INC-182827 · Issue 691528
URL security updated
Resolved in Pega Version 8.6.4
Security has been updated for URL tampering defense and Rule Security Mode.
INC-209298 · Issue 704141
Added security tokens to Worklist assignment error wizard
Resolved in Pega Version 8.6.4
After enabling CSRF, moving to 'Configure -> Case Management -> Tools -> Work Admin -> Worklist assignment errors' and then selecting a record and clicking on 'Delete' resulted in a '403 Forbidden' error. This has been resolved by adding CSRF and fingerprint tokens as part of the form data.
INC-211426 · Issue 706061
UI and code changes to support Client Assertion in Open ID Connect
Resolved in Pega Version 8.6.4
In order to support private_key_jwt, an enhancement has been added which will pass the “Client ID” and “Client assertion” (in the form of a signed JWT) as part of the authorization code grant flow for an IDP-initiated SSO. The Authorization Server will then authenticate Pega (the client) to verify the signature and payload of assertion by retrieving the public key via Pega’s JWKS endpoint.
INC-215343 · Issue 711141
Security updates
Resolved in Pega Version 8.6.4
Security updates have been made relating to rulesets using allow lists, checks for Java code injections, SAML-based SSO code, and supporting SFTP as part of the validation in the pxValidateURL rule.
INC-137009 · Issue 581892
Ad hoc reports saved successfully in private categories
Resolved in Pega Version 8.5.1
After upgrade, an error was seen when attempting to save an ad hoc report in a private category. Saving in a public category worked as expected. This was traced to the Rule-Shortcut.Validate activity, which attempted to use the Rule-Shortcut's RuleSet to find the Rule-Category. To resolve the saving issue, the Rule-Shortcut.Validate activity has been updated to do an Obj-Open on the Category instead.
INC-136643 · Issue 583367
Orphaned CSS reference removed from DisplayReport harness
Resolved in Pega Version 8.5.1
An intermittent invalid CSS error was appearing in the DisplayReport harness when an operation resulted in the regeneration of the harness content. This was traced to a reference to the workform_pyReportingSkin CSS, which was used in old reporting features and is not in use anymore. The reference has been removed to resolve this issue.
INC-131942 · Issue 574321
Orphaned CSS reference removed from DisplayReport harness
Resolved in Pega Version 8.5.1
An intermittent invalid CSS error was appearing in the DisplayReport harness when an operation resulted in the regeneration of the harness content. This was traced to a reference to the workform_pyReportingSkin CSS, which was used in old reporting features and is not in use anymore. The reference has been removed to resolve this issue.
INC-135719 · Issue 580691
Corrected reference exception for filter on a grid sourced from a parameterized report definition
Resolved in Pega Version 8.5.1
An Invalid Reference Exception was thrown after attempting to apply a filter on a grid sourced from a parameterized report definition. This was traced to work done to allow cross-scripting filters to allow filters to contain special characters, and has been resolved.
INC-137317 · Issue 585402
Security improved for searches
Resolved in Pega Version 8.5.1
Authentication requirements have been added to activities associated with searching.
INC-125641 · Issue 573384
Column Filter working with class join
Resolved in Pega Version 8.5.1
When a class join was configured in the report definition and the report was edited to include new columns from the joined class, a "Filter condition invalid" error appeared in the tracer after adding a filter condition to a new column. This was only observed when the property added was a decimal property, and did not happen for a text property. The filter worked as expected after re-saving the property in the report definition in Designer Studio. This was traced to the data type being passed as "DECIMAL" for decimal fields, which did not match the logic used to set the filter value, and has been resolved.