INC-170514 · Issue 653763
Lock conflict resolved for AssignmentCheck
Resolved in Pega Version 8.6.1
The error "Unable to unlock this work object" sporadically appeared in both the runtime log and Pega RULES log when the robot was trying to create a case in Pega using an API call. Investigation showed that as the case was created, it was pulled by another robot (another requestor) which was using the GetAssignments API. This caused the perform assignment check to fail. To resolve this, a 'when' rule has been added to the performAssignmentCheck Activity.
INC-157214 · Issue 634986
Mentioned user in Pulse appears correctly
Resolved in Pega Version 8.6.1
When loading user names while using the "@" functionality in a Pulse post, adding or tagging the operator/user in Pulse by entering each letter brought up the list, but when using copy/paste it was not possible to select the desired value from the user.Suggestions list of operators/users. If by chance the user name was selected from the suggested list, the operator ID was added instead of the full name. This has been resolved.
INC-170514 · Issue 653762
Lock conflict resolved for AssignmentCheck
Resolved in Pega Version 8.7
The error "Unable to unlock this work object" sporadically appeared in both the runtime log and Pega RULES log when the robot was trying to create a case in Pega using an API call. Investigation showed that as the case was created, it was pulled by another robot (another requestor) which was using the GetAssignments API. This caused the perform assignment check to fail. To resolve this, a 'when' rule has been added to the performAssignmentCheck Activity.
INC-193561 · Issue 680427
Client secret made optional for JWT Bearer Grant type
Resolved in Pega Version 8.7
After update, trying to connect a REST API using OpenAM as the provider for OAuth and using JWT Bearer as Grant type was resulting in an error indicating the request was not reaching the destination. This was traced to the client secret being designated a mandatory field when it should be optional in this case as the required key store was already configured with a JWT token profile. To resolve this, an update has been made which will make the client secret optional when the authentication scheme is JWT Bearer. In addition, the blank value caused a null pointer error when the client secret was not passed. This has been handled with a check.
SR-D37421 · Issue 514593
Cross-site scripting security added to Marketing Offers
Resolved in Pega Version 8.1.8
Cross-site scripting protections have been added to Marketing Offers, which had a potential vulnerability when using Firefox.
INC-176205 · Issue 655939
Secure shared link generation added to scheduled reports
Resolved in Pega Version 8.6.1
When a scheduled report with a link was sent in email, clicking the link displayed an access denied message. To support this use, logic has been added to pytaskoutputprocessor in the pega-scheduledtask-reporting and pega-scheduledtask classes that will create a secure encrypted URL using the PublicLinkURL function.
INC-177665 · Issue 662020
Security updated to allow Access group switching
Resolved in Pega Version 8.7
When a member of two different access groups attempted to switch from one group to another, an "access denied" message occurred. This was traced to the use of BAC, and has been resolved by updating the pzProcessApplicationSwitch activity to use the pzEncryptURLActionString function to register the request.
INC-186868 · Issue 675245
Security updated to allow Access group switching
Resolved in Pega Version 8.7
When a member of two different access groups attempted to switch from one group to another, an "access denied" message occurred. This was traced to the use of BAC, and has been resolved by updating the pzProcessApplicationSwitch activity to use the pzEncryptURLActionString function to register the request.
INC-176205 · Issue 655938
Secure shared link generation added to scheduled reports
Resolved in Pega Version 8.7
When a scheduled report with a link was sent in email, clicking the link displayed an access denied message. To support this use, logic has been added to pytaskoutputprocessor in the pega-scheduledtask-reporting and pega-scheduledtask classes that will create a secure encrypted URL using the PublicLinkURL function.
INC-168935 · Issue 645397
CalendarGadget updated to display events in Saudi locale
Resolved in Pega Version 8.6.1
When using the pxCalendar section with the locale setting ar_SA, the calendar was correctly converted to a Saudi calendar but the events which were showing in the English version of the calendar were not showing up in in the Saudi Calendar. This was caused by the CalendarGadget page not populating properly due to the localized Hijri calendar failing a datetime check that was looking for a Gregorian calendar with time in GMT format, and has been resolved by updating the when rule "pzShouldDisplayEvent " to use the proper function for the localized calendar.