SR-119800 · Issue 177840
Security policy transaction mismatch error resolved
Resolved in Pega Version 7.1.8
If security policies are enabled, logging out and then logging in prompts a password change. If the password was changed and then the page was refreshed, a transaction mismatch error occurred. This was caused by incomplete clearing of the password setting transaction, and the system has been updated to properly switch transactions.
SR-123636 · Issue 184161
Trojan horse protection auto-enabled
Resolved in Pega Version 7.1.8
The authentication/trojanhorseprotection previously defaulted to NEVER, creating a security vulnerability. The trojanhorseprotection setting now defaults to external.
SR-123636 · Issue 181701
Trojan horse protection auto-enabled
Resolved in Pega Version 7.1.8
The authentication/trojanhorseprotection previously defaulted to NEVER, creating a security vulnerability. The trojanhorseprotection setting now defaults to external.
SR-124473 · Issue 186179
Added handling for unauthenticated asynchronous SOAP service
Resolved in Pega Version 7.1.8
After implementing changes to work around an error with SOAP authentication, the unauthenticated asynchronous SOAP service generated an error and failed to complete. This was due to the changes to the authentication process omitting the asynchronous mode case when a SOAP service that intended to not use authentication ends up calling a sub-activity that requires authentication. This use case is now covered.
SR-126719 · Issue 177348
Added fallback keyinfo handling
Resolved in Pega Version 7.1.8
When a SAML assertion response is received in the authentication activity, an error indicated the KeyInfo was missing in the signature. This was caused by a lack of redundancy in the keyinfo handling that caused an exception when keyinfo was not included in the SAML response. Support has now been added to check the certificate in the truststore where the certificate from IDP metadata would have been imported, and there is an added null check in the debug logs.
SR-126719 · Issue 178793
Added fallback keyinfo handling
Resolved in Pega Version 7.1.8
When a SAML assertion response is received in the authentication activity, an error indicated the KeyInfo was missing in the signature. This was caused by a lack of redundancy in the keyinfo handling that caused an exception when keyinfo was not included in the SAML response. Support has now been added to check the certificate in the truststore where the certificate from IDP metadata would have been imported, and there is an added null check in the debug logs.
SR-128463 · Issue 193907
Create KeyRing updated for split schema
Resolved in Pega Version 7.1.8
If a command line script is configured (viz. keyringGen.sh) to encrypt user passwords for prconfig.xml databases using Keyring utility, a prconfig.xml could have three database entries but the keyring tool only prompted for two databases and did not allow encrypting password for the user for the third database. The prconfig.xml file requires very specific location information to run: to resolve this, the variables to hold schema name in case of split schema configuration have been added.
INC-147654 · Issue 642186
Updates to displaying embedded images in cases
Resolved in Pega Version 8.3.6
Sending an email with an embedded image to the email ID associated with the email listener successfully created the interaction case, but the embedded image was not displayed when the case was opened from the work-basket. A rule-not found exception was seen in the tracer for pyGetImageDisplay, the rule responsible for displaying the images in the ET pane. Investigation showed that when URLObfuscation was turned on, the decryption of the URL was not successful because "&" had been encoded to '& amp;'. This has been resolved by calling the activity pyGetImageForDisplay using URLMapping instead. An additional issue was seen with displaying images in the email interaction pane where the additional empty new lines moved the image outside the intended place. This was traced to a customization for the reply area which used the pyHighlightedMessage property and converted newlines to br tags even in HTML mode. To resolve this, pyHighlightedMessage has ben modified to convert newlines to br tags only if the mode is plain text.
INC-152776 · Issue 621243
Check added for HTML and linefeed combined in email
Resolved in Pega Version 8.3.6
In the Interaction right hand pane Email triage widget, additional line breaks were seen when displaying email message data that contained table tags. This was a missed use case for email which contains both HTML and '\n', which resulted in the system replacing '\n' with < / br >. This has been resolved by adding a check whether the content has HTML tags which will avoid the replacement.
INC-165188 · Issue 635774
Third-party links allowed to pass target attribute in anchor
Resolved in Pega Version 8.3.6
Attempting to connect to Docusign, a third party application, via Email in an interaction portal was not working, and the error "account.docusign.com refused to connect" appeared. This was caused by the HTML data being sanitized so the attribute 'target' was not allowed to pass and the application could not open in a new tab. To resolve this, an update has been made that will allow the target attribute for an anchor tag.