INC-220663 · Issue 724471
BIX -J usage for DST can be used in Pega 7 mode
Resolved in Pega Version 8.8
After upgrade, there was a difference in the handling for a time zone with DST when executing a BIX extraction rule through command line arguments like -J with short form. In Pega 8.5+, -J CST6CDT always displays Date time to CDT; In Pega 7, -J CST6CDT displays Data Time based on CST or CDT (i.e. before daylight savings or not). This was due to changes made to set the time zone to address a different issue. While there is a workaround of using -J America/Los_Angeles, modifications have been made to support DST in the PEGA 7 format while running the BIX extraction rule from command line or with a "pxExtractDataWithArgs" activity with "-J" option.
INC-217974 · Issue 715428
Handling added BIX extraction failure when called from custom activity
Resolved in Pega Version 8.8
After update, BIX extraction was failing but email from the schedulers indicated success. Investigation showed that when extract was called from a custom activity by calling pxExtractDataWithArgs, the stepStatusFail 'when' rule in the custom activity was not capturing all the exceptions specific to database extracts. This has been resolved by adding the necessary handling.
SR-C86607 · Issue 436441
getProperty API updated to use the pega.ctx.dom API for get element by name
Resolved in Pega Version 8.2.2
When multiple tasks (S- Cases) were added from an interaction (I- Case) and the Service Cases had three auto complete controls which were sourced by parameterized data pages, it was expected that upon selection of the first auto complete, the second and third auto complete values would be populated. However, parameters passed to the Data Pages from the second and third S- Cases, had the same value as the first S- Case even though the clipboard was correct. Investigation showed that with MDC, the pega.util.dom API was failing to get the correct dom element and the needed data pages were not called. This has been corrected by updating the getProperty API to use the pega.ctx.dom API instead of the ega.util.dom API to get element byname.
INC-173725 · Issue 656480
Logic updated for DX API retrieving View/Action ID using embedded property
Resolved in Pega Version 8.7
While calling the DX API using Assignment ID and action ID, a 500 error response was logged indicating that the server encountered an unexpected condition that prevented it from fulfilling the request. Investigation traced this to the logic used for resolving an embedded property referenced in a control/field to identify the correct page class. In a non-work object context for flow actions the new assign page doesn't exist, but the system was checking for it and clearing off errors from the named page. This has been corrected.
INC-215343 · Issue 711143
Security updates
Resolved in Pega Version 8.8
Security updates have been made relating to rulesets using allow lists, checks for Java code injections, SAML-based SSO code, and supporting SFTP as part of the validation in the pxValidateURL rule.
SR-D2296 · Issue 436877
Enhancement added to support multiple security certificates
Resolved in Pega Version 8.2.2
When importing IDP metadata, the only the last verification certificate was imported if there were multiple certificates. This caused SAML SSO signing failures in some cases. Support has now been added for importing multiple certificates to enhance encryption security.
INC-176274 · Issue 666390
Timeout check added to authorization to preserve portal context
Resolved in Pega Version 8.7
When using SAML SSO Authentication Service with "Use access group timeout" and "Redirect to IDP login after logout" selected and "Force authentication" not selected, manually logging out correctly returned the view to the custom SSO login page but the timeout logout returned the default Pega login page as if SSO was not in use. Analysis showed there was a "Failed to open portal" error after doing some action post timeout, and this was traced to pyPortal page not having a value. Investigation showed this was blank due to the creation of new thread while the requestor state was perceived as unauthenticated because of the timeout. To resolve this, a timeout check has been added to the following: Authorization#setActiveAccessGroup(java.lang.String, boolean, boolean, java.util.Map) BasicApplicationContextImmutableImpl#applyApplicationProperties
INC-151253 · Issue 607624
Hash comparisons adjusted for upgraded sites
Resolved in Pega Version 8.5.2
Existing Pega Diagnostic Cloud SSO URLs were not working after upgrade. This was traced to the previous tenant hash (or AG hash) having padding characters like ‘(’ which are no longer used in higher versions. This caused the tenant hash comparison during the SAML login flow to fail. To resolve this, the system will not compare an incoming tenant hash (in relay state) with a current platform tenant hash, but instead will rely on the “/!” pattern to identify the tenant hash in the relay state.
SR-D3556 · Issue 444612
Requestor.OperatorID page updated to stay in sync with current OperatorID to enable post-Auth activity mapping
Resolved in Pega Version 8.2.2
The systems pages were not getting updated to the right operator's context when a post-Auth activity was used for mapping. To support this use, the UpdateOperatorID trigger has been updated to keep the pxRequestor.OperatorID page in sync with the current operatorID page during SAML. The operator will also be saved during provisioning.
INC-157095 · Issue 638808
Enhancement added for tenant-level authentication
Resolved in Pega Version 8.7
In a multi-tenant PDC with a few tenants that utilize their own custom SSO, a pre-authentication activity inside a tenant that should block community access was also affecting tenants that did not have that pre-auth activity set. This was a missed use case and has been resolved by adding a tenantId hash in SchemePRAuth.makeUniqueSchemeName() to create the authServiceName.