The Password View Request (PVR) Delete Interval Days parameter on the Settings > Credential Manager page is set to 60. But there are many PVRs visible on the Credentials > Workflow > All Requests page that are much older and do not go away.
Affects PAM releases up to 4.1.6
PAM failed to remove old PVRs when the user initiating the request was removed from PAM before the PVR age reached the configured Delete Interval Days value. The tomcat log shows NullPointer exceptions once a day for each old entry similar to the following:
2023-11-21T22:12:40.621+0000 SEVERE [PasswordViewRequestProcessor] com.cloakware.cspm.server.app.impl.ApplicationContextImpl.invokeCommand ApplicationContext.invokeCommand(Commandrequest, Transaction) exception:null
java.lang.NullPointerException
at com.cloakware.cspm.server.app.impl.UpdatePasswordViewRequestCmd.invoke(UpdatePasswordViewRequestCmd.java:232)
...
The problem is expected to be resolved in future releases starting with 4.1.7 and 4.2.