SR-D23239 · Issue 499591
Support added for multi-operator SAML logins
Resolved in Pega Version 8.4
When a SAML user logged in by Single Sign-On (SAML), the system processed the login to portal as a different operator if there was a function on the Attribute field under Operator identification in the SAML authentication service. In this scenario, using an expression for operator provisioning did not work because all SAML login sessions resolved to same first operator due to parseAndEvaluateExpression() in ExpressionHelper.java ignoring new expression arguments if the expression page already existed. To support the use of multiple operator logins in this format, the system has been updated to clone a new expression page for every session and update it with the correct expression arguments.
SR-D31734 · Issue 515657
XSS protection added for parameter page properties
Resolved in Pega Version 8.4
An XSS vulnerability was seen with the Edge browser when run on visibility on client check was enabled with dynamic layouts and some properties were accessed from parameter page. Because run on visibility on client check is not required in this scenario, is has been removed and the values will be accessed from the server instead.
SR-D47685 · Issue 514647
Cookie logging restored
Resolved in Pega Version 8.4
As part of security updates, Cookies were restricted from being logged. However, this caused some business use cases such as a custom function call to obtain the list of cookies that are present in the application to stop working. To resolve this, the cookie logging restriction has been reverted.
SR-D49537 · Issue 521112
Embedded Pega Chat error resolved
Resolved in Pega Version 8.2.6
A cross-origin frame error was shown when the Pega Chat Window was embedded in a non-Pega page. Investigation traced the issue to code that was accessing the top/parent window, and which failed when used in a mashup scenario. This has been resolved with a try/catch block to wrap the code and handle scenarios where the
SR-D49782 · Issue 518048
Extension point added for ClearInteraction to support custom interactions
Resolved in Pega Version 8.2.6
In order to support clearing a custom interaction page after clicking the "Reset" button on preview console, an extension point has been added to pyClearInteraction.
SR-D57865 · Issue 520963
Added property check for outbound templated email reply
Resolved in Pega Version 8.2.6
When a template was used for the first time for outbound correspondence, email was generated correctly. If the same template was used as the content for reply, the generated email skipped all styles. This was traced to a missing property check, and has been resolved.
SR-D63638 · Issue 544016
Performance improvements for opening cases with embedded images
Resolved in Pega Version 8.2.6
Opening cases containing email interactions was taking an excessive amount of time. This was traced to the use of embedded images, icons, etc, in the message body and signature, and was caused by the pyGetAttachmentsbyCID activity running multiple times due to discussion threads that were duplicated over and over. In some cases, more than 360 calls to the database were seen. This has been resolved by shifting some case opening processes to executing when the listener thread gets the mail, and storing the results in a .pynote property, and a URL will be used to get images instead of embedding them directly to the HTML. If preferred, this can be reverted to the previous behavior by changing the when rule (pyUseCachedHtmlForDisplay) to false.
SR-D31734 · Issue 515656
Cross-site scripting protection added for parameter page properties
Resolved in Pega Version 8.2.6
An Cross-site scripting vulnerability was seen with the Edge browser when run on visibility on client check was enabled with dynamic layouts and some properties were accessed from parameter page. Because run on visibility on client check is not required in this scenario, is has been removed and the values will be accessed from the server instead.