SR-D23239 · Issue 499591
Support added for multi-operator SAML logins
Resolved in Pega Version 8.4
When a SAML user logged in by Single Sign-On (SAML), the system processed the login to portal as a different operator if there was a function on the Attribute field under Operator identification in the SAML authentication service. In this scenario, using an expression for operator provisioning did not work because all SAML login sessions resolved to same first operator due to parseAndEvaluateExpression() in ExpressionHelper.java ignoring new expression arguments if the expression page already existed. To support the use of multiple operator logins in this format, the system has been updated to clone a new expression page for every session and update it with the correct expression arguments.
SR-D31734 · Issue 515657
XSS protection added for parameter page properties
Resolved in Pega Version 8.4
An XSS vulnerability was seen with the Edge browser when run on visibility on client check was enabled with dynamic layouts and some properties were accessed from parameter page. Because run on visibility on client check is not required in this scenario, is has been removed and the values will be accessed from the server instead.
SR-D47685 · Issue 514647
Cookie logging restored
Resolved in Pega Version 8.4
As part of security updates, Cookies were restricted from being logged. However, this caused some business use cases such as a custom function call to obtain the list of cookies that are present in the application to stop working. To resolve this, the cookie logging restriction has been reverted.
INC-127591 · Issue 564818
isAuthenticated checks trimmed for Performance Improvement
Resolved in Pega Version 8.2.7
In order to improve performance, a duplicate check of pxIsRepositoryAuthenticated has been removed from the Function Rule.
INC-127859 · Issue 564619
Email image retrieval switched to Lazy Load
Resolved in Pega Version 8.2.7
In email, multiple images being loaded at once resulted in a performance impact. To resolve this, the fetching of inline images has been modified to use Lazy Load optimization which will retrieve file content from S3 storage on a need basis.
INC-127891 · Issue 564726
Added check for redirects when getting images from S3
Resolved in Pega Version 8.2.7
When retrieving images from S3 storage, a 303 redirect status response code was shown. Investigation showed that using a public URL caused the redirects, and this has been resolved by adding an AG hash while fetching images via an activity.
SR-D87412 · Issue 563227
Support added for multi-language email parsing
Resolved in Pega Version 8.2.7
Parsing an email body for different languages was causing performance issues. To resolve this, an enhancement has been added to support email IVA in seven languages, to use this, override the Work-Channel-Triage.pyParseReplyMail activity and add the required languages in the given parameter.
SR-D90459 · Issue 552661
Improved handling for attachments not using UTF-8 encoding
Resolved in Pega Version 8.2.7
When an email was received that used a charset encoding other than UTF-8, special characters in the HTML body were not displayed and instead the replacement character was shown. To resolve this, the system will read the encoding from the email rather than use the meta tag, and will add the attachment's HTML encoding information in Data-WorkAttach-File so that the same can be used to process and display the original HTML properly.
SR-D92688 · Issue 551340
Optional feature to improve pxETReport performance
Resolved in Pega Version 8.2.7
Poor performance was seen when using pxETReport. This was caused by the system loading the recent cases widget by looking up all the ET cases within last 30 days, opening each ET case to check if it is from the same pyFrom email address, and then if yes, opening its related service case. On a complex system, this was potentially a slow process. To improve performance, the "Related cases" feature can now be disabled through an overridable 'when' rule.
INC-118838 · Issue 560691
OKTA receives parameters on logout
Resolved in Pega Version 8.2.7
When using an OIDC logout endpoint with a parameter set as a data page value, the data page retrieved the ID Token from the DB, but when logout was clicked the datapage name was being displayed in the browser instead of the IDToken. To resolve this, code has been added to support sending ID token parameters for logoff endpoint for OKTA logoff using OpeniD connect.