                   	webMethods Integration Cloud 6.0 Fix readme

                                        April 2020
____________________________________________________________________________________________________                                        

** In addition to including resolutions to product defects, a fix may also include enhancements to 
   existing functionality and features. 

** This fix readme is cumulative, which means that it includes all previous fixes for the release. 
   Fixes are listed from newest to oldest. 

** This fix readme also mentions the zone/region where the fixes are applied. Go to the specific zone 
   in this fix readme to see the list of fixes available for that zone.

____________________________________________________________________________________________________

					Zones
				______________________

				     [US, Oregon]

				     [DE, Germany]

				     [EU, Ireland]

				______________________

____________________________________________________________________________________________________	


				_______________________

				   Zone: US, Oregon
       	                        _______________________

							
UHM-1545 (Fix 4)
Description: End-to-End Monitoring does not show the transactions tagged by the sub-domain name.
Solution: This issue is resolved. End-to-End Monitoring user interface now queries the transactions of a tenant by the tenantId as well as the sub-domain name.


CLTF-1480 (Fix 3)
Description: Support for clearing storage locks 
Solution: Added a new screen under "Monitor" to manually clear the stale locks. Stale locks are cleared automatically if they are not manually cleared within eight hours.

 
CF-377/WF-15089 (Fix 2)

Description: Client-side throttling for Marketo API calls: Marketo's API call limitation (100 API calls in 20 sec) was causing integrations to fail
Solution: A retry mechanism has been introduced in the recipes. If any API limitation is now reached, we exponentially wait and then retry, which avoids integration failures based on user inputs.
	  
Description: Optimization: Initial sync mechanism has been enhanced in the recipes. 
Solution: A user can now enter a specific time in UTC from when the data has to be synced between SAPC4C and Marketo systems. 

The following recipes are modified with the above features and have been enhanced for better performance and error handling:

- SAPC4CToMarketoMasterDataSync
	
- SAPC4CToMarketoSalesPersonDataSync
	
- SAPC4CToMarktoCompanyDataSync
	
- SAPC4CToMarketoOpportunityDataSync
	
- SAPC4CContactToMarketoLeadDataSync
	
- MarketoLeadToSAPC4CContactDataSync
	
- SAPC4CToMarketoCBOLeadDataSync
	
- MarketoToSAPC4CLeadsDataSync
	
- MarketoToSAPC4CActivitiesDataSync

- SAPC4CToMarketoActvtyPhoneDataSync

- SAPC4CToMarketoActvtyTasksDataSync
	
- SAPC4CToMarketoActvtyAppoinDataSync
	
- SAPC4CToMarketoDeleteSync


SC-14497 (Fix 2)

Description: Cumulocity and Cloud Deployment connectors were not available under Predefined Applications in Integration Cloud.
Solution: Both the connectors now appear under the Predefined Applications category.


UHM-1220  (Fix 2)

Description: The collector got restarted.
Solution: This issue is resolved. End to End Monitoring servers now reuse the connections to elastic search and also 
cleans up those connections when they are not in use.


LIP-13168 (Fix 1)

Description: Unable to create a REST API with a Swagger file greater than 1 MB. 
Solution: This issue is resolved. Now REST APIs can accept a Swagger file upto 5 MB.


LIP-13311 (Fix 1)

Description: Salesforce connection was getting disabled. 
Solution: The following Salesforce Account configuration properties are implemented:
- Block Timeout: The number of milliseconds that Integration Cloud will wait to obtain a connection with the SaaS provider before the connection times out and returns an error. Default: 1000 msec.
- Expire Timeout: The number of milliseconds that an inactive connection can remain in the pool before it is closed and removed from the pool, if connection pooling is enabled. Default: 1000 msec. These fields if updated with the below recommended settings, will prevent connections from getting disabled. Block Timeout configuration is dependent on the Maximum Pool Size configuration and expected request load on the connection pool. If the request load on the connection pool is expected to exceed the Maximum Pool Size configuration, then the Block Timeout should be configured to a value greater than the Response Timeout (expected time for a request to complete). Example: 
Maximum Pool Size = 200
Request load = 250
Response Timeout = 5 mins
Recommended configuration for Block Timeout = 10 mins
Expiry Timeout configuration value is recommended to be equivalent or slightly less than the 
Session Timeout configuration value. 
Example:
Session Timeout = 14 min
Expiry Timeout =  14 min


