INC-204045 · Issue 694323
Signature map updated for fetching keys
Resolved in Pega Version 8.6.3
MFA login worked with SAML 2.0 when the certificate was disabled but failed when the certificate was enabled in Auth Service. The error " "Signature algorithm is null" appeared. This has been resolved by updating the signature map to ignore case sensitivity while fetching keys.
INC-204897 · Issue 696148
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.3
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-192935 · Issue 698695
Inline images retrieved for deferred-load email
Resolved in Pega Version 8.7.1
When emails were defer-loaded, inline images with code entered into the non-cache section in pyExtractHtmlFromAttachment were not being displayed. This has been resolved by passing the current page parameter to pyExtractHTMLFromAttachment to convey the pyID.
INC-200148 · Issue 693148
Added JSoup handling for older Microsoft Outlook versions
Resolved in Pega Version 8.7.1
Logging indicated that some emails were generating the error "pyextractlatestreplyfromhtml is resulting in java.lang.IllegalArgumentException: Object must not be null." This occurred when using an older version of Microsoft Outlook, and has been resolved by adding a check before removing the JSoup doc object.
INC-200237 · Issue 693179
Added API for Pega Call Team websocket reconnect
Resolved in Pega Version 8.7.1
When a call came in, the operator was not able to pick it up due to the popup only containing a reconnect section. This has been resolved by adding the disconnectAndReconnect API which will be used by Pega Call Team if the websocket reconnect limit exceeds 5.
INC-203463 · Issue 694163
Added deferred loading for email cases
Resolved in Pega Version 8.7.1
When there were a significant number of email interactions on an email case, delays were seen when loading the case in the UI. Investigation traced this to a high number of database calls along with the BLOBs also being open. To improve performance, the new rule pyDeferLoadEmails has been added which toggles the UI and loads emails faster. In addition, the button label has been modified to read "View all emails" in place of "Show all" while defer load is enabled.
INC-164432 · Issue 696293
Global obfuscation key initialized on first requestor call
Resolved in Pega Version 8.7.1
When using URLEncryption = true and SubmitObfuscatedURL = optional, attempting to export an Excel spreadsheet resulted in the error "Invalid character found in the request target". This was traced to the variable pega.d.globalobfuscateKey having a null value which was then converted to a byte array and decoded, generating improper characters in the URL. After a browser refresh, the correct value was set in pega.d.globalobfuscateKey and the export worked as expected. To resolve this, an update has been made to initialize the key on the very first call in PRRequestorImpl when the global obfuscation key is determined to be NULL instead of initializing the global obfuscation key by on-demand basis from HTTPAPI.
INC-173098 · Issue 694090
Signature map updated for fetching keys
Resolved in Pega Version 8.7.1
MFA login worked with SAML 2.0 when the certificate was disabled but failed when the certificate was enabled in Auth Service. The error " "Signature algorithm is null" appeared. This has been resolved by updating the signature map to ignore case sensitivity while fetching keys.
INC-182530 · Issue 695760
SAML datapages cleared before new authentication
Resolved in Pega Version 8.7.1
If a previous user had not logged out or timed out when using SAML authentication, a second person using the same device/browser would end up in the first user's session after performing their own authentication. Investigation showed the second login D_SAMLAssertionDataPage was not getting refreshed with the current user login details; this has been resolved by explicitly deleting the SAML Datapages before processing a new login if the session has not timed out.
INC-196839 · Issue 695281
Removed duplicate clipboard page creation
Resolved in Pega Version 8.7.1
An out of memory exception occurred due to the pyInstanceInfoForUpdate clipboard page having 6.5M Embed-InstanceInfo entries. This was traced to the ClientUpdateRequestHandler.getInstanceInfoPage method continuously appending to the ClipboardProperty instanceInfoPage. This has been resolved by removing the extra creation of instance pages within the loop.