browser-based login flows.
Review all of the new wildcard restrictions and update your CORS Rules as needed. If your environment uses an external identity provider for user access, make sure the identity provider’s origin is explicitly included in the allowed origins list before updating. For more information, see Creating a cross-origin resource sharing policy.
Also review any Endpoint-CORS policy mappings that reference the affected CORS policies. For more information, see Mapping an endpoint to a cross-origin resource sharing policy.
-
SAML Reject unsigned assertion checkbox removed
-
Beginning in Pega Platform release 24.2.5, the Reject unsigned assertion checkbox is removed from new and existing SAML authentication service Rule forms to support SAML signature verification and a secure-by-default posture. The checkbox was introduced in Pega Platform version 7.3 and was not selected by default for SAML authentication service Rules created before Pega Platform version 8.3.5. When the Reject unsigned assertion checkbox was not selected, Pega Platform accepted unsigned SAML responses that attackers could forge to bypass SAML authentication.
- Update impact
-
Pega Platform now verifies the signatures in the SAML authentication flow for all SAML authentication service Rules. When both the SAML assertion and response are unsigned, or when they are signed with invalid signatures, the login fails with the following error message: Unable to process the SAML WebSSO request : Caught Exception while validating SAML2 Authentication response protocol : Invalid SAML security. Expecting the SAML assertion to be signed.
If either the SAML assertion or response is unsigned (or signed with an invalid signature) but the other is signed with a valid signature, the login succeeds and Pega Platform logs a security event:- If the response has a valid signature but the assertion is unsigned or signed with an invalid signature, the security event is SAML login accepted with unsigned assertion.
- If the assertion has a valid signature but the response is unsigned or signed with an invalid signature, the security event is SAML login accepted with unsigned response and signed assertion.
Low-code Application Development
Case Management
24.2.5 Patch Resolved Issues for Case Management
| Ticket # | Issue # | Title | Description | Product Area |
|---|---|---|---|---|
| INC-C46548 | 961849 | Wait shape error with duplicate stage names fixed | Parent-child case configurations were encountering Constellation errors displaying "An internal error occurred, Please contact administrator" when submitting parent cases. This was caused by wait shape configurations where child and parent stages had identical stage names and the parent next stage used a screen flow. This has been resolved by correcting the stage name conflict handling in wait shape processing. | Case Management |
| INC-C54505 | 979434 | Database schema capacity expanded for instance identifiers | The system was rejecting or truncating longer instance identifier values during database operations, causing persistence failures when working with cases or rules exceeding the value capacity. This has been resolved by increasing the column sizes for pzInsKey from 512 to 900 characters and pxInsName from 255 to 768 characters in the pr_metadata table schema master. | Case Management |
| INC-D13958 | 994326 | Case note handling updated | Cross-site scripting protections have been updated for case notes. | Case Management |
| INC-D16719 | 989769 | Optimized Archival pipeline performance | Severe performance degradation was occurring in the archival pipeline (pzPerformArchiveUsingPipeline) where purge operations were limited to processing only one case every 15-50 seconds. This was due to inefficient DELETE queries on pc_FLAudit_ tables using LIKE conditions with leading wildcards on the pxHistoryReference column, forcing full table scans and generating PEGA0005 performance alerts. This has been resolved by updating the PurgeFLA query for Microsoft SQL Server to use more efficient query patterns that can utilize proper indexing, significantly improving archival throughput. | Case Management |
| INC-D18151 | 993536 | Assignment page null pointer exception fixed | Assignment operations were intermittently failing with a NullPointerException in the OpenAndLockWork activity. Investigation showed the assignPage variable was unexpectedly null when the activity attempted to rename it, causing the "Cannot invoke rename(String) because assignPage is null" error. This has been resolved by updating the null checking and error handling in the assignment processing logic to prevent the null pointer exception. | Case Management |
| INC-D18638 | 993852 | Attachment validation through embedded data corrected | Inconsistent behavior was seen with the Constellation Attachment component depending on how the Attachment property was selected during configuration. Attachment components configured by drilling down into embedded data pages were failing mandatory validation with "Attachment – Cannot be blank" errors even after successful file uploads, while the same components configured by selecting the embedded data page directly worked correctly. This was caused by inconsistent property path resolution when the attachment component referenced embedded data properties directly versus through the parent data page. This has been resolved by standardizing the property path validation logic to handle both configuration approaches consistently in Constellation. | Case Management |
| INC-D3165 INC-D12319 |
977069 986165 |
Field level auditing inconsistencies resolved | Inconsistent results were seen for Field Level Auditing of temporary cases migrated from older versions and cases processed through parent-child relationships where FLA did not capture changes correctly for cases in their first assignment, causing expected audit entries to be missing. This has been resolved by refining previous work on duplicate FLA scenarios to include additional handling for temporary cases and cases with utility steps in create stage. The DSS "PreventDuplicateFLA" has been added to help prevent duplicate FLA records in edge cases while preserving prior behavior by default. | Case Management |
| INC-D4292 | 981917 | Database class definition exception resolved | UI Kit applications were generating EXCP0001-5409 BadClassDefinition errors in logs when dragging records from worklist widgets to team member widgets, though functionality remained intact. This was traced to missing or blank report-definition parameters in pyPopulateAssignedWork, and has been resolved by adding a check and handling for this scenario. | Case Management |
| INC-D6203 | 977483 | Question import in branches enabled | Question import functionality was failing with "Please correct flagged fields before submitting the form!" alerts when attempting to import questions in development branches without unlocked rulesets. This was traced to the "Run visibility condition on client" checkbox being checked on the pyRulesetVersion dropdown in the pzSurveyRecordContext section rule, and has been resolved by unchecking the box. | Case Management |
| INC-D7300 INC-D17215 |
984220 989541 |
Case archival indexing resolved | Case archival processes were failing during the Search and Reporting Service (SRS) indexing stage when attempting to archive cases containing null or empty date values in various date properties including Expecteddateofclosure, LatestWOUpdateDT, and DocumentationCompletionDate. ERR_INSTANCE_VALIDATION messages were seen with the sub-code ERR_MALFORMED_PROPERTY_VALUE, specifically reporting "failed to parse field [field_name] of type [date] in document with id 'XXX-XXX-XXX-XXX'. Preview of field's value: ". This has been resolved by adding logic to exclude properties with null or empty values from the indexing request. | Case Management |
| INC-D7684 | 982745 | Added handling for resolved cases SLA processing race condition | Queue processor pyProcessSLA was accumulating broken items with "Unable to open an instance using the given inputs: ASSIGN-INTERNAL" errors for resolved cases where assignments no longer existed. Investigation showed this was caused by SLA processing attempting to access assignments that were removed during rapid case resolution cycles, and was due to cases/assignments being created and resolved without allowing enough time to process the SLA item. This has been resolved with an update to ensure the SLA queue processor item will not move to the broken queue if the corresponding assignment is not present, along with improved cleanup of queue items for resolved cases. | Case Management |
| INC-D9141 | 992866 | Parent case lock release mechanism fixed | Parent case locks were not being properly released when child case assignments were canceled in Constellation applications with default locking configuration. This was occurring when child cases skipped the create stage and had "not lock parent case" option unchecked. This was caused by the pxLockHandle not being properly populated for parent case lock management, and has been resolved. | Case Management |
| INC-D9409 | 979598 | Case flow cleanup improved | Flow accumulation issues were seen when closing cases from within subflows using custom close activities followed by pxForceCaseClose. Embedded subflow instances were remaining present in pyWorkPage.pxFlow(), and upon reopening the same case multiple times, new flow instances were being appended while previous subflow instances were retained, eventually causing system errors when the pxMaxFlowAddCount safeguard was exceeded. This was caused by pxForceCaseClose not properly removing embedded pxFlow pages from cases during closure, and has been resolved by ensuring pxForceCaseClose properly cleans up all embedded flow instances when cases are closed. | Case Management |
Cloud Services
24.2.5 Resolved Issues for Cloud Services
| Ticket # | Issue # | Title | Description | Product Area |
|---|---|---|---|---|
| INC-D12938 | 988999 | DDL generation script performance improved | The generateddl.sh script was requiring existing database schemas and taking an excessive amount of time to generate DDL for new installations. This was traced to the system performing excessive database queries, and has been resolved by updating the prdeploy version to one which eliminates that inefficiency. | Cloud |
| INC-D14909 | 986605 | Oracle DDL upgrade handling updated | Database updates were failing with Oracle error ORA-30556 when attempting to modify the PYFOLDERNAME column in pr_log_service_email table. Investigation showed this was caused by functional or bitmap join indexes being defined on the column being modified, which is not supported by Oracle. This has been resolved by implementing the proper handling for indexes with descending columns during DDL generation. | Cloud |
| INC-D4207 | 975190 | Handling added for post-migration Message rules visibility | Message rules were becoming invisible and unusable following platform update from Pega version 7 to Pega Infinity 24.1. Investigation showed this was caused by the loss of pxobjclass data during the migration process from pr4_rule to pr4_rule_message tables. This has been resolved with an update to ensure the pxobjclass data is preserved during the migration process for improved backwards compatibility. | Cloud |