LIP-13056 (Fix 1)

Description: PEGA Access fails with "invalid token or expired". WMIC-EXECUTION-PARAMETERS-FROM-HEADER is not being passed for integration execution.
Solution: X-WMIC-EXECUTION-PARAMETERS-FROM-HEADER is now made as a mandatory header and it has to be 
present while executing an integration. This header will exist only if the request comes from 
CTP to Integration Server. In this particular case, the custom ESB service is an integration 
which will be called by some integration, and the request will originate from Integration 
Server and not from CTP. So the header will not be present during the invocation.
This header as made mandatory only for the top-level service.


LIP-12960 (Fix 1)

Description: Sorting on the "Duration" column in the Monitor page was not available.
Solution: This issue is resolved. Sort option on the Duration column in the Monitor page is now 
available. 


LIP-13034 (Fix 1)

Description: When a new document type is created in a REST application and pulled to a higher stage, the 
newly created document type is not moved to the higher stage.
Solution: This issue is resolved. Now all document types of a REST application are promoted to the 
higher stage along with the REST application.


LIP-13172 (Fix 1)

Description: SOAP API creation fails when supporting xsd files are uploaded to wsdl.
Solution: This issue is resolved. Uploaded xsd files are now considered.


LIP-13249 (Fix 1)

Description: Missing X-Content-Type-Options Header
HTTP response does not contain the following headers:
- X-Content-Type-Options: nosniff
- X-Frame-Options: SAMEORIGIN
Solution: Setting a server's X-Content-Type-Options HTTP response header to nosniff instructs browsers to 
disable content or MIME sniffing which is used to override the response Content-Type headers to guess and process the data using an 
implicit content type. While this can be convenient in some scenarios, it can also lead to some attacks. Configuring your 
server to return the X-Content-Type-Options HTTP response header set to nosniff will instruct browsers that support 
MIME sniffing to use the server-provided Content-Type and not interpret the content as a different content type.
This issue is resolved. Now those headers are added in the NGINX conf files.


LIP-13117 (Fix 1)

Description: ACL feature was not working for a debug scenario after an associated ACL was modified for an 
integration. The modified ACL was not reflecting in the debug flow. 
Solution: This issue is resolved. Now the modified ACL can be used in the debug flow.


LIP-13228 (Fix 1)

Description: Variable initialization is not working. An empty string value for a field could not be set.
Solution: This issue is resolved. An empty string value can now be set if the field is open and you click 
"Apply".


LIP-13196 (Fix 1)

Description: Mappings are not loading if fields are mapped that are present in the document reference and which 
are part of another document reference.
Solution: This issue is resolved. If the fields are not loaded, mappings to the parent document reference 
are shown.


LIP-13313 (Fix 1)

Description: The "projectName" field was susceptible to SQL injection attacks as Hard coded SQL query 
was being used for the projectName parameter.
Solution: This issue is resolved. The hard-coded SQL string is replaced with the named parameter approach.


LIP-13049 (Fix 1)

Description: Tenant Email and Tenant subdomain information are not available in the support email.
Solution: This issue is resolved. Now the tenant email information shows whether its paid or a trial tenant.


LIP-13041 (Fix 1)

Description: Existing mappings were not showing correctly in integrations.
Solution: This issue is resolved. Calculated the field path saved based on existing fields in the tree and 
using the same for matching the field path in case of duplicate fields which were existing.


