SR-D49537 · Issue 521112
Embedded Pega Chat error resolved
Resolved in Pega Version 8.2.6
A cross-origin frame error was shown when the Pega Chat Window was embedded in a non-Pega page. Investigation traced the issue to code that was accessing the top/parent window, and which failed when used in a mashup scenario. This has been resolved with a try/catch block to wrap the code and handle scenarios where the
SR-D49782 · Issue 518048
Extension point added for ClearInteraction to support custom interactions
Resolved in Pega Version 8.2.6
In order to support clearing a custom interaction page after clicking the "Reset" button on preview console, an extension point has been added to pyClearInteraction.
SR-D57865 · Issue 520963
Added property check for outbound templated email reply
Resolved in Pega Version 8.2.6
When a template was used for the first time for outbound correspondence, email was generated correctly. If the same template was used as the content for reply, the generated email skipped all styles. This was traced to a missing property check, and has been resolved.
SR-D63638 · Issue 544016
Performance improvements for opening cases with embedded images
Resolved in Pega Version 8.2.6
Opening cases containing email interactions was taking an excessive amount of time. This was traced to the use of embedded images, icons, etc, in the message body and signature, and was caused by the pyGetAttachmentsbyCID activity running multiple times due to discussion threads that were duplicated over and over. In some cases, more than 360 calls to the database were seen. This has been resolved by shifting some case opening processes to executing when the listener thread gets the mail, and storing the results in a .pynote property, and a URL will be used to get images instead of embedding them directly to the HTML. If preferred, this can be reverted to the previous behavior by changing the when rule (pyUseCachedHtmlForDisplay) to false.
SR-D31734 · Issue 515656
Cross-site scripting protection added for parameter page properties
Resolved in Pega Version 8.2.6
An Cross-site scripting vulnerability was seen with the Edge browser when run on visibility on client check was enabled with dynamic layouts and some properties were accessed from parameter page. Because run on visibility on client check is not required in this scenario, is has been removed and the values will be accessed from the server instead.
INC-154254 · Issue 632638
Correct Email Bot training text highlighted
Resolved in Pega Version 8.4.6
When a piece of text was selected and tagged against an entity while training the Email Bot, the entity selection was misplaced and partially covered the actual text selected. The incorrect selection was then carried forward to the training data spreadsheet. To resolve this, rule changes have been made that will update HTML entities to HTML encoded forms.
INC-175994 · Issue 667483
Removed redundant Microsoft Outlook email interaction chain
Resolved in Pega Version 8.4.6
When opening an email interaction case, the email editor user interface area showed the complete email chain of the email for every new message that came in related to the case. This was traced to the difference in the selectors that various email clients use to construct a response to an email with email history in it, and has been resolved by updating the selectors for Microsoft Outlook in pyRichTextEmailHistorySelector so no conversation is repeated when using that client.
INC-187031 · Issue 676245
Topic handling updated for behavior tab
Resolved in Pega Version 8.4.6
While submitting topics configured on the behavior tab of the chat channel, duplicate records were created and a null pointer exception was generated. Investigation showed this was due to a difference in Topic handling between the email channel and the chat channel in a modal window, and has been resolved.
INC-175706 · Issue 659527
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.4.6
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-179360 · Issue 662178
Check added for allowed editing with CSRF
Resolved in Pega Version 8.4.6
After enabling CSRF, it was not possible to edit a data table used to define ACL rules due to security preventing the adding/editing of rows and user group entitlements. This has been resolved by using browser FingerPrint validation to check whether an activity is in a secured list and skipping validation for allowed activities.