SR-D54120 · Issue 542260
Improved handling for attachments not using UTF-8 encoding
Resolved in Pega Version 8.4.1
When an email was received that used a charset encoding other than UTF-8, special characters in the HTML body were not displayed and instead the replacement character was shown. To resolve this, the system will read the encoding from the email rather than use the meta tag, and will add the attachment's HTML encoding information in Data-WorkAttach-File so that the same can be used to process and display the original HTML properly.
SR-D54120 · Issue 541353
Improved handling for attachments not using UTF-8 encoding
Resolved in Pega Version 8.4.1
When an email was received that used a charset encoding other than UTF-8, special characters in the HTML body were not displayed and instead the replacement character was shown. To resolve this, the system will read the encoding from the email rather than use the meta tag, and will add the attachment's HTML encoding information in Data-WorkAttach-File so that the same can be used to process and display the original HTML properly.
SR-D75636 · Issue 549349
Improved handling for attachments not using UTF-8 encoding
Resolved in Pega Version 8.4.1
When an email was received that used a charset encoding other than UTF-8, special characters in the HTML body were not displayed and instead the replacement character was shown. To resolve this, the system will read the encoding from the email rather than use the meta tag, and will add the attachment's HTML encoding information in Data-WorkAttach-File so that the same can be used to process and display the original HTML properly.
SR-D78274 · Issue 544094
Handling added for dual privileges with MSSQL
Resolved in Pega Version 8.4.1
After setting up dual privileges, the Admin user was able to create a table but the base user received an "insufficient privileges" error. Investigation showed this was an issue when using MSSQL: the generated grant statements used the server login name as the user in the grant statement, instead of the database user. For all other databases, the username passed into the connection is the correct user to use for grants. Only MSSQL has a distinction between this connection user name (the login) and the database user, and since the login did not exist in the user table, the grant failed. To resolve this, when MSSQL is used, the system will fetch the underlying database user when determining the user for grant statement generation.
SR-D89002 · Issue 549104
SameSite cookie setting updated for pre-authentication
Resolved in Pega Version 8.4.1
In work done in previous versions to modify the SameSite cookie handling to support Mashups in Google Chrome v80+, SameSite was set to None only in case of an authenticated Pega-RULES cookie and not for a Pre-authenticated cookie. That caused the Samesite value to not be set when using a pre-authenticated cookie, and the blank value was treated as 'Lax', causing a login challenge. To resolve this, Samesite will be set to 'None' when using pre-authenticated cookie, which will match the way it is being set in authenticated cookie.
SR-D63638 · Issue 544018
Performance improvements for opening cases with embedded images
Resolved in Pega Version 8.4.1
Opening cases containing email interactions was taking an excessive amount of time. This was traced to the use of embedded images, icons, etc, in the message body and signature, and was caused by the pyGetAttachmentsbyCID activity running multiple times due to discussion threads that were duplicated over and over. In some cases, more than 360 calls to the database were seen. This has been resolved by shifting some case opening processes to executing when the listener thread gets the mail, and storing the results in a .pynote property, and a URL will be used to get images instead of embedding them directly to the HTML. If preferred, this can be reverted to the previous behavior by changing the when rule (pyUseCachedHtmlForDisplay) to false.
SR-D66521 · Issue 536140
Logout Redirect updated to handle special characters in IDP parameters
Resolved in Pega Version 8.4.1
When using "HTTP Redirect" in Authentication Service, the Logout Redirect service was failing due to the query parameter name containing "_" (underscore). This was traced to IDP sending parameters to assertion consumer service or logout request endpoint with names which contained any special characters, as the system was trying to put those key values on the parameter page for additional processing. To resolve this, the system has been updated to suppress exceptions when the parameters from IDP includes special characters.
SR-D70872 · Issue 545858
Kerberos authentication parameters propagated for deployment
Resolved in Pega Version 8.4.1
Attempting to perform a deployment using Kerberos authentication to an Oracle database failed with an authentication error. This was traced to the java system properties (for example, -Dname=value) required by the Oracle JDBC driver for Kerberos authentication intermittently not being set when connections were being made to the database. When they were not being set, the connection would fail due to authentication. This has been resolved by ensuring the java system properties (-D's) that were provided to the 'custom.jvm.properties' property in the collection of deployment related *.properties files are being propagated to every part of the deployment scripts.
SR-D52604 · Issue 548062
Stream Registration deprecated and replaced
Resolved in Pega Version 8.4.1
Previously, Stream Registration, which was added as an extra layer of protection during the display of stream rules, automatically registered any streams being used in the context and checked this registry during reloadSection/reloadHarness calls to prevent Broken Access Control attacks. However, only an alert was thrown and no further action was being taken on it. With platform added support for URL Tampering, Stream Registration is no longer required and has been deprecated. The URL Tampering function has the capabilities to register for auto/non-auto rules and configure whether to display warning or reject the request for all the activities, and not just the stream rules. Note that URL Tampering will do registration/validation only when security/rejectTamperedRequests is explicitly set to true.
SR-D64523 · Issue 545672
Stream Registration deprecated and replaced
Resolved in Pega Version 8.4.1
Previously, Stream Registration, which was added as an extra layer of protection during the display of stream rules, automatically registered any streams being used in the context and checked this registry during reloadSection/reloadHarness calls to prevent Broken Access Control attacks. However, only an alert was thrown and no further action was being taken on it. With platform added support for URL Tampering, Stream Registration is no longer required and has been deprecated. The URL Tampering function has the capabilities to register for auto/non-auto rules and configure whether to display warning or reject the request for all the activities, and not just the stream rules. Note that URL Tampering will do registration/validation only when security/rejectTamperedRequests is explicitly set to true.