INC-196431 · Issue 684886
Refresh assignment checks updated
Resolved in Pega Version 8.7
Additional privilege checks have been added to refresh assignment.
INC-199303 · Issue 690629
Guided Tour working from Actions menu
Resolved in Pega Version 8.7
After updating from Pega 8.4 to Pega 8.5, "Manage a Guided Tour" was no longer working under a local action when called from the Actions menu on a work object. An unspecified error message appeared in the tracer. Investigation showed there was a null pointer error caused by the menu being invoked on an invalid page, and this was traced to updated authentication requirements: registration at the portal is not reliable as it is thread-scoped and run only once. The thread name is not guaranteed to stay the same so subsequent invocations of the tour activities failed. This has been resolved by modifying the call registration function to handle the security issues related to the generation of the menu path.
INC-200299 · Issue 689561
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-204897 · Issue 695409
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.7
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-155406 · Issue 638706
Clipboard security updated
Resolved in Pega Version 8.7
Security has been enhanced for clipboard properties by restricting registration for readonly properties.
INC-157367 · Issue 637948
PDF generation corrected
Resolved in Pega Version 8.7
Issues with PDF generation have been resolved by upgrading the PD4ML libraries to version 4.0.9fx5.
INC-157448 · Issue 638925
Latitude and longitude populated for CreateWork history
Resolved in Pega Version 8.7
After enabling geo location in the casetype rule, when the case was created using the Create menu option from either Dev studio or Manager portal the Latitude and longitude values were set on the pxRequestor page and were available in the Case Audit history in the Map control. When the same case was created using CreateWork action configured on a button, it did not log the latitude and longitude values in the case Audit history. Investigation showed this was caused by a 'when' condition in the AddWorkHistory activity which checks the requestor page for latitude value and which had a null value when a createWork action was used to create the case. To correct this, the template metadata of the form will be populated with latitude and longitude values from pxRequestor page to be used in the latitude and longitude hidden fields.
INC-160805 · Issue 640854
PDF generation corrected
Resolved in Pega Version 8.7
Issues with PDF generation have been resolved by upgrading the PD4ML libraries to version 4.0.9fx5.
INC-160839 · Issue 643470
Session timer corrected
Resolved in Pega Version 8.7
Configuring pxsessiontimer in the Portal header to log users off after 30 minutes was not working as expected: users were still logged in the next day or after keeping the session idle for more than 30 minutes. After waking up the system, it was possible to search clicking on the search results resulted in being logged out. This was traced to the ShowLogoffTimer activity not being correctly registered, and has been resolved.
INC-161480 · Issue 629627
Confirmation button works on dirty alert
Resolved in Pega Version 8.7
The "Ok" button on the discard changes alert was not working. This has been corrected.