INC-182827 · Issue 691528
URL security updated
Resolved in Pega Version 8.6.4
Security has been updated for URL tampering defense and Rule Security Mode.
INC-209298 · Issue 704141
Added security tokens to Worklist assignment error wizard
Resolved in Pega Version 8.6.4
After enabling CSRF, moving to 'Configure -> Case Management -> Tools -> Work Admin -> Worklist assignment errors' and then selecting a record and clicking on 'Delete' resulted in a '403 Forbidden' error. This has been resolved by adding CSRF and fingerprint tokens as part of the form data.
INC-211426 · Issue 706061
UI and code changes to support Client Assertion in Open ID Connect
Resolved in Pega Version 8.6.4
In order to support private_key_jwt, an enhancement has been added which will pass the “Client ID” and “Client assertion” (in the form of a signed JWT) as part of the authorization code grant flow for an IDP-initiated SSO. The Authorization Server will then authenticate Pega (the client) to verify the signature and payload of assertion by retrieving the public key via Pega’s JWKS endpoint.
INC-215343 · Issue 711141
Security updates
Resolved in Pega Version 8.6.4
Security updates have been made relating to rulesets using allow lists, checks for Java code injections, SAML-based SSO code, and supporting SFTP as part of the validation in the pxValidateURL rule.
INC-185824 · Issue 676630
Corrected filtered column list sorting in Report Browser
Resolved in Pega Version 8.6.5
Sorting was not working in Report Browser for a column list when a filter category was selected. This has been resolved by modifying the pzReportListSort activity to set the correct parameters in step-1 and setting pzSetCategoryParam to retain the sortTitle parameter in step 1 with an added step -2 to call the pzReportListSort activity.
INC-205464 · Issue 721607
Performance improvements for KYC query
Resolved in Pega Version 8.6.5
The GetApplicationKYCTypes report definition was exceeding the default maximum elapsed time of 30 seconds, causing all cases which were part of the due diligence milestone in Client Lifecycle Management framework to be auto-completed. This has been resolved by improving the KYC Items query logic by removing mergeJoin and adding HashJoin Hints.
INC-210837 · Issue 707179
DateTime property correctly formatted in Report Editor
Resolved in Pega Version 8.6.5
When a list report was created via the Report Editor, dragging and dropping a date time property which was embedded inside another page and choosing the format as Date and Time resulted in the property taking pxTextInput instead of pxDateTime. This has been resolved by updating the pzMergeAutoGenForProp activity to get the correct class name for embedded page properties.
INC-211590 · Issue 711018
Auto-complete and calendar popover alignment corrected
Resolved in Pega Version 8.6.5
An issue with the container alignment of the auto-complete and calendar dropdown popovers has been resolved by removing styling in the pyReportEditorStyling .css which was causing the issue.
INC-212157 · Issue 721532
Report filter values correctly displayed
Resolved in Pega Version 8.6.5
The data page name was being displayed in report filters instead of actual values. This was traced to a missing step in the activity pzResolveCopyFilters which was needed to get the data page values in the report filter prompt, and has been resolved.
INC-215062 · Issue 722019
Removed ORDER BY clause duplication when using MSSQL
Resolved in Pega Version 8.6.5
After updating from Pega 8.4 to Pega 8.7, executing the query for the report definition generated the error "SQLServerException: Incorrect syntax near the keyword 'ORDER'." Investigation showed the ORDER BY clause was added to the Native SQL query from the standard dataflow background task and from the native SQL API as well when using an MSSQL database. This has been resolved by adding changes to restrict the order by clause if the SQL query has order by clause already for MSSQL.