| INC-D963 | 971773 | Upgrade performance improved for large Data-Content-Image environments | The in-place update process was taking an excessive amount of time to complete. Investigation showed this was caused by a query SELECT pzInsKey related to WHERE pxObjClass = 'Data-Content-Image' which returned the entire table content and consumed excessive processing time. This has been resolved by optimizing the upgrade process to handle environments with large numbers of Data-Content-Image instances more efficiently. | Cloud |
Conversational Channels
24.2.5 Resolved Issues for Conversational Channels
| Ticket # | Issue # | Title | Description | Product Area |
|---|---|---|---|---|
| INC-C55557 | 999511 | Email attachment issue resolved when using Email draft saving | Issues were seen with email attachments for certain file types including Excel and MP4 files when saving draft emails through the Pega email bot. Investigation showed that when attachments were uploaded in the email composer and then saved as a draft, the attachment data was being partially cleared during the save process. As a result, the system tried to re-upload those attachments during the send process, but since they had already been saved to the external storage repository the duplicate upload caused an error and the send failed. To address this, an update has been made to prevent re-uploading attachments that are already stored in the repository, resolving the error and allowing emails with draft attachments to be sent successfully. | Conversational Channels |
| INC-D15916 | 994065 | Error handling updated for email reply with inline images | After update, email replies to inflight cases containing inline images were failing to send. Investigation showed that when sending an email containing inline images, any failure during image processing (e.g. malformed base64, missing data-content reference, bad CID) would throw an unhandled exception in the `pzUploadRTEImageFromBase64Url` activity, causing the entire send operation to abort. This has been resolved by updating the error handling to make the send operation more robust. | Conversational Channels |
| INC-D16867 | 989616 | Email attachment filename property corrected | Email reply functionality was failing. This was due to missing pyFileName property references in Data-WorkAttach-File instances, causing attachment processing errors in the pzSendEmailReplyAPI activity. This has been resolved by updating the activity to use pxAttachName when populating the attachments page. | Conversational Channels |
| INC-D21058 | 993574 | Email triage reserved word handling corrected | Email triage processing was breaking when the word "Call" appeared in email subjects, causing the system to incorrectly interpret it as a rule invocation and throwing RuleNotFoundException errors like "Failed to find a RULE-DECLARE-DECISIONTABLE with the name FOR APRIL STATEMENT". This was caused by the pyGetTextToAnalyzeForEmail decision table treating "Call" as a reserved word and attempting to execute whatever text followed as a rule. This has been resolved by updating the logic to properly handle reserved words and prevent unintended rule execution attempts. | Conversational Channels |
| INC-D2701 | 982768 | Chat functionality restored for real-time messaging and agent availability | Customer service representatives were not receiving new chat assignments for extended periods and were missing real-time customer messages during active conversations. Customer responses were visible after navigating away from the current chat screen and returning, and some messages showed as "Undeliverable". This was caused by capacity updates during chat wrap-up processes and CASE/DATAPAGE_UPDATED events not being properly handled, and has been resolved by adding an extra parameter to the closeContainer Item to allow Customer Service to differentiate between wrap-up and dismiss case actions, and by implementing proper unsubscribe functionality for CASE and DATAPAGE_UPDATED events to ensure real-time message delivery. | Conversational Channels |
| INC-D4559 | 986530 | Email body cross-contamination fixed | Outbound emails were being sent with incorrect email body content from different cases while maintaining correct recipients and subject lines. This was caused by conversation history being rebuilt from processed values rather than the original intended message in some reply/auto-reply flows, and has been resolved by updating the email body mapping logic to ensure proper case-to-email content association. | Conversational Channels |
Data Integration
24.2.5 Resolved Issues for Data Integration
| Ticket # | Issue # | Title | Description | Product Area |
|---|---|---|---|---|
| INC-C33467 | 953831 | Questionnaire file attachment support restored | Case creation was failing with "An internal error occurred. Please contact administrator" when using questionnaires with File type questions configured as "List of Records" in Constellation applications. Investigation showed this was caused by incorrect view metadata annotation where attachment properties were annotated with @p instead of @ATTACHMENT during questionnaire generation. This has been resolved by updating the questionnaire runtime generation logic to detect the underlying property mode for file questions and properly annotate attachment properties. | Decision Management |
| INC-D12212 | 984605 | Adaptive model single-level-v1 pxDecisionResults format deprecated | The documentation for Pega Customer Decision Hub dynamic system settings - Adaptive Learning has been updated to note that the single-level-v1 value for the decision/adm/modelExecutions/format dynamic system setting (DSS) is deprecated. In an environment configured with single-level-v1, the system automatically uses multi-level-v1 for all new Decisions. Existing records created with the single-level pxDecisionResults format remain readable. To align with the supported pxDecisionResults format, update the value of the DSS to multi-level-v1 if it is currently set to single-level-v1. This information has also been updated in the documentation for Withdrawn and deprecated features in Pega Customer Decision Hub. | Decision Management |
| INC-D16104 | 987078 | Troubleshooting documentation added for partition count mismatch between pxResponsesStream and InteractionFiles datasets | When importing InteractionFiles from a lower environment with fewer partitions into a production environment where the Kafka topic has been created with more partitions, a partition count mismatch may be seen between the pxResponsesStream and InteractionFiles datasets. To address this, comprehensive troubleshooting documentation has been added to provide clear guidance on regenerating the InteractionFiles dataset to match the actual number of partitions in the pxResponsesStream topic and recreating affected summary datasets to restore proper backfill operations. Refer to "Inconsistent Number of Partitions in pxResponsesStream and interactionFiles Dataset" for more detailed information. | Decision Management |
| INC-D16966 | 986573 | Dataflow configuration settings properly recognized from JVM arguments | Dataflows were continuing to execute despite setting JVM arguments to disable them, preventing database refresh operations that required all dataflows to be stopped. Investigation showed this was caused by the system not properly recognizing the configurable dynamic system settings for dataflow max_active_runs when specified as JVM arguments rather than DSS settings, and this has been resolved. | Decision Management |
| INC-D17007 | 987869 | IH summary partial key read performance optimized | Outbound decision runs were experiencing significantly longer execution times than expected. This was traced to Interaction History summary read operations which had redundant client-side CPU processing that scaled with the number of keys defined on the summary. This has been resolved by optimizing the BrowseByKeys processing logic to eliminate the redundant processing overhead. | Decision Management |
| INC-D17662 | 994826 | Work link email access authentication fixed | After update, work links received in emails were returning 403 Forbidden errors which prevented users from accessing cases directly from email notifications. The error message "Unauthorized request detected: pyActivity is outside Encrypted parameter" was generated. This was caused by changes in the URL encryption validation logic that incorrectly flagged legitimate work link requests as unauthorized. To address this, the pxWorkLink rule and associated encryption validation have been updated to properly handle encrypted URL parameters while maintaining security requirements. | Decision Management |
| INC-D3777 | 988607 | Real-time data flow event cleanup performance optimized | Cleanup operations for the pr_log_dataflow_events table were timing out due to large data volumes generated by dynamic scaling of real-time Data Flow nodes creating frequent lifecycle and partition rebalance events. This has been resolved by optimizing the cleanup query and implementing batch deletion of old lifecycle events and dataflow errors to prevent query timeouts. | Decision Management |
| INC-D5369 INC-D2295 |
976976 976973 |
Concurrent modification exception resolved in ADM dataset save operations | Real-time dataflows writing to Adaptive Decision Manager (ADM) were experiencing ConcurrentModificationException errors during dataset save operations. This was traced to save operation callbacks being executed on different threads than the dataflow thread due to asynchronous processes, and has been resolved by modifying the ADMDatasetSaveOperation to block until all asynchronous operations complete and then call subscriber callbacks sequentially on a single thread instead of concurrently from multiple callback threads. | Decision Management |
| INC-D7910 | 984115 | Data flow validation logic updated for accurate record counting | Count mismatches were seen between processed record counts and input record counts, causing post-validation failures. Investigation showed this was caused by the PostValidation logic incorrectly relying on pySuccessfulRecords instead of pyProcessedRecords when validating data flow progress. This has been resolved with an update to rely on pyProcessedRecords so validation and reporting are aligned with the checkpointed partition progress to ensure accurate record counting. | Decision Management |
| INC-D8370 | 987148 | Explainability extract processing enhanced for embedded strategies | Explainability Extract operations were throwing exceptions when executed on top-level Globally Optimized Strategies (GOS) containing embedded strategies with data join components that reference other components for iteration. This was traced to embedded strategies being unable to process strategy result pages wrapped in execution audit-specific wrappers, and has been resolved by adding support for embedded strategies to handle strategy result pages with and without execution audit wrappers equally. | Decision Management |
