SR-D23239 · Issue 499591
Support added for multi-operator SAML logins
Resolved in Pega Version 8.4
When a SAML user logged in by Single Sign-On (SAML), the system processed the login to portal as a different operator if there was a function on the Attribute field under Operator identification in the SAML authentication service. In this scenario, using an expression for operator provisioning did not work because all SAML login sessions resolved to same first operator due to parseAndEvaluateExpression() in ExpressionHelper.java ignoring new expression arguments if the expression page already existed. To support the use of multiple operator logins in this format, the system has been updated to clone a new expression page for every session and update it with the correct expression arguments.
SR-D31734 · Issue 515657
XSS protection added for parameter page properties
Resolved in Pega Version 8.4
An XSS vulnerability was seen with the Edge browser when run on visibility on client check was enabled with dynamic layouts and some properties were accessed from parameter page. Because run on visibility on client check is not required in this scenario, is has been removed and the values will be accessed from the server instead.
SR-D47685 · Issue 514647
Cookie logging restored
Resolved in Pega Version 8.4
As part of security updates, Cookies were restricted from being logged. However, this caused some business use cases such as a custom function call to obtain the list of cookies that are present in the application to stop working. To resolve this, the cookie logging restriction has been reverted.
INC-199790 · Issue 700646
GetAllEmailWork temp page renamed to avoid conflict
Resolved in Pega Version 8.6.4
The default Email manager portal was not displaying new email triage cases. Investigation showed that because the GetAllEmailWork and CaseBreadCrumbPopulate activities were using a common name for the clipboard page "TempPage", when CaseBreadCrumbPopulate removed the TempPage clipboard page as one of its steps a null pointer exception occurred for GetAllEmailWork. To resolve this, an update has been made to rename "TempPage" to "TempPageET" for GetAllEmailWork so the names will not conflict.
INC-211417 · Issue 711611
Updated URL construction for inline images for better performance
Resolved in Pega Version 8.6.4
System slowness was seen, and inline images were not getting displayed when the case was opened. This has been resolved by modifying pyExtractHtmlFromAttachment to ensure the image source URL is built in a consistent way whether or not there is a cache to call from.
INC-212549 · Issue 706074
HTML attachments conditionally shown in email listener cases
Resolved in Pega Version 8.6.4
When Rich text/html (non-plain text) emails were ingested in email, the original mail was not getting added to the case. Investigation showed that the pzCreateTriageWork activity had an explicit delete step to remove any attachment that started with 'email-content'. Since the HTML attachment name starts with 'email-content', it was deleted in above activity. This has been resolved by adding an update to conditionally show email-content.html.
INC-214294 · Issue 710826
PopulateEmailClientWorkFilter correctly resolves field value
Resolved in Pega Version 8.6.4
The first item in the Email manager queue selection dropdown was 'DefaultWorklist', instead of 'Default worklist' or other formatted text. Investigation showed the New Page was not created for the temp results in pzPopulateEmailClientWorkFilter Activity, preventing it from resolving the customized/available field values, and this has been resolved.
INC-214367 · Issue 708410
Handling added for infinite loop in GetEmailConversations
Resolved in Pega Version 8.6.4
An infinite loop issue where a clipboard page was repeatedly added to a page list in pxGetEmailConversations was causing an out of memory condition that resulted in unavailable nodes. This has been resolved by adding boundary conditions to avoid a loop, and a fail-safe mechanism to exit an infinite loop if one does occur.
INC-214836 · Issue 709759
Handling added for infinite loop in GetEmailConversations
Resolved in Pega Version 8.6.4
An infinite loop issue where a clipboard page was repeatedly added to a page list in pxGetEmailConversations was causing an out of memory condition that resulted in unavailable nodes. This has been resolved by adding boundary conditions to avoid a loop, and a fail-safe mechanism to exit an infinite loop if one does occur.
INC-164432 · Issue 696294
Global obfuscation key initialized on first requestor call
Resolved in Pega Version 8.6.4
When using URLEncryption = true and SubmitObfuscatedURL = optional, attempting to export an Excel spreadsheet resulted in the error "Invalid character found in the request target". This was traced to the variable pega.d.globalobfuscateKey having a null value which was then converted to a byte array and decoded, generating improper characters in the URL. After a browser refresh, the correct value was set in pega.d.globalobfuscateKey and the export worked as expected. To resolve this, an update has been made to initialize the key on the very first call in PRRequestorImpl when the global obfuscation key is determined to be NULL instead of initializing the global obfuscation key by on-demand basis from HTTPAPI.