LIP-12933 (Fix 1)

Description: Monitor Export through Execution Results was exporting too much data as filters were ignored.
The exported spreadsheet contained irrelevant data as the filters were ignored while fetching the data 
from the database.
Solution: This issue is resolved. The following filters are added in the fetch query and now filters are not 
ignored.
- integrationName 
- status


LIP-13263 (Fix 1)

Description: Missing Strict Transport Security Header. Without the HTTP Strict Transport Security (HSTS) header, 
it may be possible to downgrade the browser connection from HTTPS to HTTP.
HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web 
application using a special response header. Once a supported browser receives this 
header, that browser will prevent any communications from being sent over HTTP to the specified domain 
and will instead send all communications over HTTPS. 
It also prevents HTTPS click through prompts on browsers.
Solution: This issue is resolved. The NGINX configuration has been updated.


LIP-13248 (Fix 1)

Description: Missing X-Frame-Options Header. If a page fails to set an appropriate X-Frame-Options HTTP header, 
it might be possible for a page controlled by an attacker to load it within an iframe. 
Solution: This issue is resolved. The NGINX configuration has been updated.


NUM-13003 (Fix 1)

Description: Universal Messaging master realm may create a queue subscription for a slave realm while the realm 
is being disconnected from the cluster. The master realm eventually fails to dispatch events to 
this subscription with a NullPointerException.
Solution: This issue is resolved. 


NUM-13031 (Fix 1)

Description: Universal Messaging NIO SSL driver locks up in certain rare cases.
Solution: This issue is resolved.


NUM-13084 (Fix 1)

Description: Slowness observed on hybrid connectivity.
Solution: This issue is resolved. Universal Messaging server now supports configuring queue filter index 
time-to-live using the 'QUEUE_FILTER_INDEX_TTL' system property.
The property specifies time-to-live value for queue filter indices in milliseconds. If not specified, 
a default of 1 hour is used.
If set to 0, the queue filter index is removed from the cache once it is no longer used (no active 
consumer uses such filter).
The Universal Messaging server will build and maintain an index with events matching each unique queue 
consumer filter and cache it in memory.
The index will be removed if it is not used for longer than the specified TTL value. This configuration 
applies to all queues in the server.
A lower TTL value is recommended when the consumers' filters are changing frequently and new consumers 
rarely or never specify the same filter twice.
A higher TTL value is recommended when filters are expected to be reused, for example, when newly 
registered consumers use filters of previous consumers on hybrid connectivity on Integration Cloud.


PIE-60343 (Fix 1)

Description: Issues in PRE-LIVE stage.
Solution: These issues are resolved. The Cloud Integration Server does not set TTL on events it adds to the 
"to_onPrem" queue. 
The following changes have been made to the Cloud Integration Server:
- Set TTL on every message it pushes into the "to_onPrem" queue.
- Changes to use Synchronized queue reader to avoid using an extra thread.


PIE-60789 (Fix 1)

Description: Universal Messaging authentication module SAML assertion is slow. The authentication module 
does SAML assertion against CTP. During high load, it becomes a bottleneck and also opens a new outbound socket for every request. 
Solution: This issue is resolved. Now Universal Messaging authentication module does local validation of SAML 
Assertion instead of passing the Assertion to CTP for authentication.

______________________________________________________________________________________________________


				     _______________________

				        Zone: DE, Germany
				     _______________________


CF-230 (Fix 1)
Description: Monitoring improvements. 
Solution: White-box monitoring for webMethods Integration Cloud has been dramatically improved.


NUM-13084 (Fix 1)

Description: Slowness observed on hybrid connectivity.
Solution: This issue is resolved. Universal Messaging server now supports configuring queue filter index 
time-to-live using the 'QUEUE_FILTER_INDEX_TTL' system property.
The property specifies time-to-live value for queue filter indices in milliseconds. If not specified, 
a default of 1 hour is used.
If set to 0, the queue filter index is removed from the cache once it is no longer used (no active 
consumer uses such filter).
The Universal Messaging server will build and maintain an index with events matching each unique queue 
consumer filter and cache it in memory.
The index will be removed if it is not used for longer than the specified TTL value. This configuration 
applies to all queues in the server.
A lower TTL value is recommended when the consumers' filters are changing frequently and new consumers 
rarely or never specify the same filter twice.
A higher TTL value is recommended when filters are expected to be reused, for example, when newly 
registered consumers use filters of previous consumers on hybrid connectivity on Integration Cloud.