| INC-D8721 | 990882 | File dataset browsing capability restored | Datasets were showing zero records when browsing despite having files available in storage, preventing access to existing data. Investigation showed this was caused by missing .directory metadata in the meta directory structure that shadows the original file structure for performance optimization. This has been resolved by implementing a directory meta structure update mechanism that ensures consistent and recoverable state, along with a recovery activity to fix issues in existing structures. | Decision Management |
| INC-D885 | 989517 | Data flow file creation reliability enhanced | A transient failure during WriteDataToInteractionFiles data flows file creation/write/flush could cause the whole batch to be treated as non-retryable and effectively dropped. To address this, the legacy eager empty file creation has been eliminated, failed records are now marked retryable so the batch can be retried, and empty files no longer produce stray .meta files. | Decision Management |
| INC-D9522 INC-D13100 INC-D17995 |
985987 988818 988826 |
Impact analyzer data display restored | Impact Analyzer displays were empty in the Impact Analyzer interface despite having run the pxSyncActuals activity and verified results through data flows. Investigation showed this was caused by incorrect GroupedValue filtering when filter conditions were applied to empty fields for records. This has been resolved by updating the GroupedValue filtering logic to properly handle filter conditions on empty fields. | Decision Management |
Decision Management
24.2.5 Resolved Issues for Decision Management
| Ticket # | Issue # | Title | Description | Product Area |
|---|---|---|---|---|
| INC-C33467 | 953831 | Questionnaire file attachment support restored | Case creation was failing with "An internal error occurred. Please contact administrator" when using questionnaires with File type questions configured as "List of Records" in Constellation applications. Investigation showed this was caused by incorrect view metadata annotation where attachment properties were annotated with @p instead of @ATTACHMENT during questionnaire generation. This has been resolved by updating the questionnaire runtime generation logic to detect the underlying property mode for file questions and properly annotate attachment properties. | Decision Management |
| INC-D12212 | 984605 | Adaptive model single-level-v1 pxDecisionResults format deprecated | The documentation for Pega Customer Decision Hub dynamic system settings - Adaptive Learning has been updated to note that the single-level-v1 value for the decision/adm/modelExecutions/format dynamic system setting (DSS) is deprecated. In an environment configured with single-level-v1, the system automatically uses multi-level-v1 for all new Decisions. Existing records created with the single-level pxDecisionResults format remain readable. To align with the supported pxDecisionResults format, update the value of the DSS to multi-level-v1 if it is currently set to single-level-v1. This information has also been updated in the documentation for Withdrawn and deprecated features in Pega Customer Decision Hub. | Decision Management |
| INC-D16104 | 987078 | Troubleshooting documentation added for partition count mismatch between pxResponsesStream and InteractionFiles datasets | When importing InteractionFiles from a lower environment with fewer partitions into a production environment where the Kafka topic has been created with more partitions, a partition count mismatch may be seen between the pxResponsesStream and InteractionFiles datasets. To address this, comprehensive troubleshooting documentation has been added to provide clear guidance on regenerating the InteractionFiles dataset to match the actual number of partitions in the pxResponsesStream topic and recreating affected summary datasets to restore proper backfill operations. Refer to "Inconsistent Number of Partitions in pxResponsesStream and interactionFiles Dataset" for more detailed information. | Decision Management |
| INC-D16966 | 986573 | Dataflow configuration settings properly recognized from JVM arguments | Dataflows were continuing to execute despite setting JVM arguments to disable them, preventing database refresh operations that required all dataflows to be stopped. Investigation showed this was caused by the system not properly recognizing the configurable dynamic system settings for dataflow max_active_runs when specified as JVM arguments rather than DSS settings, and this has been resolved. | Decision Management |
| INC-D17007 | 987869 | IH summary partial key read performance optimized | Outbound decision runs were experiencing significantly longer execution times than expected. This was traced to Interaction History summary read operations which had redundant client-side CPU processing that scaled with the number of keys defined on the summary. This has been resolved by optimizing the BrowseByKeys processing logic to eliminate the redundant processing overhead. | Decision Management |
| INC-D17662 | 994826 | Work link email access authentication fixed | After update, work links received in emails were returning 403 Forbidden errors which prevented users from accessing cases directly from email notifications. The error message "Unauthorized request detected: pyActivity is outside Encrypted parameter" was generated. This was caused by changes in the URL encryption validation logic that incorrectly flagged legitimate work link requests as unauthorized. To address this, the pxWorkLink rule and associated encryption validation have been updated to properly handle encrypted URL parameters while maintaining security requirements. | Decision Management |
| INC-D3777 | 988607 | Real-time data flow event cleanup performance optimized | Cleanup operations for the pr_log_dataflow_events table were timing out due to large data volumes generated by dynamic scaling of real-time Data Flow nodes creating frequent lifecycle and partition rebalance events. This has been resolved by optimizing the cleanup query and implementing batch deletion of old lifecycle events and dataflow errors to prevent query timeouts. | Decision Management |
| INC-D5369 INC-D2295 |
976976 976973 |
Concurrent modification exception resolved in ADM dataset save operations | Real-time dataflows writing to Adaptive Decision Manager (ADM) were experiencing ConcurrentModificationException errors during dataset save operations. This was traced to save operation callbacks being executed on different threads than the dataflow thread due to asynchronous processes, and has been resolved by modifying the ADMDatasetSaveOperation to block until all asynchronous operations complete and then call subscriber callbacks sequentially on a single thread instead of concurrently from multiple callback threads. | Decision Management |
| INC-D7910 | 984115 | Data flow validation logic updated for accurate record counting | Count mismatches were seen between processed record counts and input record counts, causing post-validation failures. Investigation showed this was caused by the PostValidation logic incorrectly relying on pySuccessfulRecords instead of pyProcessedRecords when validating data flow progress. This has been resolved with an update to rely on pyProcessedRecords so validation and reporting are aligned with the checkpointed partition progress to ensure accurate record counting. | Decision Management |
| INC-D8370 | 987148 | Explainability extract processing enhanced for embedded strategies | Explainability Extract operations were throwing exceptions when executed on top-level Globally Optimized Strategies (GOS) containing embedded strategies with data join components that reference other components for iteration. This was traced to embedded strategies being unable to process strategy result pages wrapped in execution audit-specific wrappers, and has been resolved by adding support for embedded strategies to handle strategy result pages with and without execution audit wrappers equally. | Decision Management |
| INC-D8693 | 987075 | Real-time data grid performance improved | Customer-defined Interaction History properties were causing excessive CPU load on Real-Time Data Grid, leading to pod restarts and dictionary limit exceeded errors with message "Dictionary for Customer has exceeded 10000 values. New values will be ignored." This was occurring when IH properties were directly mapped to Actuals and unsuitable for aggregations, causing some valid Actuals entries to be incorrectly excluded or inconsistently processed. This has been corrected by updating the correct allow-list handling so valid Actuals are now accepted and processed as expected. | Decision Management |
| INC-D8721 | 990882 | File dataset browsing capability restored | Datasets were showing zero records when browsing despite having files available in storage, preventing access to existing data. Investigation showed this was caused by missing .directory metadata in the meta directory structure that shadows the original file structure for performance optimization. This has been resolved by implementing a directory meta structure update mechanism that ensures consistent and recoverable state, along with a recovery activity to fix issues in existing structures. | Decision Management |
| INC-D885 | 989517 | Data flow file creation reliability enhanced | A transient failure during WriteDataToInteractionFiles data flows file creation/write/flush could cause the whole batch to be treated as non-retryable and effectively dropped. To address this, the legacy eager empty file creation has been eliminated, failed records are now marked retryable so the batch can be retried, and empty files no longer produce stray .meta files. | Decision Management |
| INC-D9522 INC-D13100 INC-D17995 |
985987 988818 988826 |
Impact analyzer data display restored | Impact Analyzer displays were empty in the Impact Analyzer interface despite having run the pxSyncActuals activity and verified results through data flows. Investigation showed this was caused by incorrect GroupedValue filtering when filter conditions were applied to empty fields for records. This has been resolved by updating the GroupedValue filtering logic to properly handle filter conditions on empty fields. | Decision Management |
Low-Code Application Development
24.2.5 Resolved Issues for Low-Code Application Development
| Ticket # | Issue # | Title | Description | Product Area |
|---|---|---|---|---|
| INC-C42814 | 968422 | Lock and roll application instance association fixed | Lock and Roll processes were incorrectly associating new application instances with previously locked ruleset versions when attachments were added during the process. This was caused by the attachment handling interfering with the proper version association logic during ruleset locking and rolling operations, and has been resolved by updating the application instance association logic to remove ruleset version from rule page if the class is Rule-Application. | Low-code App Development |
| INC-D10635 | 986084 | Warning logs and fallback added for lost or invalid production level | In order to assist with troubleshooting development environments where Production Level was sporadically being set as empty or 0 in the pxProcess page, a validation check has been added along with warning logging. If an invalid level is found during validation, it will fall back to the System rule value. | Low-code App Development |
