INC-192464 · Issue 681751
PackageComponent updated for use with repositories
Resolved in Pega Version 8.7
Exporting a zip file created by the Component wizard to a repository resulted in an error, however the same process worked as expected when the zip file was created by the Product wizard. Investigation showed that pxPackageComponent was not kept up to date with new metadata requirements for Artifactory export. This has been resolved by modifying pxPackageComponent step 7 to set Param.ArtifactType to "component" and Param.ArtifactName to [component name]_[component version]. A privilege check has also been added to zipMoveExport.
INC-192833 · Issue 678115
New Application Wizard will default to existing work groups if none are created
Resolved in Pega Version 8.7
When using the new application wizard to create a new application, the new app API replaces the old work pools with the newly generated ones. If the new application configuration was done in such a way that classes are not generated due to reusing existing classes, access groups were being generated with empty work pools. To resolve this, the system has been updated to use the existing work pools if the new app didn't generate new work pools.
INC-193289 · Issue 679210
Security updated for @baseclass
Resolved in Pega Version 8.7
After update, searching for a baseclass 'when' rule returned no results. Listing the rules under baseclass in App Explorer resulted in the error "Applies To: The Class with key value(s) %40baseclass does not exist". This was an unintended side effect of security updates, and has been resolved by creating an exception path for "@baseclass".
INC-194227 · Issue 679897
New Application wizard disabled or enabled correctly
Resolved in Pega Version 8.7
The New Application wizard was disabled with the error message: "Application creation is disabled as the current operator is in invalid state". This was traced to edits made to the Operator page which caused the new app wizard to not be shown due to failed validation. To resolve this, an update has been added which will refresh the operator page on click of the menu so the New Application wizard is disabled or enabled correctly.
INC-157095 · Issue 638808
Enhancement added for tenant-level authentication
Resolved in Pega Version 8.7
In a multi-tenant PDC with a few tenants that utilize their own custom SSO, a pre-authentication activity inside a tenant that should block community access was also affecting tenants that did not have that pre-auth activity set. This was a missed use case and has been resolved by adding a tenantId hash in SchemePRAuth.makeUniqueSchemeName() to create the authServiceName.
INC-162434 · Issue 640051
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-163201 · Issue 646910
BrowserFingerprint updated
Resolved in Pega Version 8.7
Security improvements have been added to the browser fingerprint process.
INC-163914 · Issue 668846
Improved Agile Studio passivation recovery
Resolved in Pega Version 8.7
When an Agile Studio session was passivated, the error "SECU0008 : CSRF Detected and Blocked" was seen. Reactivating the session resulted in a blank page. This was traced to the clearing of requestor level registrations added for that particular thread, and has been resolved by adding a new flag to identify if a thread is passivated along with the necessary structure for the conditionalized clearing of requestor level registrations based on this flag.
INC-164336 · Issue 634151
URL validation updated to handle custom token endpoints
Resolved in Pega Version 8.7
While saving an authentication profile with OAuth details, validation was failing for a valid URL given in the access token endpoint and revoke token endpoint fields. This was traced to the use of the Apache URL validator, which considered some domains to be invalid. To resolve this, the urlvalidator constructor has been updated to include a custom RegexValidator for access token and refresh token URLs.
INC-168837 · Issue 646972
CSRF token updated for use with OKTA login
Resolved in Pega Version 8.7
An issue seen while connecting via OKTA has been resolved by updating the CSRF token validation for use with IDP initiated SSO login.