CF-377/WF-15089 (Fix 1)

Description: Client-side throttling for Marketo API calls: Marketo's API call limitation (100 API calls in 20 sec) was causing integrations to fail
Solution: A retry mechanism has been introduced in the recipes. If any API limitation is now reached, we exponentially wait and then retry, which avoids integration failures based on user inputs.
	  
Description: Optimization: Initial sync mechanism has been enhanced in the recipes. 
Solution: A user can now enter a specific time in UTC from when the data has to be synced between SAPC4C and Marketo systems. 

The following recipes are modified with the above features and have been enhanced for better performance and error handling:

- SAPC4CToMarketoMasterDataSync
	
- SAPC4CToMarketoSalesPersonDataSync
	
- SAPC4CToMarktoCompanyDataSync
	
- SAPC4CToMarketoOpportunityDataSync
	
- SAPC4CContactToMarketoLeadDataSync
	
- MarketoLeadToSAPC4CContactDataSync
	
- SAPC4CToMarketoCBOLeadDataSync
	
- MarketoToSAPC4CLeadsDataSync
	
- MarketoToSAPC4CActivitiesDataSync

- SAPC4CToMarketoActvtyPhoneDataSync

- SAPC4CToMarketoActvtyTasksDataSync
	
- SAPC4CToMarketoActvtyAppoinDataSync
	
- SAPC4CToMarketoDeleteSync


SC-14497 (Fix 1)

Description: Cumulocity and Cloud Deployment connectors were not available under Predefined Applications in Integration Cloud.
Solution: Both the connectors now appear under the Predefined Applications category.


WST-4800  (Fix 1)

Description: CSRF Token validation failed (Error code 403) while executing SAP C4C "Create" and 
"Update" operations. 
Solution: While executing the SAP C4C "Create" and "Update" operations, 403 Forbidden: CSRF Token 
validation failed error appears. This issue is resolved. Now any SAP C4C operation can be executed.


UHM-1220  (Fix 1)

Description: The collector got restarted.
Solution: This issue is resolved. End to End Monitoring servers now reuse the connections to elastic search and also 
cleans up those connections when they are not in use.


LIP-13168 (Fix 1)

Description: Unable to create a REST API with a Swagger file greater than 1 MB. 
Solution: This issue is resolved. Now REST APIs can accept a Swagger file upto 5 MB.


LIP-13311 (Fix 1)

Description: Salesforce connection was getting disabled. 
Solution: The following Salesforce Account configuration properties are implemented:
- Block Timeout: The number of milliseconds that Integration Cloud will wait to obtain a connection with the SaaS provider before the connection times out and returns an error. Default: 1000 msec.
- Expire Timeout: The number of milliseconds that an inactive connection can remain in the pool before it is closed and removed from the pool, if connection pooling is enabled. Default: 1000 msec. These fields if updated with the below recommended settings, will prevent connections from getting disabled. Block Timeout configuration is dependent on the Maximum Pool Size configuration and expected request load on the connection pool. If the request load on the connection pool is expected to exceed the Maximum Pool Size configuration, then the Block Timeout should be configured to a value greater than the Response Timeout (expected time for a request to complete). Example: 
Maximum Pool Size = 200
Request load = 250
Response Timeout = 5 mins
Recommended configuration for Block Timeout = 10 mins
Expiry Timeout configuration value is recommended to be equivalent or slightly less than the 
Session Timeout configuration value. 
Example:
Session Timeout = 14 min
Expiry Timeout =  14 min


LIP-13056 (Fix 1)

Description: PEGA Access fails with "invalid token or expired". WMIC-EXECUTION-PARAMETERS-FROM-HEADER is not being passed for integration execution.
Solution: X-WMIC-EXECUTION-PARAMETERS-FROM-HEADER is now made as a mandatory header and it has to be 
present while executing an integration. This header will exist only if the request comes from 
CTP to Integration Server. In this particular case, the custom ESB service is an integration 
which will be called by some integration, and the request will originate from Integration 
Server and not from CTP. So the header will not be present during the invocation.
This header as made mandatory only for the top-level service.