| INC-D13186 | 983340 | Improved LogViewer resource release | Resource closure has been updated for the LogViewer HTML rule to ensure file input streams are consistently released. | Low-code App Development |
| INC-D18113 | 989900 | Usage reporting data collection restored | The UVU Daily Usage report stopped collecting data after applying updates. This was caused by the sppr_aggregate_usage stored procedure containing unqualified table references that failed when executed by users with different default schemas. and has been resolved by updating the stored procedures to include proper schema qualification for all table references. | Low-code App Development |
| INC-D2165 INC-D9514 INC-D16973 |
979909 981278 988781 |
System information button function corrected | After update, the System Information button was failing to load and displaying the error message "No JMS Base Context Found on this Platform" along with JsonGenerationException errors when attempting to access system diagnostic information through Dev Studio. This was caused by conflicts between JMS and StAX XML processing implementations, particularly affecting JBoss EAP and WebSphere application server environments, and has been resolved by adjusting XML declaration stripping and XML serialization configuration, with an additional work applied for WebSphere environments paired with IBM JDK to ensure complete compatibility across all supported application server platforms. | Low-code App Development |
| INC-D2315 | 966787 | Application wizard division class validation improved | The New Application wizard was incorrectly validating class structures when divisional layers were included in the configuration, missing the divisional class from the validation sequence. Investigation showed this was caused by the validation logic not accounting for divisional layer classes in the class hierarchy check. This has been resolved by updating the validation sequence to properly account for Division and Unit class layers when checking for existence of a class. | Low-code App Development |
| INC-D4223 | 983473 | Dev Studio discard and cancel functionality restored | The discard and cancel buttons in Dev Studio dirty dialogs were not functioning properly when users attempted to close modified files. This was traced to an issue with the event handling in the Dev Studio UI rendering system, and has been corrected. | Low-code App Development |
| INC-D5425 | 979635 | Word content control functionality restored | Word content controls in document templates were not functioning properly after update. This was an unintended side effect of work done on the parseAndPopulate function of the docxGenerator API which resulted in compatibility issues with the updated docx4j library. This has been resolved by updating the code with a condition which will extract content if Word content control is used. | Low-code App Development |
| INC-D7400 | 980893 | Application save-as data type copying corrected | Application save-as operations were failing with "URL Alias is already in use" errors and not copying data types to newly created applications. Investigation showed the PreSaveAs path did not correctly update pyProductAlias before the copy/save logic executed, causing the downstream logic used an incorrect/old alias context, so related data type rules were not associated and copied as expected. This has been resolved with an update to ensure Save As updates the alias context correctly. | Low-code App Development |
| INC-D9504 | 983460 | Tracer security updated | Cross-site scripting protections have been updated for the tracer. | Low-code App Development |
Mobile
24.2.5 Resolved Issues for Mobile
| Ticket # | Issue # | Title | Description | Product Area |
|---|---|---|---|---|
| INC-D14695 | 992585 | Offline data persistence improved for child page list operations | When working offline, clearing child page lists within parent page list rows and attempting to save changes resulted in the cleared child list data not being persisted despite the save operation appearing to complete successfully. This has been resolved by updating the serialization logic to prevent missing child-page placeholders when saving sparse pagelists offline, and ensuring the removal flows guard against missing/null resolved assignment or remove payloads. | Mobile |
| INC-D20470 | 997897 | Mobile modal dialog display corrected | Modal dialogs on mobile devices were experiencing issues with rendering and positioning of modal content on mobile screens. This was an inadvertent side effect of previous work which introduced conflicting CSS rules that interfered with mobile-specific modal styling. This has been resolved by adjusting the CSS implementation to ensure proper modal dialog behavior across all mobile device types. | Mobile |
| INC-D2050 | 988165 | Photo upload popup handling corrected for offline apps | Multiple attachment popups were appearing when uploading 2 or more photos/files using pxAttachContent control with action sets in offline-enabled applications. This has been resolved by adding a guard to prevent multiple attachment pickers from being launched during multi-file/photo uploads in the Hybrid Client attachment control. | Mobile |
Project Delivery
24.2.5 Resolved Issues for Project Delivery
| Ticket # | Issue # | Title | Description | Product Area |
|---|---|---|---|---|
| INC-C34811 | 959000 | Documentation clarified for expected UDF alert behavior | The UDF alert documentation has been updated to clarify that PEGA0167 alerts can occur as expected behavior following long idle periods, and represent normal system behavior rather than defects. | Project Delivery |
| INC-C56117 | 968261 | Documentation updated for Rich Text Editor | The documentation for Configuring a Rich Text Editor control has been updated to specify that the Rich Text Editor supports Pega JSP tags only. All other JSP tags are removed. |
Project Delivery |
Reporting
24.2.5 Resolved Issues for Reporting
| Ticket # | Issue # | Title | Description | Product Area |
|---|---|---|---|---|
| INC-D10340 | 982215 | Corrected batch index processor interference with case creation | Background case creation processes were being disrupted by SRS indexing operations related to pySASBatchIndexProcessor. The BatchEDIProcessor from Smart Claims Engine was unable to create work objects, and was receiving the error "Database-BadClassDef-BadObjectClass Trying to open rule PARSEX12!NM1 of class Rule-Parse-Delimited, but no defined-on class (pyClassName) was specified". Investigation showed this was caused by complex dependencies between claims processing and indexing caused by unnecessary thread-state cleanup calls for SRS Query Processors. This has been resolved by disabling calls to dictionaryReset and declarativeContextClear to prevent the thread state being cleaned more aggressively than needed, reducing interference between batch indexing and background case creation processes. | Reporting |
| INC-D11306 | 985654 | BIX extract functionality for single-stage cases enabled | When creating a case type with a single stage and configuring real time BIX extract rules, running the case type resulted in empty data sets with no case data being extracted. Investigation showed this was caused by a limitation in the BIX real-time extraction feature where the pzDeriveEventType (Final, Internal) activity contained a When condition that evaluated whether the number of stages >=2, preventing single-stage cases from being processed. This has been resolved by modifying the BIX RTE logic to support single-stage cases and removing the stage count restriction. Logging has also been modified from INFO to DEBUG. | Reporting |
| INC-D11991 | 987421 | PDF image orientation support enhanced | iPhone JPEG images were not displaying with correct orientation in generated PDFs due to EXIF orientation data not being processed. This has been resolved by updating pd4ml to a version which includes EXIF orientation support for JPEG images. | Reporting |
| INC-D13258 | 985966 | Scheduled report end date handling updated | Scheduled reports with "EndBy" dates were continuing to schedule indefinitely because the pyRecurrenceDetails.pyUseEndDate property was always false. This was traced to incorrect end date flag handling in the scheduling logic, and has been corrected. | Reporting |
| INC-D14014 | 985948 | Data display corrected for report widget charts with ampersand | After update, dashboard charts were not displaying all data when the chart labels contained ampersand ("&") characters, though the same charts were rendering correctly when accessed directly through the report browser. This was caused by the ampersand character not being properly converted when passed as a query parameter in the chart rendering process, and has been resolved by updating the pzMultiSeriesData FusionCharts XML and pzComboData FusionCharts files to properly handle ampersand characters in chart labels. | Reporting |
| INC-D14471 | 984335 | BIX extract parsing improved for complex property structures | BIX extracts were failing with the error "InvalidReferenceException: The reference pxStageHistory().pxProcesses is not valid. Reason: unexpected character ')' at position 15, expected subscript (wildcards not allowed)" when attempting to extract data containing three-level pagelist property structures, particularly when XML extraction was selected with manifest generation. Investigation showed this was related to previous work that addressed incorrect pxTotalInstanceCount calculations but inadvertently introduced parsing issues for complex nested property structures involving multiple levels of embedded pagelists. This has been resolved by providing a solution for BIXXML Manifest XML parsing that correctly handles three-level pagelist structures, allowing extracts to complete successfully without the reference validation errors. | Reporting |
| INC-D17635 | 997885 | Date calculation timezone handling standardized | After migration, the pxDifferenceInDays function was producing different results between on-premise and cloud environments. This was traced to the report calculations using pxDifferenceIn* functions which could return values based on the database or raw timezone rather than the operator’s effective timezone, causing users in non-database timezones to see off-by-one or otherwise skewed differences, especially around date boundaries. To address this, the timezone conversion logic has been updated and a new DSS "useOperatorTimeZone" setting has been added for configuration control so report difference values are aligned to their timezone context. When dateCalculations/OnPegaCloud/useOperatorTimezone is enabled, the functions convert timestamps using the operator timezone from pxRequestor.pyUseTimeZone, with a fallback to the default operator timezone. | Reporting |
| INC-D18339 | 993114 | Added handling to avoid Oracle database query limit | After update, report definitions were failing with ORA-01795 error message "maximum number of expressions in a list is 1000". This was caused by Oracle database queries exceeding the 1000 expression limit when processing large datasets, and has been addressed by implementing query expression splitting logic that automatically divides large query expressions into smaller chunks when they exceed Oracle's 1000-item limit. | Reporting |
