INC-144591 · Issue 601611
Oauth and beanutils jars upgraded
Resolved in Pega Version 8.4.4
The third party Oauth2 jars and commons-beanutils jar have been updated to the latest versions.
INC-144597 · Issue 598307
Updated handling for MT query of pr_data_admin table
Resolved in Pega Version 8.4.4
When using a multi-tenant environment with Oracle, as the number of users in the environment increased, the number of queries of the pr_data_admin table "WHERE pyEnableAuthService" increased exponentially and causes system slowness. This was traced to missed handling for the @ character in the authentication service cache while requesting, and has been resolved by updating authservicecache.java.
INC-145033 · Issue 599482
ForgotPassword responses made consistent
Resolved in Pega Version 8.4.4
To prevent possible exposure of valid usernames, the ForgotPassword logic has been updated so that it will show the same messages and set of screens to both valid and invalid users if a lost password request is made.
INC-146434 · Issue 602740
Accessibility added to Security Event Configuration headers
Resolved in Pega Version 8.4.4
Labels for the headers in the Security Event Configuration screen have been converted to dynamic layout headers so they will be detected by JAWS screen reader.
INC-146921 · Issue 601638
Cross-site scripting update for Dev Studio
Resolved in Pega Version 8.4.4
Cross Site Scripting (XSS) protections have been added to Developer Studio.
INC-154627 · Issue 619570
Re-enabled users are able to log in
Resolved in Pega Version 8.4.4
When disabled operators were re-enabled through operator management, the forced password change on next login was manually unchecked but the operators were unable to login because the change password screen was displayed without any password entry fields. This was a missed use case for handling the change password flag on a requestor , and has been resolved by having the system skip setting the change password on next login flag for disabled users.
INC-152776 · Issue 621244
Check added for HTML and linefeed combined in email
Resolved in Pega Version 8.5.3
In the Interaction right hand pane Email triage widget, additional line breaks were seen when displaying email message data that contained table tags. This was a missed use case for email which contains both HTML and '\n', which resulted in the system replacing '\n' with </br>. This has been resolved by adding a check whether the content has HTML tags which will avoid the replacement.
INC-156422 · Issue 617382
Updated email triage case creation to avoid unique key issue
Resolved in Pega Version 8.5.3
After upgrade, when the email listener queued the case and an agent picked up the queued item to create an Email Triage Case and then the interaction case, trying to commit the case failed with a Unique Key violation. Investigation traced this to the system trying to insert the record into the PC_WORK_TRIAGE table twice due to a timing issue in the workobject commit. This has been resolved.
INC-150317 · Issue 625883
Certificate updates handled across nodes
Resolved in Pega Version 8.5.3
An SSL handshake exception was occurring when running a Connect-REST call automatically from the flow as a background process on a background processing node. The same Connect-REST worked fine when run manually. The exception detailed the issue as "SSLHandshakeException: java.security.cert.CertificateException: None of the TrustManagers allowed for trust of the SSL certificate(s) provided by the remote server to which this client attempted a connection." This was traced to a pulse change scenario where the reloading of the certificates was not happening on all the nodes after adding a new certificate or deleting a certificate. This has ben resolved by adding the DATA-ADMIN-SECURITY-CERTIFICATE class into the UpdatesCacheUtils.java class.
INC-153957 · Issue 615290
Cache key handling updated for OAuth2 Connect-REST
Resolved in Pega Version 8.5.3
After upgrade, a Connect-REST using OAuth2 credentials was failing with HTTP response code 403 when the Connect-REST was invoked by the agent, but the Connect-REST was successfully invoked from web node with the same Auth profile. OAuth2 tokens are stored in the cache and database. In this specific environment the key formation was happening differently on the utility node for batch processes, causing different keys to be formed for the same token. This has been resolved by adding a provider filter and updating the cache key.