LIP-12960 (Fix 1)

Description: Sorting on the "Duration" column in the Monitor page was not available.
Solution: This issue is resolved. Sort option on the Duration column in the Monitor page is now 
available. 


LIP-13034 (Fix 1)

Description: When a new document type is created in a REST application and pulled to a higher stage, the 
newly created document type is not moved to the higher stage.
Solution: This issue is resolved. Now all document types of a REST application are promoted to the 
higher stage along with the REST application.


LIP-13172 (Fix 1)

Description: SOAP API creation fails when supporting xsd files are uploaded to wsdl.
Solution: This issue is resolved. Uploaded xsd files are now considered.


LIP-13249 (Fix 1)

Description: Missing X-Content-Type-Options Header
HTTP response does not contain the following headers:
- X-Content-Type-Options: nosniff
- X-Frame-Options: SAMEORIGIN
Solution: Setting a server's X-Content-Type-Options HTTP response header to nosniff instructs browsers to 
disable content or MIME sniffing which is used to override the response Content-Type headers to guess and process the data using an 
implicit content type. While this can be convenient in some scenarios, it can also lead to some attacks. Configuring your 
server to return the X-Content-Type-Options HTTP response header set to nosniff will instruct browsers that support 
MIME sniffing to use the server-provided Content-Type and not interpret the content as a different content type.
This issue is resolved. Now those headers are added in the NGINX conf files.


LIP-13117 (Fix 1)

Description: ACL feature was not working for a debug scenario after an associated ACL was modified for an 
integration. The modified ACL was not reflecting in the debug flow. 
Solution: This issue is resolved. Now the modified ACL can be used in the debug flow.


LIP-13228 (Fix 1)

Description: Variable initialization is not working. An empty string value for a field could not be set.
Solution: This issue is resolved. An empty string value can now be set if the field is open and you click 
"Apply".


LIP-13196 (Fix 1)

Description: Mappings are not loading if fields are mapped that are present in the document reference and which 
are part of another document reference.
Solution: This issue is resolved. If the fields are not loaded, mappings to the parent document reference 
are shown.


LIP-13313 (Fix 1)

Description: The "projectName" field was susceptible to SQL injection attacks as Hard coded SQL query 
was being used for the projectName parameter.
Solution: This issue is resolved. The hard-coded SQL string is replaced with the named parameter approach.


LIP-13049 (Fix 1)

Description: Tenant Email and Tenant subdomain information are not available in the support email.
Solution: This issue is resolved. Now the tenant email information shows whether its paid or a trial tenant.


LIP-13041 (Fix 1)

Description: Existing mappings were not showing correctly in integrations.
Solution: This issue is resolved. Calculated the field path saved based on existing fields in the tree and 
using the same for matching the field path in case of duplicate fields which were existing.


LIP-12933 (Fix 1)

Description: Monitor Export through Execution Results was exporting too much data as filters were ignored.
The exported spreadsheet contained irrelevant data as the filters were ignored while fetching the data 
from the database.
Solution: This issue is resolved. The following filters are added in the fetch query and now filters are not 
ignored.
- integrationName 
- status


LIP-13263 (Fix 1)

Description: Missing Strict Transport Security Header. Without the HTTP Strict Transport Security (HSTS) header, 
it may be possible to downgrade the browser connection from HTTPS to HTTP.
HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web 
application using a special response header. Once a supported browser receives this 
header, that browser will prevent any communications from being sent over HTTP to the specified domain 
and will instead send all communications over HTTPS. 
It also prevents HTTPS click through prompts on browsers.
Solution: This issue is resolved. The NGINX configuration has been updated.


LIP-13248 (Fix 1)

Description: Missing X-Frame-Options Header. If a page fails to set an appropriate X-Frame-Options HTTP header, 
it might be possible for a page controlled by an attacker to load it within an iframe. 
Solution: This issue is resolved. The NGINX configuration has been updated.


NUM-13003 (Fix 1)

Description: Universal Messaging master realm may create a queue subscription for a slave realm while the realm 
is being disconnected from the cluster. The master realm eventually fails to dispatch events to 
this subscription with a NullPointerException.
Solution: This issue is resolved. 