| INC-D21320 | 994938 | BIX file generation for complex data structures corrected | BIX extracts were failing to generate files when processing complex embedded data pages with rarely-populated referenced pages, throwing StringIndexOutOfBoundsException errors with "begin 0, end -1, length 19" during XML generation. This was caused by improper parsing logic in BIXXMLUtils.getKeyNameForTheProperty when handling wildcard properties in complex embedded data structures, and has been resolved by implementing enhanced parsing logic for deep structured embedded properties referenced through property-ref to external embedded properties. | Reporting |
| INC-D311 | 973423 | PDF filename extension duplication eliminated | The Create PDF functionality was generating files with duplicate .pdf extensions in Constellation applications, resulting in filenames like "document.pdf.pdf". The issue occurred because legacy attachment components displayed extensions as part of the filename, but Constellation separates extensions, causing the system to add .pdf twice when the extension was already included in the name. This has been resolved by updating the PDF creation logic to prevent the duplication. | Reporting |
| INC-D6592 | 988254 | Date picker year display corrected in dashboard filters | Year values were not displaying properly in DD-MM-YYYY format date range filters when multiple filters were added to Inline Dashboards. This was caused by CSS layout conflicts in the Insight template, and has been resolved by correcting the date picker layout handling for dashboard filters with multiple filter configurations. | Reporting |
| INC-D6593 | 984948 | Dashboard date range filtering corrected | Dashboard Insight date range picker was not displaying records when the same From and To dates were selected for filtering a specific day, instead showing no results. Investigation showed this was caused by the system using identical date and time values in the request, creating an impossible range condition. This has been resolved by adjusting the date range logic to properly handle same-day filtering by setting 23:59:59 for the end filter. | Reporting |
| INC-D8999 | 979586 | PDF preview functionality restored | PDF file previews were failing with "Failed to display content. Contact the application administrator." error when browsers were configured to download PDFs instead of displaying them inline. This was affecting both Chrome and Edge browsers with specific PDF handling settings and causing case navigation options to disappear. This has been resolved by updating the handling for PDF preview. | Reporting |
Security
24.2.5 Resolved Issues for Security
| Ticket # | Issue # | Title | Description | Product Area |
|---|---|---|---|---|
| INC-D10466 INC-D5237 |
980601 989070 |
AWS identity federation credential retrieval resolved | Identity federation rules were failing to fetch AWS temporary credentials when running in background jobs, with the error message "Cloud Identity Federation failure : Failed to fetch AWS temporary credentials for identity federation rule:GlobalIdentityFed" appearing in logs along with SECU0023 security alerts. Investigation showed that access group values were appearing as blank or null during credential retrieval operations, preventing proper authentication with AWS services. This has been resolved by refactoring the access group retrieval mechanism to properly handle null and empty cases, along with enhanced token caching logic to avoid unnecessary invalidation broadcasts and improved handling of the Hazelcast decommission latency issue. | Security |
| INC-D10774 | 993418 | Access policy condition results accuracy improved | The access policy condition results page was not reflecting validation results correctly when using the "Actions > View policy condition results" option, while the "Verify Policy" option worked as expected. This was caused by the ABAC policy-condition results page evaluating index- and association-backed conditions incorrectly at the per-condition level, effectively relying on the overall policy verdict instead of independently evaluating those conditions. This has been resolved with an update to ensure the ABAC policy-condition results page evaluates each condition independently. | Security |
| INC-D10948 INC-D13780 INC-D7373 |
983567 984016 984900 |
Forgot password functionality restored | After update, authentication failures were seen when attempting to use the forgot password functionality, with the system continuously looping back to the login screen and displaying "Please enter valid username" error messages even when valid operator IDs were entered. This was traced to the username/operator validation logic within the forgot password flow experiencing increased processing time for OAuth token lookups that failed with cache lock errors and retried multiple times, and has been resolved. | Security |
| INC-D11065 | 982466 | Token storage capacity increased for OAuth authentication | OAuth2 token decryption failures were seen while creating the OAuth2 client token. This was traced to token truncation, and was caused by the column length limitations of 4000 characters for pyaccesstoken and 512 characters for pzrefreshtoken columns being insufficient to store full token lengths. This has been resolved by increasing pyaccesstoken column capacity to 8000 characters and pzrefreshtoken to 4000 characters in the pr_data_token table. | Security |
| INC-D12665 | 990971 | Cross site scripting protections updated | Comprehensive URL parameter encryption has been added to maintain security throughout the entire user session lifecycle. |
Security |
| INC-D1298 | 993329 | XSS prevention optimized for skin rules | The pyPreventXSSInLabel DSS setting was causing issues when applied to final skin rules, disrupting normal UI rendering and label display functionality. This has been resolved by implementing conditional XSS prevention that skips processing for final rules while maintaining security for editable content. | Security |
| INC-D13101 | 982546 | SAML authentication handling updated | In order to support site-specific needs for unsigned assertions, the DSS security/SAML/allowUnsignedAssertion (comma-separated list of auth service names, case-insensitive) has been made available. The default behavior is to enforce signature validation (DSS is set to false). | Security |
| INC-D14332 | 985474 | Multi-factor authentication handling improved for external authentication | A blank MFA page was displaying when logging in via SAML/OIDC/Platform Authentication with Multi Factor Authentication policies enabled but no associated email account configured. Investigation showed this was caused by insufficient validation of email account prerequisites for MFA policies. This has been resolved by ensuring MFA security policy handling behaves correctly even when an operator has no email account. | Security |
| INC-D15457 | 997640 | Access role read rules configuration corrected | Access Role Name configuration was failing when attempting to modify Read Rules settings, displaying errors when selecting or creating when rules, with the system incorrectly listing and creating rules in the ARO class instead of the proper Rule- class. This has been resolved by correcting the class determination logic to properly target Rule- classes for when rule operations. | Security |
| INC-D15773 | 986439 | Cookie reuse security updated | Handling has been updated to improve security for cookie reuse scenarios. | Security |
| INC-D15898 | 997352 | Rich Text Editor security updated | Cross-site scripting protections have been updated for CKEditor. | Security |
| INC-D17638 | 994677 | Token renewal updated | Token renewal handling has been updated with stricter token validation and improved handling of invalid tokens. | Security |
| INC-D20802 INC-D23353 INC-C25899 INC-D2915 INC-D18673 |
999974 | OAuth token authentication accuracy improved for duplicate client identifiers | After update or after decommissioning Hazelcast caching and clustering functionality, OAuth token authorization errors appeared. This was caused by the tokens being stored/looked up by mOperatorId instead of the resource owner's username, causing token collisions, and was due to centralized token caching changing from a shared global cache to a node-local cache. This led to issues when multiple users shared the same client ID, which is against best practices. To resolve this, for ROPC grant type only, the resolved resource owner username will use pyUserIdentifier instead of the Pega operator ID. | Security |
| INC-D21146 | 997006 | Handling updated for duplicate static content | In some scenarios, duplicate aggregate static content requests could be added multiple times during request extraction. In order to improve performance, an update has been made to ensure duplicates are removed while preserving original order. Skipped duplicate aggregate resources are logged when debug logging is enabled. | Security |
| INC-D390 INC-B49938 |
979115 934916 |
Property encryption validation for page and pagelist properties resolved | After update, attempting to configure PropertyEncrypt actions in Access Control Policies for Page and Page List properties resulted in the error message "Property name - This embedded property is not optimized. Please optimize the property before using it in PropertyEncrypt access control policy. Exposed properties other than text type are not allowed", even when properties were properly optimized. This was traced to overly restrictive validation logic incorrectly blocking Page and Page List properties from being used in PropertyEncrypt configurations, and has been resolved by removing the validation restrictions for pagelist and page group properties, implementing proper detection of PageList/PageGroup mode to resolve item classes correctly, and adding appropriate warning messages for non-optimized properties while allowing text-type properties to be saved successfully. | Security |
| INC-D4523 | 980781 | OIDC authentication flow streamlined for expired requestor sessions | The error "Requestor session on the server expired due to long inactivity" was generated when users took longer than 2 minutes to authenticate with their identity provider during OIDC single sign-on, requiring users to manually close the window and restart the login process. This was traced to the handling for expired short-lived requestor sessions when receiving valid authentication responses, and has been resolved by implementing automatic redirection to the identity provider instead of showing the error screen, allowing seamless re-authentication without user intervention. | Security |
| INC-D4684 | 978318 | OIDC authentication service mapping error corrected | OIDC authentication was failing with NullPointerException errors when authentication services contained attributes in the mapping tab, specifically when dot notation variables were present. Investigation showed this was caused by realizeTheExpression prematurely fetching SSO attribute values from the clipboard before the request was generated, causing stale/empty data to be used during expression resolution. This has been resolved. | Security |
