SR-D23239 · Issue 499591
Support added for multi-operator SAML logins
Resolved in Pega Version 8.4
When a SAML user logged in by Single Sign-On (SAML), the system processed the login to portal as a different operator if there was a function on the Attribute field under Operator identification in the SAML authentication service. In this scenario, using an expression for operator provisioning did not work because all SAML login sessions resolved to same first operator due to parseAndEvaluateExpression() in ExpressionHelper.java ignoring new expression arguments if the expression page already existed. To support the use of multiple operator logins in this format, the system has been updated to clone a new expression page for every session and update it with the correct expression arguments.
SR-D31734 · Issue 515657
XSS protection added for parameter page properties
Resolved in Pega Version 8.4
An XSS vulnerability was seen with the Edge browser when run on visibility on client check was enabled with dynamic layouts and some properties were accessed from parameter page. Because run on visibility on client check is not required in this scenario, is has been removed and the values will be accessed from the server instead.
SR-D47685 · Issue 514647
Cookie logging restored
Resolved in Pega Version 8.4
As part of security updates, Cookies were restricted from being logged. However, this caused some business use cases such as a custom function call to obtain the list of cookies that are present in the application to stop working. To resolve this, the cookie logging restriction has been reverted.
SR-D32991 · Issue 504129
Email Discussion Thread retains Formatting
Resolved in Pega Version 8.3.1
CSS styles were not being retained in the discussion thread when replying to InboundCorrespondence cases. This was traced to a missing value in Param.latestReply activity pzCreateExternalPostFromMail, and has been resolved by setting an initial plain text value to the param.latestReply before it is set with the HTML value. This prevents having a blank parameter value if the incoming HTML value is empty.
SR-D28342 · Issue 504970
ChatMashup loading issue with IDP resolved
Resolved in Pega Version 8.3.1
When using a harness containing chat scripts via Mashup that called an activity to set parameters, attempting to launch the Mashup from an external application failed on the first attempt: an incorrect URL was generated and the activity was not triggered, resulting in an empty harness. The second attempt to launch the Mashup worked as expected. This was seen when using an IDP initiated Login with query string - pyActivity= classname.ActivityName, and there was a workaround to use SP initiated login or to use the activity URL directly on the IDP portal. Investigation showed that the resourcePath was coming as http in SSL enabled system, but the reqURI was still https. To correct this, the system has been updated so that if the reqContextURI starts with https and the requestURL starts with http, then the requestURL will be converted to https.
SR-D23239 · Issue 499595
Support added for multi-operator SAML logins
Resolved in Pega Version 8.3.1
When a SAML user is logged in by Single Sign-On (SAML), the system processes the login to portal as a different operator if there was a function on the Attribute field under Operator identification in the SAML authentication service. In this scenario, using an expression for operator provisioning did not work because all SAML login sessions resolved to the same first operator due to parseAndEvaluateExpression() in ExpressionHelper.java ignoring new expression arguments if the expression page already existed. To support the use of multiple operator logins in this format, the system has been updated to clone a new expression page for every session and update it with the correct expression arguments.
SR-D47611 · Issue 513113
HTTPS login path issue resolved
Resolved in Pega Version 8.3.1
When using iOS, entering wrong credentials for a login with an https endpoint converted the URL to http. This was traced to a case where the resourcePath was coming as http in SSL enabled system, but the reqURI was still https. To correct this, the system has been updated so that if the reqContextURI starts with https and the requestURL starts with http, then the requestURL will be converted to https.
INC-175994 · Issue 667481
Removed redundant Microsoft Outlook email interaction chain
Resolved in Pega Version 8.6.2
When opening an email interaction case, the email editor user interface area showed the complete email chain of the email for every new message that came in related to the case. This was traced to the difference in the selectors that various email clients use to construct a response to an email with email history in it, and has been resolved by updating the selectors for Microsoft Outlook in pyRichTextEmailHistorySelector so no conversation is repeated when using that client.
INC-176881 · Issue 669701
Resource added to extract email threading code from message body
Resolved in Pega Version 8.6.2
In some scenarios the case ID was not being sent in the subject of email replies as expected, and the secure tracking code was part of the email body instead. That caused replies back to the email thread to create a new email interaction case instead of properly threading the new message into the conversation. Investigation traced this to some email clients removing space after the tracking code. To resolve this, an update has been made which will extract the tracking code from email-content html if it is found and otherwise fallback to the email body.
INC-178990 · Issue 664613
Added handling for reloading portal while ChatBot is active
Resolved in Pega Version 8.6.2
An issue was seen with UI rendering when a customer tried to reload the portal where the chatbot is deployed. Investigation showed that this was caused by the screen going to pyCreate harness instead of ChatPerform harness due tot he unexpected refresh, and has been resolved by updating the handling for the Chat Work page and the business case so that pyWorkPage is always Work-Channel-Chat.