NUM-13031 (Fix 1)

Description: Universal Messaging NIO SSL driver locks up in certain rare cases.
Solution: This issue is resolved.


PIE-60343 (Fix 1)

Description: Issues in PRE-LIVE stage.
Solution: These issues are resolved. The Cloud Integration Server does not set TTL on events it adds to the 
"to_onPrem" queue. 
The following changes have been made to the Cloud Integration Server:
- Set TTL on every message it pushes into the "to_onPrem" queue.
- Changes to use Synchronized queue reader to avoid using an extra thread.


PIE-60789 (Fix 1)

Description: Universal Messaging authentication module SAML assertion is slow. The authentication module 
does SAML assertion against CTP. During high load, it becomes a bottleneck and also opens a new outbound socket for every request. 
Solution: This issue is resolved. Now Universal Messaging authentication module does local validation of SAML 
Assertion instead of passing the Assertion to CTP for authentication.

______________________________________________________________________________________________________



				 _______________________

				   Zone: EU, Ireland
				________________________

CLTF-1480 (Fix 1)
Description: Support for clearing storage locks 
Solution: Added a new screen under "Monitor" to manually clear the stale locks. Stale locks are cleared automatically if they are not manually cleared within eight hours.


NUM-13084/LIP-13954 (Fix 1)

Description: Slowness observed on hybrid connectivity.
Solution: This issue is resolved. Universal Messaging server now supports configuring queue filter index 
time-to-live using the 'QUEUE_FILTER_INDEX_TTL' system property.
The property specifies time-to-live value for queue filter indices in milliseconds. If not specified, 
a default of 1 hour is used.
If set to 0, the queue filter index is removed from the cache once it is no longer used (no active 
consumer uses such filter).
The Universal Messaging server will build and maintain an index with events matching each unique queue 
consumer filter and cache it in memory.
The index will be removed if it is not used for longer than the specified TTL value. This configuration 
applies to all queues in the server.
A lower TTL value is recommended when the consumers' filters are changing frequently and new consumers 
rarely or never specify the same filter twice.
A higher TTL value is recommended when filters are expected to be reused, for example, when newly 
registered consumers use filters of previous consumers on hybrid connectivity on Integration Cloud.

 
CF-377/WF-15089 (Fix 1)

Description: Client-side throttling for Marketo API calls: Marketo's API call limitation (100 API calls in 20 sec) was causing integrations to fail
Solution: A retry mechanism has been introduced in the recipes. If any API limitation is now reached, we exponentially wait and then retry, which avoids integration failures based on user inputs.
	  
Description: Optimization: Initial sync mechanism has been enhanced in the recipes. 
Solution: A user can now enter a specific time in UTC from when the data has to be synced between SAPC4C and Marketo systems. 

The following recipes are modified with the above features and have been enhanced for better performance and error handling:

- SAPC4CToMarketoMasterDataSync
	
- SAPC4CToMarketoSalesPersonDataSync
	
- SAPC4CToMarktoCompanyDataSync
	
- SAPC4CToMarketoOpportunityDataSync
	
- SAPC4CContactToMarketoLeadDataSync
	
- MarketoLeadToSAPC4CContactDataSync
	
- SAPC4CToMarketoCBOLeadDataSync
	
- MarketoToSAPC4CLeadsDataSync
	
- MarketoToSAPC4CActivitiesDataSync

- SAPC4CToMarketoActvtyPhoneDataSync

- SAPC4CToMarketoActvtyTasksDataSync
	
- SAPC4CToMarketoActvtyAppoinDataSync
	
- SAPC4CToMarketoDeleteSync


SC-14497 (Fix 1)

Description: Cumulocity and Cloud Deployment connectors were not available under Predefined Applications in Integration Cloud.
Solution: Both the connectors now appear under the Predefined Applications category.


UHM-1220  (Fix 1)

Description: The collector got restarted.
Solution: This issue is resolved. End to End Monitoring servers now reuse the connections to elastic search and also 
cleans up those connections when they are not in use.