| INC-D5346 | 974957 | HTTP 412 retry mechanism implemented for HashiCorp vault | Intermittent failures were seen when connecting to HashiCorp vault clusters, resulting in HTTP 412 errors. Investigation showed this was caused by token propagation delays within the HashiCorp vault cluster infrastructure. Automatic retry logic has been added to assist with request failures. | Security |
| INC-D70 | 981997 | Security validation improved against improper access control | An update has been made to prevent unauthorized function execution. | Security |
| INC-D7744 | 984665 | OAuth 2.0 logging improved | In order to assist with diagnosing authentication issues, OAuth token endpoint failures will now log the provider's actual error details (error / error_description) instead of only a generic HTTP status. | Security |
| INC-D8286 | 990077 | Open redirect security updated | Open redirect handling for OAuth2 authorize endpoints has been updated for improved security. | Security |
| INC-D9004 | 988752 | CIDR-based studio access implemented | CIDR-based access restrictions are now available to restrict studio access exclusively to IP addresses within client-defined CIDR blocks. | Security |
| INC-D9821 | 985309 | Security updated for cross-site scripting | Cross-site scripting protections have been updated for App Studio and rule set editing. | Security |
System Administration
24.2.5 Resolved Issues for System Administration
| Ticket # | Issue # | Title | Description | Product Area |
|---|---|---|---|---|
| INC-C56616 | 979501 | EdgeServer file extraction download handling improved | The Extract EdgeServer Files feature for deploying static content to AWS CloudFront was failing with duplicate rule errors, specifically encountering failures at RULE-FILE-TEXT STYLE PALSTYLESHEET CSS rules during extraction. This was an issue with logic for downloading the files after running the ExtractEdgeServer process, and has been resolved. | System Administration |
| INC-C58146 | 973651 | Portal routing made more robust | The handling for portal routing has been updated to ensure users are directed to their Access Group’s default portal, with a fallback to the standard portal when no default is set. | System Administration |
| INC-D1909 | 978106 | Queue processing stability improved for corrupted entries | Agent processing was stopping for 10 minutes when encountering queue entries with null pzpvStream values in pr_sys_queues or pr_sys_queue_sla tables, generating BadInstanceDataException errors. This was traced to corrupted queue items with null stream data that prevented proper page population from the database, and has been resolved by adding null checks to queries for the pzpvstream column and implementing table constraints to prevent insertion of null values, along with alert generation for handling such scenarios. | System Administration |
| INC-D24451 | 999282 | Real Time Extraction (RTE) BIX performance and scalability improvements | Writing events to Kafka was taking an excessive amount of time when handling a large number of events (100k). In order to address this, new alerting and context-building capabilities for extract event processing have been introduced, primarily focused on Kafka integration and message size monitoring. This reflects a change in implementation: instead of processing BIX extract events internally, changed events are now published directly to an external Kafka system. Outbound payload shaping for external Kafka consumers uses the more efficient metadata + data structure. New utility methods for raising event alerts, logging message size threshold violations, and constructing standardized alert context strings have been provided. To improve performance and scalability, the legacy single Job Scheduler flow has been replaced with a Queue Processor-based pipeline with three dedicated queue processors: pzRealTimeExtractionCaseQP pzRealTimeExtractionDataUpdateQP pzRealTimeExtractionDataDeleteQP The previous rule pzProcessBIXExtractEvents is disabled by default but remains available as an override option if there is a need to process in-flight data during migration to external Kafka. Please refer to the documentation for configuring real-time data extraction for further information. |
System Administration |
| INC-D2958 | 977298 | Job scheduler alert diagnostics enhanced | In order to assist with diagnosing Job Scheduler execution failures, the alert configuration and job scheduler alert logging have been updated to include additional alert settings and richer exception details. These include an extended default granular alert configuration (pySetting) with additional alert codes and thresholds, and exception stack traces in the generated error text. | System Administration |
User Experience
24.2.5 Resolved Issues for User Experience
| Ticket # | Issue # | Title | Description | Product Area |
|---|---|---|---|---|
| INC-C22921 | 935146 | Resolved error for Ajax container tab deletion | Ajax container tabs were experiencing null pointer exceptions when attempting deletion operations. This was caused by data-record-key attributes not being generated for tab elements during page refresh operations, and has been resolved by setting recordKey for tabs on refresh. | User Experience |
| INC-C39402 | 956476 | Embedded table row deletion restored | Row deletion was failing in embedded tables containing dropdown components when no placeholder text was configured, while working correctly when placeholders were present. Investigation showed this was caused by child dropdown components re-rendering and populating Redux state even when no page reference existed for the embedded data. This has been resolved by preventing child component re-rendering when page references do not exist for embedded data structures. | User Experience |
| INC-C40983 | 956338 | Off-by-one error in summary report corrected | After update, hierarchical table drill-down reports were displaying all records instead of filtered results after private editing the report definition. This was occurring when using legacy markup with filtering conditions on report definitions, and was caused by an off-by-one issue in the sort-order assignment for summary report definitions. This has been resolved by correcting the sort-order logic so grouped columns sort correctly. | User Experience |
| INC-C42330 | 955294 | Profile image display corrected in parallel assignments | Parallel assignments were displaying incorrect profile images where all assignments showed the same user image despite being assigned to different users. This was caused by a stale derived value which only fetched the avatar URL on the initial mount and did not refetch when metaObj.image changed, and has been resolved. | User Experience |
| INC-C51191 | 960675 | Rich Text Editor keyboard button localization added | Localization has been added for the "Keyboard" button and "Rich Text Editor toolbar keyboard shortcuts" text in the RTE control. | User Experience |
| INC-C53488 | 972991 | Accordion accessibility state announcements restored for screen readers | Screen readers were not properly announcing the expanded state when accordion layout groups were opened. This was an unintended side effect of work done for focus indicator issues on expand/collapse headers, and has been resolved by updating the pzpega_ui_layoutgroup_js rule to restore proper ARIA state communication to screen readers while maintaining the focus indicator functionality, ensuring accordion expand/collapse states are correctly announced by NVDA and other assistive technologies. |
User Experience |
| INC-C54852 | 968607 | Button keyboard navigation restored for dirty forms | Buttons configured with both Click and Enter events were not responding to keyboard Enter presses when forms were dirty and only perform harness was present. This was caused by a missed use case in new feature implementation that prevented proper keyboard event handling on dirty forms, and has been resolved. | User Experience |
| INC-C55697 | 970102 | Validation error labels fixed for pagelist properties | Validation error messages were not displaying field labels for pagelist properties even when the displayFieldNameInValidationMsg DSS was enabled. This was caused by the validation message system not properly handling pagelist property labels when the DSS setting was active, and has been resolved. |
User Experience |
| INC-C56147 | 966725 | Date picker correctly announces current date | Date picker controls were applying aria-current="date" to selected dates instead of today's date. This has been resolved by implementing proper aria-current="date" for today's date and aria-selected="true" for selected dates when appropriate in the pzpega_ui_calendar.js functions to improve accessibility. | User Experience |
| INC-C56976 | 975659 | Screen flow attachment deletion behavior corrected | Screen flows were exhibiting incorrect attachment behavior where deleted attachments would reappear when navigating between steps, and attempting to delete them again would cause submission errors. This has been resolved by correcting the attachment lifecycle management in screen flow contexts to prevent deleted attachments from reappearing after cancel and reopen in multi-step forms. | User Experience |
| INC-C59174 | 972091 | Menu item focus behavior improved for reports tab | The My Reports tab in traditional applications was retaining the Menu-item-active CSS class even after clicking elsewhere on the screen or focusing on other elements. This was determined to be style inconsistency caused by a reload being triggered through customizations, and has been resolved. The styling has also been modified to update the selected-item indicator color and add a background color for the selected menu item anchor, making the active menu item clearer and more consistent. | User Experience |
| INC-C59657 | 978245 | Processing error screen flash resolved | A "processing error has occurred" screen was briefly appearing for 1-2 seconds when opening subsequent cases using the "Create Work" functionality with pega.desktop.infinity.createNewWorkInDialogContainer script, particularly in configurations with layout groups containing multiple dynamic layouts with deferred loading. This was caused by timing issues in the deferred loading mechanism for dynamic layout sections, and has been resolved. | User Experience |
| INC-D10078 | 982266 | Date range picker accessibility improved | Date range picker modal dialogs were missing both accessible names and dialog roles. This has been resolved by adding proper dialog roles and localized aria-labels in pzpega_ui_daterangepicker and pzClientLocaleData. | User Experience |
| INC-D10143 | 983139 | Case type localization fixed in browser tab titles | Case type names in browser tab titles were not displaying localized text in Constellation applications. This has been corrected. | User Experience |
| INC-D10282 | 982252 | Accessibility corrected for date control table markup | Date controls were generating inaccessible table markup in headers, including layout table semantics that were being read by screen readers during date picker interactions. This was caused by missing role="presentation" attributes on non-tabular table elements in the buildHeaderSpinners() function, and has been corrected. | User Experience |
