INC-175897 · Issue 655466
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-200299 · Issue 689561
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
SR-B82203 · Issue 342014
Empty hidden elements stripped when AAR proxy in use
Resolved in Pega Version 7.4
When using IIS WebServer and AAR proxy configuration with high security settings, submitting a form through Microsoft Internet Explorer with hidden input fields that did not have a name attribute resulted in a blank parameter name and value being added. This formed an invalid request that returned a HTTP 200 with no error message. Because Microsoft Internet Explorer does not ignore elements which have empty names, the code has been updated to remove name attributes on pycustomerrorsection hidden elements.
SR-C757 · Issue 343486
Empty hidden elements stripped when AAR proxy in use
Resolved in Pega Version 7.4
When using IIS WebServer and AAR proxy configuration with high security settings, submitting a form through Microsoft Internet Explorer with hidden input fields that did not have a name attribute resulted in a blank parameter name and value being added. This formed an invalid request that returned a HTTP 200 with no error message. Because Microsoft Internet Explorer does not ignore elements which have empty names, the code has been updated to remove name attributes on pycustomerrorsection hidden elements.
SR-B79734 · Issue 344352
Summary report count fixed when using filter prompt
Resolved in Pega Version 7.4
The summary data count was not getting updated in a report unless the "Prompt for filter changes before displaying report" option on Report Viewer tab (Actions -> Refresh) was unchecked. This was an error in the refresh code related to the display prompt filter check and has been corrected.
SR-C2920 · Issue 344845
Summary report count fixed when using filter prompt
Resolved in Pega Version 7.4
The summary data count was not getting updated in a report unless the "Prompt for filter changes before displaying report" option on Report Viewer tab (Actions -> Refresh) was unchecked. This was an error in the refresh code related to the display prompt filter check and has been corrected.
INC-195511 · Issue 693220
Check added for child join class when using ABAC
Resolved in Pega Version 8.6.3
When a join was applied on a report definition and the same join class had a child class to which ABAC was applied (for some property eg., isABC), an "invalidreference" exception (isABC) was generated. This was traced to the system taking into account the child class of the join class while running the report, and has been resolved by adding a check to handle this scenario.
INC-168837 · Issue 646972
CSRF token updated for use with OKTA login
Resolved in Pega Version 8.7
An issue seen while connecting via OKTA has been resolved by updating the CSRF token validation for use with IDP initiated SSO login.
SR-B84336 · Issue 332037
onOnlineDetected use matches documentation
Resolved in Pega Version 7.4
iOS11 was failing the first login attempt. Documentation for the addListener method in pzPega_offline_datasync rule lists 'onOnlineDetected' as optional, but when the listener was added without onOnlineDetected the console.error occurred. This was originally a documentation error where the rule was incorrectly given as optional even though the event handlers always assumed onOnlineDetected was defined, but as there are reasons to support this use the system has been updated this so onOnlineDetected is truly optional now.
INC-192464 · Issue 681751
PackageComponent updated for use with repositories
Resolved in Pega Version 8.7
Exporting a zip file created by the Component wizard to a repository resulted in an error, however the same process worked as expected when the zip file was created by the Product wizard. Investigation showed that pxPackageComponent was not kept up to date with new metadata requirements for Artifactory export. This has been resolved by modifying pxPackageComponent step 7 to set Param.ArtifactType to "component" and Param.ArtifactName to [component name]_[component version]. A privilege check has also been added to zipMoveExport.