SR-D32972 · Issue 513488
HTML entity handling added to URLObfuscation
Resolved in Pega Version 8.2.5
When URLObfuscation was enabled through the configuration settings, clicking on Operator -> Profile page generated an ArrayIndexOutOfBoundException. When obfuscation is used the decrypted string is parsed and the request map is populated, but HTML entities were not considered during this process. To resolve this, handling has been added for HTML entities and characters during obfuscation. Please note: URL Obfuscation is a legacy feature with many known limitations and it is no longer recommended that these settings be used.
INC-170514 · Issue 653762
Lock conflict resolved for AssignmentCheck
Resolved in Pega Version 8.7
The error "Unable to unlock this work object" sporadically appeared in both the runtime log and Pega RULES log when the robot was trying to create a case in Pega using an API call. Investigation showed that as the case was created, it was pulled by another robot (another requestor) which was using the GetAssignments API. This caused the perform assignment check to fail. To resolve this, a 'when' rule has been added to the performAssignmentCheck Activity.
INC-146429 · Issue 602290
Disabled control status made accessible to JAWS
Resolved in Pega Version 8.5.2
When using the Security Event Configuration page (tab) within Pega Dev Studio, the link elements used for 'Select All', 'Clear', 'ON' and 'OFF' were not providing the current State of the element to JAWS. In template rendering of Link control with a 'disable when' condition (server-side evaluation), when the control is disabled it was still accessible and screen readers were not reading the link as disabled. This has been resolved by adding tabindex="-1" and aria-disabled="true" for disabled Link control.
INC-193561 · Issue 680427
Client secret made optional for JWT Bearer Grant type
Resolved in Pega Version 8.7
After update, trying to connect a REST API using OpenAM as the provider for OAuth and using JWT Bearer as Grant type was resulting in an error indicating the request was not reaching the destination. This was traced to the client secret being designated a mandatory field when it should be optional in this case as the required key store was already configured with a JWT token profile. To resolve this, an update has been made which will make the client secret optional when the authentication scheme is JWT Bearer. In addition, the blank value caused a null pointer error when the client secret was not passed. This has been handled with a check.
INC-222107 · Issue 732995
Trim added to refresh token request to handle extra spaces
Resolved in Pega Version 8.8
The request was failing when attempting to obtain an access token using refresh token when the previous access token was expired. This issue was due to an extra space in the scope in AuthenticationServiceOIDCSource.java, which has been corrected with an update which will trim the scope.
INC-140821 · Issue 600749
Resolved Intermittent Access Group Issue for GetBundleEventDecisionDetails
Resolved in Pega Version 8.5.2
When using a REST service that calls the GetBundleEventDecisionDetails activity and dataflow to send the treatment in multiple channels, intermittent access issue related errors appeared while running the activity in logs for multiple customers. This was traced to a missed use case for authentication, and has been resolved.
INC-177665 · Issue 662020
Security updated to allow Access group switching
Resolved in Pega Version 8.7
When a member of two different access groups attempted to switch from one group to another, an "access denied" message occurred. This was traced to the use of BAC, and has been resolved by updating the pzProcessApplicationSwitch activity to use the pzEncryptURLActionString function to register the request.
INC-186868 · Issue 675245
Security updated to allow Access group switching
Resolved in Pega Version 8.7
When a member of two different access groups attempted to switch from one group to another, an "access denied" message occurred. This was traced to the use of BAC, and has been resolved by updating the pzProcessApplicationSwitch activity to use the pzEncryptURLActionString function to register the request.
INC-176205 · Issue 655938
Secure shared link generation added to scheduled reports
Resolved in Pega Version 8.7
When a scheduled report with a link was sent in email, clicking the link displayed an access denied message. To support this use, logic has been added to pytaskoutputprocessor in the pega-scheduledtask-reporting and pega-scheduledtask classes that will create a secure encrypted URL using the PublicLinkURL function.
INC-229967 · Issue 735962
Number control decimal formatting triggered on tabout
Resolved in Pega Version 8.8
When using the pxNumber control in a section, decimal formatting for input of fewer than 4 digits was not executing unless a post call to the server was triggered. This has been resolved by adding a condition check to format value when there is input of length greater than 0.