LIP-13168 (Fix 1)

Description: Unable to create a REST API with a Swagger file greater than 1 MB. 
Solution: This issue is resolved. Now REST APIs can accept a Swagger file upto 5 MB.


LIP-13311 (Fix 1)

Description: Salesforce connection was getting disabled. 
Solution: The following Salesforce Account configuration properties are implemented:
- Block Timeout: The number of milliseconds that Integration Cloud will wait to obtain a connection with the SaaS provider before the connection times out and returns an error. Default: 1000 msec.
- Expire Timeout: The number of milliseconds that an inactive connection can remain in the pool before it is closed and removed from the pool, if connection pooling is enabled. Default: 1000 msec. These fields if updated with the below recommended settings, will prevent connections from getting disabled. Block Timeout configuration is dependent on the Maximum Pool Size configuration and expected request load on the connection pool. If the request load on the connection pool is expected to exceed the Maximum Pool Size configuration, then the Block Timeout should be configured to a value greater than the Response Timeout (expected time for a request to complete). Example: 
Maximum Pool Size = 200
Request load = 250
Response Timeout = 5 mins
Recommended configuration for Block Timeout = 10 mins
Expiry Timeout configuration value is recommended to be equivalent or slightly less than the 
Session Timeout configuration value. 
Example:
Session Timeout = 14 min
Expiry Timeout =  14 min


LIP-13056 (Fix 1)

Description: PEGA Access fails with "invalid token or expired". WMIC-EXECUTION-PARAMETERS-FROM-HEADER is not being passed for integration execution.
Solution: X-WMIC-EXECUTION-PARAMETERS-FROM-HEADER is now made as a mandatory header and it has to be 
present while executing an integration. This header will exist only if the request comes from 
CTP to Integration Server. In this particular case, the custom ESB service is an integration 
which will be called by some integration, and the request will originate from Integration 
Server and not from CTP. So the header will not be present during the invocation.
This header as made mandatory only for the top-level service.


LIP-12960 (Fix 1)

Description: Sorting on the "Duration" column in the Monitor page was not available.
Solution: This issue is resolved. Sort option on the Duration column in the Monitor page is now 
available. 


LIP-13034 (Fix 1)

Description: When a new document type is created in a REST application and pulled to a higher stage, the 
newly created document type is not moved to the higher stage.
Solution: This issue is resolved. Now all document types of a REST application are promoted to the 
higher stage along with the REST application.


LIP-13172 (Fix 1)

Description: SOAP API creation fails when supporting xsd files are uploaded to wsdl.
Solution: This issue is resolved. Uploaded xsd files are now considered.


LIP-13249 (Fix 1)

Description: Missing X-Content-Type-Options Header
HTTP response does not contain the following headers:
- X-Content-Type-Options: nosniff
- X-Frame-Options: SAMEORIGIN
Solution: Setting a server's X-Content-Type-Options HTTP response header to nosniff instructs browsers to 
disable content or MIME sniffing which is used to override the response Content-Type headers to guess and process the data using an 
implicit content type. While this can be convenient in some scenarios, it can also lead to some attacks. Configuring your 
server to return the X-Content-Type-Options HTTP response header set to nosniff will instruct browsers that support 
MIME sniffing to use the server-provided Content-Type and not interpret the content as a different content type.
This issue is resolved. Now those headers are added in the NGINX conf files.


LIP-13117 (Fix 1)

Description: ACL feature was not working for a debug scenario after an associated ACL was modified for an 
integration. The modified ACL was not reflecting in the debug flow. 
Solution: This issue is resolved. Now the modified ACL can be used in the debug flow.


LIP-13228 (Fix 1)

Description: Variable initialization is not working. An empty string value for a field could not be set.
Solution: This issue is resolved. An empty string value can now be set if the field is open and you click 
"Apply".


LIP-13196 (Fix 1)

Description: Mappings are not loading if fields are mapped that are present in the document reference and which 
are part of another document reference.
Solution: This issue is resolved. If the fields are not loaded, mappings to the parent document reference 
are shown.


