INC-179360 · Issue 662177
Check added for allowed editing with CSRF
Resolved in Pega Version 8.6.2
After enabling CSRF, it was not possible to edit a data table used to define ACL rules due to security preventing the adding/editing of rows and user group entitlements. This has been resolved by using browser FingerPrint validation to check whether an activity is in a secured list and skipping validation for allowed activities.
INC-180275 · Issue 666455
Collaboration control hidden if data type is delegated
Resolved in Pega Version 8.6.2
When collaborating using a customized CaseManager portal with some delegated data types, the admin user refreshing the Data Type view changed the collaborator's view from the portal to show the Data Type tabs, allowing the second person to open rules (properties, Data Pages, etc) and see the configuration even though they could not make any changes. This has been resolved by updating pzDataTypeDelegated to display the collaboration control only if pzDelegation is false.
INC-180594 · Issue 670955
Filtering added for DisableDormantOperators
Resolved in Pega Version 8.6.2
When running the Disable Dormant Operators agent, many operators were seen which were dormant but not disabled. Investigation showed the activity was fetching all of the operators without filtering the deactivation state. This has been resolved by adding a filter condition in pzDisableDormantOperators to fetch only deactivate state users.
INC-184804 · Issue 669638
Password security enhanced
Resolved in Pega Version 8.6.2
Security and authentication have been enhanced for password handling.
INC-185362 · Issue 668825
Keystore update properly revises the cache
Resolved in Pega Version 8.6.2
A keystore updated with the latest certificate was not getting reflected in the runtime and the old certificate was getting picked. In a multi-node environment when the new JKS is uploaded in one node, the changes are expected to be communicated to other nodes so that the cache can be cleaned up. In this case, investigation showed that the keystore label was in uppercase and the cache entry was not correctly removed. This has been resolved by adding an update that will convert the cache key to lowercase and maintain uniformity to ensure proper cleanup.
INC-186512 · Issue 669327
Password security enhanced
Resolved in Pega Version 8.6.2
Security and authentication have been enhanced for password handling.
INC-147654 · Issue 642189
Updates to displaying embedded images in cases
Resolved in Pega Version 8.7
Sending an email with an embedded image to the email ID associated with the email listener successfully created the interaction case, but the embedded image was not displayed when the case was opened from the work-basket. A rule-not found exception was seen in the tracer for pyGetImageDisplay, the rule responsible for displaying the images in the ET pane. Investigation showed that when URLObfuscation was turned on, the decryption of the URL was not successful because "&" had been encoded to '& amp;'. This has been resolved by calling the activity pyGetImageForDisplay using URLMapping instead. An additional issue was seen with displaying images in the email interaction pane where the additional empty new lines moved the image outside the intended place. This was traced to a customization for the reply area which used the pyHighlightedMessage property and converted newlines to br tags even in HTML mode. To resolve this, pyHighlightedMessage has ben modified to convert newlines to br tags only if the mode is plain text.
INC-154254 · Issue 674945
Correct Email Bot training text highlighted
Resolved in Pega Version 8.7
When a piece of text was selected and tagged against an entity while training the Email Bot, the entity selection was misplaced and partially covered the actual text selected. The incorrect selection was then carried forward to the training data spreadsheet. To resolve this, rule changes have been made that will update HTML entities to HTML encoded forms.
INC-166844 · Issue 651407
Email bot updated to handle negative and positive feedback on the same text
Resolved in Pega Version 8.7
When positive and negative training was done on the same piece of text, text extraction by Email Bot failed. For example, when using the sentence. “John Smith plays cricket”, the bot detects “John” as person name. If user wants to train the bot to detect “John Smith” as the entity, the user needs to first remove “John” and build the model, and then select “John Smith” and build the model again. In this case, the email bot never again detects “John Smith” as person name due to the negative feedback given for “John”. This was traced to the entities having same the startIndex/endIndex, and has been resolved by removing entities of the same modelName which have the pyIsRemoved property as true so that multiple entity models are detected on the same word.
INC-170135 · Issue 652525
Rich HTML handling added for outbound email
Resolved in Pega Version 8.7
The HTML content was visible in the received email when replying from the email pane in the existing email interaction. This has been resolved by adding logic to handle rich HTML for outbound email.