INC-212549 · Issue 706074
HTML attachments conditionally shown in email listener cases
Resolved in Pega Version 8.6.4
When Rich text/html (non-plain text) emails were ingested in email, the original mail was not getting added to the case. Investigation showed that the pzCreateTriageWork activity had an explicit delete step to remove any attachment that started with 'email-content'. Since the HTML attachment name starts with 'email-content', it was deleted in above activity. This has been resolved by adding an update to conditionally show email-content.html.
INC-214294 · Issue 710826
PopulateEmailClientWorkFilter correctly resolves field value
Resolved in Pega Version 8.6.4
The first item in the Email manager queue selection dropdown was 'DefaultWorklist', instead of 'Default worklist' or other formatted text. Investigation showed the New Page was not created for the temp results in pzPopulateEmailClientWorkFilter Activity, preventing it from resolving the customized/available field values, and this has been resolved.
INC-214367 · Issue 708410
Handling added for infinite loop in GetEmailConversations
Resolved in Pega Version 8.6.4
An infinite loop issue where a clipboard page was repeatedly added to a page list in pxGetEmailConversations was causing an out of memory condition that resulted in unavailable nodes. This has been resolved by adding boundary conditions to avoid a loop, and a fail-safe mechanism to exit an infinite loop if one does occur.
INC-214836 · Issue 709759
Handling added for infinite loop in GetEmailConversations
Resolved in Pega Version 8.6.4
An infinite loop issue where a clipboard page was repeatedly added to a page list in pxGetEmailConversations was causing an out of memory condition that resulted in unavailable nodes. This has been resolved by adding boundary conditions to avoid a loop, and a fail-safe mechanism to exit an infinite loop if one does occur.
INC-164432 · Issue 696294
Global obfuscation key initialized on first requestor call
Resolved in Pega Version 8.6.4
When using URLEncryption = true and SubmitObfuscatedURL = optional, attempting to export an Excel spreadsheet resulted in the error "Invalid character found in the request target". This was traced to the variable pega.d.globalobfuscateKey having a null value which was then converted to a byte array and decoded, generating improper characters in the URL. After a browser refresh, the correct value was set in pega.d.globalobfuscateKey and the export worked as expected. To resolve this, an update has been made to initialize the key on the very first call in PRRequestorImpl when the global obfuscation key is determined to be NULL instead of initializing the global obfuscation key by on-demand basis from HTTPAPI.
INC-182827 · Issue 691528
URL security updated
Resolved in Pega Version 8.6.4
Security has been updated for URL tampering defense and Rule Security Mode.
INC-209298 · Issue 704141
Added security tokens to Worklist assignment error wizard
Resolved in Pega Version 8.6.4
After enabling CSRF, moving to 'Configure -> Case Management -> Tools -> Work Admin -> Worklist assignment errors' and then selecting a record and clicking on 'Delete' resulted in a '403 Forbidden' error. This has been resolved by adding CSRF and fingerprint tokens as part of the form data.
INC-211426 · Issue 706061
UI and code changes to support Client Assertion in Open ID Connect
Resolved in Pega Version 8.6.4
In order to support private_key_jwt, an enhancement has been added which will pass the “Client ID” and “Client assertion” (in the form of a signed JWT) as part of the authorization code grant flow for an IDP-initiated SSO. The Authorization Server will then authenticate Pega (the client) to verify the signature and payload of assertion by retrieving the public key via Pega’s JWKS endpoint.
INC-215343 · Issue 711141
Security updates
Resolved in Pega Version 8.6.4
Security updates have been made relating to rulesets using allow lists, checks for Java code injections, SAML-based SSO code, and supporting SFTP as part of the validation in the pxValidateURL rule.
INC-202878 · Issue 713790
Handling updated for social messaging items with very large embedded images
Resolved in Pega Version 8.7.2
Job scheduler was running out of memory while handling large/multiple files, causing nodes to crash while handling Social Messaging items. Inline images were also not being sent in the ACK email. Investigation traced this to a custom job scheduler and activity used to create PDFs from email communication and send the PDFs to a third-party system. This used the standard Email Triage/PegaSocial functionality for the emails, which were stored as instances of PegaSocial-Message. The custom Job scheduler and activity then leveraged the Data Page D_pxEmailPosts to retrieve the emails in order to harvest the text from the emails. The issue occurred when a number of the emails had multiple or large embedded images in them, meaning the PegaSocial-Message instances are very large. This resulted in the node running out of memory and crashing. To resolve this, code has been added to support inline images in ACK email and the complete message from Pulse will be used instead of the original message as the email body for the ACK email.