LIP-13313 (Fix 1)

Description: The "projectName" field was susceptible to SQL injection attacks as Hard coded SQL query 
was being used for the projectName parameter.
Solution: This issue is resolved. The hard-coded SQL string is replaced with the named parameter approach.


LIP-13049 (Fix 1)

Description: Tenant Email and Tenant subdomain information are not available in the support email.
Solution: This issue is resolved. Now the tenant email information shows whether its paid or a trial tenant.


LIP-13041 (Fix 1)

Description: Existing mappings were not showing correctly in integrations.
Solution: This issue is resolved. Calculated the field path saved based on existing fields in the tree and 
using the same for matching the field path in case of duplicate fields which were existing.


LIP-12933 (Fix 1)

Description: Monitor Export through Execution Results was exporting too much data as filters were ignored.
The exported spreadsheet contained irrelevant data as the filters were ignored while fetching the data 
from the database.
Solution: This issue is resolved. The following filters are added in the fetch query and now filters are not 
ignored.
- integrationName 
- status


LIP-13263 (Fix 1)

Description: Missing Strict Transport Security Header. Without the HTTP Strict Transport Security (HSTS) header, 
it may be possible to downgrade the browser connection from HTTPS to HTTP.
HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web 
application using a special response header. Once a supported browser receives this 
header, that browser will prevent any communications from being sent over HTTP to the specified domain 
and will instead send all communications over HTTPS. 
It also prevents HTTPS click through prompts on browsers.
Solution: This issue is resolved. The NGINX configuration has been updated.


LIP-13248 (Fix 1)

Description: Missing X-Frame-Options Header. If a page fails to set an appropriate X-Frame-Options HTTP header, 
it might be possible for a page controlled by an attacker to load it within an iframe. 
Solution: This issue is resolved. The NGINX configuration has been updated.


NUM-13003 (Fix 1)

Description: Universal Messaging master realm may create a queue subscription for a slave realm while the realm 
is being disconnected from the cluster. The master realm eventually fails to dispatch events to 
this subscription with a NullPointerException.
Solution: This issue is resolved. 


NUM-13031 (Fix 1)

Description: Universal Messaging NIO SSL driver locks up in certain rare cases.
Solution: This issue is resolved.


PIE-60343 (Fix 1)

Description: Issues in PRE-LIVE stage.
Solution: These issues are resolved. The Cloud Integration Server does not set TTL on events it adds to the 
"to_onPrem" queue. 
The following changes have been made to the Cloud Integration Server:
- Set TTL on every message it pushes into the "to_onPrem" queue.
- Changes to use Synchronized queue reader to avoid using an extra thread.


PIE-60789 (Fix 1)

Description: Universal Messaging authentication module SAML assertion is slow. The authentication module 
does SAML assertion against CTP. During high load, it becomes a bottleneck and also opens a new outbound socket for every request. 
Solution: This issue is resolved. Now Universal Messaging authentication module does local validation of SAML 
Assertion instead of passing the Assertion to CTP for authentication.

______________________________________________________________________________________________________


Copyright

Copyright � 2020 Software AG, Darmstadt, Germany and/or Software AG USA Inc., Reston, VA, USA, and/or 
its subsidiaries and/or its affiliates and/or their licensors.

The name Software AG and all Software AG product names are either trademarks or registered trademarks 
of Software AG and/or Software AG USA Inc. and/or its subsidiaries and/or its affiliates and/or their 
licensors. Other company and product names mentioned herein may be trademarks of their respective owners.

Detailed information on trademarks and patents owned by Software AG and/or its subsidiaries is located at 
http://softwareag.com/licenses.

This software may include portions of third-party products. For third-party copyright notices, license 
terms, additional rights or restrictions, please refer to "License Texts, Copyright Notices and Disclaimers 
of Third Party Products". For certain specific third-party license restrictions, please refer to section E 
of the Legal Notices available under "License Terms and Conditions for Use of Software AG 
Products / Copyright and Trademark Notices of Software AG Products". These documents are part of the product 
documentation, located at http://softwareag.com/licenses and/or in the root installation directory of the 
licensed product(s).