| INC-D10515 | 985005 | Optimized table responsiveness checkbox behavior corrected | The Responsiveness checkbox was incorrectly remaining enabled and checked in optimized tables when users unchecked "Optimize code", selected responsiveness, then re-enabled "Optimize code", causing mobile-specific views to appear inappropriately. Investigation showed this was caused by the system retaining the last checkbox state before disabling rather than properly resetting it. This has been resolved by ensuring the Responsiveness checkbox is properly disabled and unchecked when Optimize code is enabled. | User Experience |
| INC-D10747 | 990029 | Autoclose handling updated for secure URL configurations | HTTP 400 errors were generated when attempting to use the autoclose functionality in end-user portals after enabling the Dynamic System Settings prconfig/initialization/urlencryption/default (set to true) and prconfig/initialization/submitobfuscatedurl/default (set to required). Investigation showed this was caused by the autoclose feature sending plain text URLs that were incompatible with the URL encryption requirements, and this has been resolved by implementing URL encryption handling in the autoclose request mechanism. | User Experience |
| INC-D11037 | 985496 | Optional actions functionality restored for resolved interaction cases | Case-wide optional actions on resolved interaction cases were becoming unresponsive after submission, preventing further actions like case dismissal. This was caused by missing refresh calls on pyCaseSummary for closed interaction cases, and has been resolved by ensuring key population when finishing an assignment on a resolved case. | User Experience |
| INC-D1137 INC-D2580 |
977709 978234 |
Redundant screen reader announcements removed | Unnecessary screen reader announcements of "Top panel", "Bottom Panel region", and similar labels were triggered during page navigation, and announcements of "Information on the content" were duplicated when contentinfo roles were added to footer elements. This was due to redundant ARIA label announcements on header, main, and footer landmarks, and has been resolved by removing the unnecessary attributes in the GenerateLayout rule file. | User Experience |
| INC-D12233 | 984570 | Localized date pasting handling updated | Date input fields were rejecting date values containing January when they were pasted into date input controls, while other months worked correctly. This was traced to date parsing logic that incorrectly handled January month values during paste operations, and has been corrected with an update to better parse locale-formatted date/time strings. | User Experience |
| INC-D12317 | 988954 | Menu accessibility improved for disabled items | It was not possible to close menus containing only disabled items using the Escape key. This has been resolved by updating the menu component to properly handle keyboard navigation and closure events regardless of item states. | User Experience |
| INC-D12426 | 997764 | Modal popup display restored | The Create Workbasket form was rendering inline below the workbasket list table instead of opening in the expected modal popup when users clicked the '+' (Add) button in Manage Workbaskets. Investigation showed that the preview modal functionality was not working correctly for Add operations, and this has been resolved. | User Experience |
| INC-D13081 | 984980 | Table column reordering with row selection restored | Column reordering functionality was not working properly in tables with row selection enabled, where header columns would move but the corresponding data columns remained in their original positions. Investigation showed this happened when row selection was enabled and categorization was disabled, and was caused by a mismatch in the 'expand-collapse' class handling between the header and data rows. This has been resolved. | User Experience |
| INC-D15512 | 986750 | Section refresh functionality restored for conditional local actions | After updating from Pega 7, clicking buttons configured with both "Refresh this section" and conditional local actions defined in separate classes resulted in the message "Error (Please contact system administrator)" . This was traced to a loss of base reference in the underlying JavaScript framework, and has been resolved by implementing a new configuration flag "pega.u.d.skipIECheck" in the webwb_pzpega_ui_doc_domutils.js rule's getBaseReference method, which can be explicitly set to true from UserWorkForm to bypass the problematic reference check and restore proper section refresh behavior. | User Experience |
| INC-D16722 | 987805 | Attachment field display corrected for page lists | Attachment fields in page lists were incorrectly displaying in the UI when entering assignments, even though they were deleted from the clipboard. This was traced to UI synchronization with clipboard state for attachment fields, and has been resolved by correcting the attachment field display logic for page list properties to avoid overwriting propertiesToReplace when already set. | User Experience |
| INC-D17039 | 988993 | Instruction text display corrected in partial views | Form views included within partial views were not displaying instruction text for field groups. This was caused by incomplete context propagation when rendering nested view components, and has been corrected. | User Experience |
| INC-D1723 | 974057 | Horizontal scroll bar at 400% zoom eliminated | When increasing browser zoom to 400% on work object details pages, a horizontal scroll bar appeared that interfered with accessibility. This has been resolved by adjusting the CSS layout calculations to properly accommodate 400% zoom levels without generating horizontal scroll bars. | User Experience |
| INC-D17298 | 991927 | Axios updated | The Axios library has been updated to a newer supported version. | User Experience |
| INC-D17848 | 994220 | Multiselect control duplicate values eliminated | Multiselect controls were displaying duplicate values in the options list when users removed items after initially selecting all options, particularly when the data source contained options with similar names like "Life" and "Childrens Life". This was caused by improper option list management when dynamically updating the available choices after user selections. This has been resolved by correcting the multiselect control logic to properly maintain unique option lists and prevent duplication when options are added or removed. | User Experience |
| INC-D1873 | 979075 | Screen reader accessibility for empty values improved | Screen readers were announcing "n dash n dash" instead of "no value" when navigating to text fields populated by declare expressions that returned empty or null values. This has been resolved by implementing proper "no value" text rendering for screen reader compatibility. | User Experience |
| INC-D18937 | 992517 | Date time control week localization corrected | Date time controls with "Display week numbers on the calendar" enabled were showing "Week" in English without proper localization support. This has been resolved by adding proper localization support for week number headers in the pzpega_ui_calendar.js buildDaysRow function calendar control and updating pzClientLocaleData with the necessary field values. | User Experience |
| INC-D19585 | 997952 | Localized table view record count display fixed | Constellation table views in some non-English locales were displaying incorrect record counts after saving personalized views or switching between views, with readonly DataPages showing unchanged counts when switching to default view and editable DataPages reverting to initial default counts after view operations. Investigation showed this was caused by locale-specific formatting issues in the view count calculation and display logic, and has been resolved by updating the localization for the generateCountText method. | User Experience |
| INC-D20646 | 992573 | Axios library updated | The Axios library has been updated. | User Experience |
| INC-D20715 | 997881 | Navigation tree accessibility improved | Screen reader tools were announcing "Blank" when navigating through navigation tree items that contained person image icons. This was caused by missing aria-hidden attributes on decorative image elements, and has been resolved by adding aria-hidden="true" attributes to person image icons in the generateCellContent function. | User Experience |
| INC-D21488 | 996316 | Assignment instruction text display corrected | The Assignment instruction text was being truncated mid-sentence and followed by unwanted bullet points, such as "Select the track(s) to reserve for this trai•" instead of displaying the complete instruction text. This has been resolved by updating the CSS used by webwb to modify how the item-separator helper class injects the dot separator. | User Experience |
| INC-D21746 | 994162 | Multiple Google address API calls resolved | Applications were experiencing excessive Google Address API calls when using the LocationInput control in Constellation. Investigation showed this was caused by the LocationInput control triggering a separate Google API call for each character entered rather than implementing proper debouncing or throttling mechanisms. This has been resolved by implementing optimized API call patterns to reduce and better manage Google Maps Places API usage by introducing debounced autocomplete calls and reusing AutocompleteSessionTokens across a “typing session”, while also threading the active token into place-details lookups (including map clicks). | User Experience |
| INC-D22022 | 994128 | Promoted filter time range issue resolved | When specifying a time range of 7:00-7:30 in the Promoted Filter in Insights, the start time (7:00) was being excluded from the results, while the same filter worked correctly when applied directly on the column. Investigation showed this was caused by seconds being added from the current time when clicking the option in the select dropdown, which interfered with the time range filtering logic. This has been resolved by correcting the time handling mechanism in the Promoted Filter functionality to ensure consistent behavior with column-level filtering. | User Experience |
| INC-D22584 | 997639 | Firefox date picker keyboard navigation enabled | Date picker calendars were not displaying when accessed via keyboard navigation in Mozilla Firefox, while working correctly in Google Chrome. This was caused by Firefox-specific event handling differences that interfered with the keyboard navigation implementation, and has been resolved by adding Firefox-specific condition logic to prevent secondary key down events that were interfering with calendar display. | User Experience |
| INC-D3194 | 976240 | Corrected slider input synchronization with form refresh | Slider controls with numeric input enabled were displaying 0 instead of the actual slider value in the input box when auto-populated. This has been resolved by ensuring proper value synchronization between slider and input components during form refresh to ensure NumberInput does not display stale values. | User Experience |
| INC-D3352 | 979078 | Screen reader accessibility improved for required fields | Screen readers were not announcing required field status for several UI controls including TextArea, Rich Text Editor, Radio buttons, AnyPicker, AutoComplete, and Dropdown when client-side validation was disabled. This was due to the aria-label attributes not being properly set for required field indication in these controls for this scenario, and has been resolved by updating the backend rendering logic to ensure all required field controls include proper aria-label attributes for screen reader accessibility. | User Experience |
