SR-D90939 · Issue 557309
Handling updated for redirect URI construction
Resolved in Pega Version 8.4.2
The redirect URI for an ODIC authorization request to IDP from Pega was truncated, resulting in an incorrect redirect URI. This was traced to the App alias feature was introduced in 8.4 which appends /app/ to the context URL. While constructing OpenID authorization request, the redirect URI was constructed from current login context. In the process of removing the app alias from the URL, a conflict was seen when the server name contained the word "app" in it. To resolve this, the app alias handling has been updated.
SR-D95501 · Issue 557684
Updated jar supporting SAML login to work with JRE11
Resolved in Pega Version 8.4.2
SO authentication was failing with the exception "Caused by: java.lang.NoClassDefFoundError: Could not initialize class org.apache.commons.ssl.TrustMaterial". That class was packaged with Pega via the not-yet-commons-ssl.jar which is no longer being developed and only works with JRE8. This has been resolved by updating the package to the new not-going-to-be-commons-ssl.jar which has been evaluated for all supported JRE versions.
SR-D95525 · Issue 561833
CSRF validation update
Resolved in Pega Version 8.4.2
CSRF validation has been added for non-AJAX get requests which originated from a redirected post request.
SR-D96368 · Issue 555742
10 minute cap added to lockout time interval for failed logins
Resolved in Pega Version 8.4.2
After a certain number of failed attempts, there is a process that locks out the operator for a time interval. When the interval has expired and the operator is able to try again, the next "lockout" uses a time interval double the prior size. Previously, this was able to grow without any restriction. In order to improve effective requestor management, an upper limit has been added for maximum lockout period. The default has been set at 10 minutes or 600 seconds, but this may be configured using the DSS : authPolicy/delay/maxDelay in the Ruleset: Pega-Engine. The value is set in seconds: if the value specified in the DSS is greater than 600 seconds, then the maximum lockout period will fall back to 600 seconds (10 minutes).
SR-D96395 · Issue 555119
CDK key loading modified for better database compatibility
Resolved in Pega Version 8.4.2
Users were unable to log on to the system and received the error "There has been an issue; please consult your system administrator." Investigation showed the log errors stating "(dataencryption.DataKeyProvider) ERROR localhost - Could not get CDK from systemKeyManagementCache - System CDK is null". This was an issue specific to the MS SQL Server database when there were 6 or more CDKs in the database: CDK keys are loaded from database into Cache using an SQL statement which had the ORDER clause. By default, the ORDER clause treats NULL values differently on different databases, and this caused MS SQL databases to not load a necessary CDK key. To resolve this, the SQL query has been modified so the result will be the same for all supported daatbases (Oracle, Postgres & MS SQL Server).
SR-D87188 · Issue 551349
Mentioned user in Pulse correctly converted to hyperlink
Resolved in Pega Version 8.3.3
In the Interaction portal, mentioning a user in Pulse using @ was not converting the name to the user name with hyperlink for Email Interactions. @ mentions were working as as expected in Phone Interactions. This problem was introduced as part of using OWASP to sanitize HTML user input in Rich Text support, and was due to OWASP converting @ to an HTML entity. To resolve this, the @ will be excepted from HTML conversion.
SR-D92688 · Issue 551339
Optional feature to improve pxETReport performance
Resolved in Pega Version 8.3.3
Poor performance was seen when using pxETReport. This was caused by the system loading the recent cases widget by looking up all the ET cases within last 30 days, opening each ET case to check if it is from the same pyFrom email address, and then if yes, opening its related service case. On a complex system, this was potentially a slow process. To improve performance, the "Related cases" feature can now be disabled through an overridable 'when' rule.
SR-D63638 · Issue 544015
Performance improvements for opening cases with embedded images
Resolved in Pega Version 8.3.3
Opening cases containing email interactions was taking an excessive amount of time. This was traced to the use of embedded images, icons, etc, in the message body and signature, and was caused by the pyGetAttachmentsbyCID activity running multiple times due to discussion threads that were duplicated over and over. In some cases, more than 360 calls to the database were seen. This has been resolved by shifting some case opening processes to executing when the listener thread gets the mail, and storing the results in a .pynote property, and a URL will be used to get images instead of embedding them directly to the HTML. If preferred, this can be reverted to the previous behavior by changing the when rule (pyUseCachedHtmlForDisplay) to false.
SR-D81707 · Issue 544671
Webchat bot interaction box cleared on submit
Resolved in Pega Version 8.3.3
After upgrade, when using Google Chrome responses to webchat bot questions were not getting cleared from the chat input window after the enter/send button was clicked. This has been resolved by changing the order of refresh section and set value and disabling submit on refresh when refreshing pzSubmitArea.
SR-D86837 · Issue 547992
Webchat interaction timeout updated
Resolved in Pega Version 8.3.3
Interaction timeout was not working as expected in Webchat channels. This was traced to the system looking for total interaction timeout instead of user inactive timeout, along with the Web chat interaction case clipboard page being stale. To resolve this, timestamp propagation has been updated for pxProcess in Work-Channel-Interaction.pxAcquireInteraction.