SR-D90400 · Issue 563185
Explicit parent added for descendants in subreport to correct summary
Resolved in Pega Version 8.2.8
When using a Report Definition with a Summarize column and a subreport with join class, it was not considering implementation class work objects. As a result, the prepared values were only partially computed. This was traced to the SubReport in SetQuery not having reference to a parent for the descendants classes, and has been resolved by explicitly setting the parent value.
INC-130500 · Issue 580621
Cross-site scripting protections updated for authorization
Resolved in Pega Version 8.2.8
Cross-site scripting protections have been updated for various URLs associated with authorization.
INC-132191 · Issue 582547
Option added to return to same authenticationService after SAML logoff
Resolved in Pega Version 8.2.8
An enhancement has been added which provides a check box on the Authentication Service ruleform to select the option of redirecting users back to their original authentication service screen after logoff.
INC-132209 · Issue 577001
CDK key loading modified for better database compatibility
Resolved in Pega Version 8.2.8
Users were unable to log on to the system and received the error "There has been an issue; please consult your system administrator." Investigation showed the log errors stating "(dataencryption.DataKeyProvider) ERROR localhost - Could not get CDK from systemKeyManagementCache - System CDK is null". This was an issue specific to the MS SQL Server database when there were 6 or more CDKs in the database: CDK keys are loaded from database into Cache using an SQL statement which had the ORDER clause. By default, the ORDER clause treats NULL values differently on different databases, and this caused MS SQL databases to not load a necessary CDK key. To resolve this, the SQL query has been modified so the result will be the same for all supported daatbases (Oracle, Postgres & MS SQL Server).
INC-132897 · Issue 576549
UseSSL correctly set for password reset email
Resolved in Pega Version 8.2.8
Email was not being sent as part of the password reset functionality for Agile Studio when the email account was set to use SSL. An EmailClientException was logged. This was traced to the 'forgot password' flow reading .pyUseSSL as false, and has been resolved by setting pyUseSSL from the email account page.
INC-133518 · Issue 592225
Context updated for IACAuthentication activity trace
Resolved in Pega Version 8.2.8
After upgrade, tracing the IACAuthentication activity was not working. Investigation showed that the context object had a null tracer value, which has been resolved by updating the system so the tracer runs with the correct context.
INC-134315 · Issue 578367
Resolved 400 error on second browser session
Resolved in Pega Version 8.2.8
When accessing application URLs in two tabs of a browser window, logging into the second session was throwing a 400 invalid request. This has been resolved by adding specified activities to an allow list which will bypass URLObfuscation in un-authenticated mode. Non-listed activities will be processed using URLObfuscation if it is enabled.
INC-135874 · Issue 583414
Added handling for password containing a colon on Pega Client for Windows
Resolved in Pega Version 8.2.8
If a password included a colon (:), it was possible to log in on the desktop but not Pega Client for Windows. This was due to authentication files specific to the Windows mobility client, and handling has been added to resolve the issue.
INC-137516 · Issue 592455
Invalid redirect URI logging changed from error to warn
Resolved in Pega Version 8.2.8
The Pega Mobile client was reporting an Invalid redirect URI error triggered by the OOTB AuthorizationService. This warning is not an error, and the log method has been changed form error to warn.
INC-137709 · Issue 584289
New security role added to restrict access to development-specific classes
Resolved in Pega Version 8.2.8
A new security role and related RAROs have been implemented to allow better security for end users on non-BAC systems. This restricts access to Rules and execution of activities on classes that are development-specific.