| INC-D3535 | 978678 | Corrected Multiselect dropdown save error | Multiselect combobox controls were throwing "Invalid Request Data" errors when attempting to save selections in Constellation. This was caused by data page parameter metadata not being processed correctly for page list properties, especially when the page list was empty or nested under a composite path. To address this, parameter resolution has been made path-aware and class-aware, so Constellation can still derive parameter property paths and metadata even when there are no page list rows yet. | User Experience |
| INC-D3541 | 975776 | Custom field label display corrected | After update, special characters were not correctly encoded and HTML tags were displayed in custom field labels. This has been corrected with an update to resolve the paragraph content as textContent if it is of 'simple' category. | User Experience |
| INC-D4570 | 976617 | Hover menu collapses as expected | Link controls configured with Hover Menu action sets were remaining expanded when focus moved elsewhere, causing multiple menus to stay open simultaneously and creating user interface confusion. This has been corrected by adding display:none inline style to implement proper menu collapse behavior when cursor focus moves away from hover menu controls. | User Experience |
| INC-D4579 | 979289 | Required field indication added for multiselect and RTE controls | Multiselect combobox controls and Rich Text Editor (RTE) fields were not indicating required field status to screen readers. This has been resolved by updating multiselect combobox controls to include required attributes and RTE controls to include required status in their aria-label values. | User Experience |
| INC-D5674 | 981755 | Picklist behavior corrected during horizontal table scrolling | Search box picklists within horizontally scrollable tables were remaining open and moving with scroll position instead of closing, causing the open picklist to overlap and block UI elements during navigation. Investigation showed the ComboBox popover was not explicitly configured to hide when its anchor/target became hidden, even though the ComboBox’s open state could still indicate it should be shown. This allowed the popover to outlive the visible ComboBox target and remain rendered or visually inconsistent. To resolve this, the handling has been updated to ensure the popover now hides automatically when the ComboBox target is no longer visible. | User Experience |
| INC-D6514 | 979177 | Browser timezone handling fixed for empty operator settings | Date and time values were displaying in GMT instead of browser timezone when operator timezone settings were removed, and pulse feed functionality was generating errors. Investigation showed the environment timezone detection was not properly falling back to browser timezone when operator locale was empty, and this has been corrected by updating PCore.getEnvironmentInfo().getTimezone() to return undefined when user locale is empty, enabling proper browser timezone fallback. | User Experience |
| INC-D6724 | 980465 | Radio button placeholder selection issue resolved | Radio button controls with "Not Applicable" placeholder options were automatically selecting when there was a click anywhere on the control area, including white space or labels, even when existing values were already present. This was an issue with improper ID assignment logic in the template_radiogroup.js rule template that failed to distinguish between placeholder and regular value selections, and has has been resolved by implementing conditional ID assignment logic that properly differentiates placeholders. | User Experience |
| INC-D7170 | 983537 | Skin rule handling updated to prevent out-of-memory errors | Skin rule operations were causing system unresponsiveness and Java heap out-of-memory errors during check-in, check-out, and save operations. This was caused by excessive memory consumption in the skin processing pipeline when certain formats within a Skin rule contained corrupted color styles without valid HEX values, typically originating from overridden or “Save As” formats. To resolve this, a server-side sanitizer has been added to repair corrupted RGBA values in skin data and the ColorPicker has been hardened so it only emits safe, valid CSS color formats. | User Experience |
| INC-D7397 | 984941 | Work portal favicon configuration fixed | Custom favicon configured in pyPortalIcon was being applied to the work portal while correctly appearing in the dev portal. Investigation showed this was caused by URL hash replacement with semantic URLs in src/initialiser/index.js, which broke relative URL resolution for icon fetching. This has been resolved with an update to prevent favicon and Apple touch icon URLs defined as relative paths from breaking after history.pushState updates the page URL. | User Experience |
| INC-D7408 | 979194 | Administrator landing page localization enabled | The pxAdministrator landing page and configuration sets were not translating properly when language packs were installed and operator locale was changed, with many values remaining in English despite other locale selection. This has been resolved by implementing the necessary translation framework to support universal localization across all Constellation administrator components. | User Experience |
| INC-D7602 | 994068 | Ajax container tab behavior stabilized | Ajax container tabs in the pyCaseManager portal were exhibiting inconsistent behavior including tabs reappearing after closure, incorrect tab names displaying after browser reload, and SafeURL null pointer exceptions when closing tabs, particularly after upgrading from deprecated tab group layouts. This was caused by improper state management in the Ajax container implementation and race conditions in the tab lifecycle events, and has been resolved by updating the tab state management. | User Experience |
| INC-D7840 | 978242 | Empty utilities API call error fixed | API calls were failing with HTTP 400 status when the Utilities panel contained no widgets, resulting in empty widget parameters being passed to the D_pzCountOfItemsPerWidget data page. This was occurring in full case view configurations where all utility widgets had been removed, and was traced to the system attempting to fetch widget counts with invalid empty parameters. This has been resolved by adding proper validation to prevent API calls when no widgets are present in the utilities configuration. | User Experience |
| INC-D7924 | 980547 | Table row count display corrected for large datasets with filters | Applications were displaying "NaN" instead of the actual selected row count in table toolbars when working with optimized tables containing more than 5000 rows and applying filters with select all functionality. Investigation showed this was caused by a grid selection count calculation error in the templates and layouts component when handling large dataset that contained undefined values. This has been resolved by initializing missing count values and updating the grid toolbar styling to ensure the count text is consistently targetable. | User Experience |
| INC-D8581 | 979292 | Data reference combobox 'required' attribute implemented | Data reference combobox controls were not indicating required field status. This has been resolved by adding proper required attribute support to data reference combobox controls. | User Experience |
| INC-D8597 | 981920 | Table column overlay positioning corrected | The show/hide column overlay in tables with many columns was appearing detached from its trigger button when positioned near page edges. This was caused by the overlay's top position calculation not accounting for scrollbar presence and overlay height, and has been resolved by updating the popover.js calculation. | User Experience |
| INC-D888 | 977020 | Preview action functionality works for hybrid UI environments | Preview actions were failing in Constellation landing pages embedded within UI-Kit portals, showing "Cannot read properties of undefined (reading 'showSlideInPanel')" errors. This was caused by missing panel functionality in hybrid UI setups, and has been corrected. | User Experience |
| INC-D8926 | 979771 | Date filtering updated for optimized tables | When applying a Date/Time filter on an optimized table and selecting “Tomorrow” with the checkbox “Also include today” enabled, the filter returns only records for today. This was an issue with an off-by-one-day boundary in symbolic date resolution, and has been resolved so that filtering with Tomorrow + Include Today correctly includes both today and tomorrow (especially for date-time end-of-period calculations). | User Experience |
| INC-D8989 | 986226 | Corrected clearance of authorization error message | Authorization error messages were persisting in the PEGA Legal Group Advisory User Portal interface even after successfully accessing valid cases. This has been resolved by updating the context handling to ensure authorization messages are properly cleared from the interface once valid access is confirmed. | User Experience |
| INC-D9233 | 987524 | Corrected assignment due date display accuracy | Constellation assignments were incorrectly displaying due dates for assignments that had no due date configured, with the same due date appearing for multiple assignments until page refresh. The issue occurred when opening the second assignment in assignment lists, causing due date information to persist incorrectly across assignments. This was caused by a change in the dx API's response assignments array, and has been resolved by updating the date state management in the Constellation assignment display logic. | User Experience |
| INC-D9660 | 983084 | Session timer modal positioning corrected | Session timer warning windows were appearing in the top left corner when other popups were present on screen, with the close icon either missing or causing the browser window to close instead of the modal when clicked. This was caused by improper modal template selection when existing popups were detected, and has been resolved by ensuring the session timer uses the correct modal template regardless of existing popup states. | User Experience |
| INC-D9789 | 983026 | Multi-step form refresh timing corrected | Multi-step forms were experiencing errors when users changed fields with visible-when conditions and clicked next. The issue occurred due to a race condition between the setTimeout refresh handler and onClickHandler, resulting in finish assignment executing before refresh calls could register for blocking actions, and has been resolved by properly synchronizing refresh and click handler execution order. | User Experience |
| INC-D9916 | 981119 | Date picker keyboard focus containment updated | Keyboard focus was escaping from date picker controls when users tabbed through all available elements. Investigation showed this was caused by missing focus trap implementation in the date picker component, and this has been corrected. | User Experience |