INC-200303 · Issue 692846
OIDC authentication service token reload updated
Resolved in Pega Version 8.6.3
The exception “PRSecurityException: Invalid State Parameter received" was generated along with "Unable to execute OIDC flow : Caught exception while parsing the id token”. The issue was identified in the Keystore cache refresh strategy for the 'reload once per interaction' option. While the Refresh interval was one minute for reload once per interaction, if there was a login request/keystore request in that one minute then the refresh interval was pushed to one minute again from that timestamp. The system was also maintaining the cache refresh interval as one minute. That meant if there were continuous requests, then the refresh interval was pushed to one minute for each request. As a result, the Refresh interval was repeatedly extended until the exception occurred. To resolve this, the Refresh token will happen if there are no requests for a period of one minute, and the cache refresh interval for "Reload once per iteration" has been removed completely.
INC-200877 · Issue 693824
Functions supported in Authorization Service
Resolved in Pega Version 8.6.3
An enhancement has been added to support operator page context evaluation with a Rule-Utility-Function during property mapping evaluation.
INC-201573 · Issue 694750
Client secret made optional for JWT Bearer Grant type
Resolved in Pega Version 8.6.3
After update, trying to connect a REST API using OpenAM as the provider for OAuth and using JWT Bearer as Grant type was resulting in an error indicating the request was not reaching the destination. This was traced to the client secret being designated a mandatory field when it should be optional in this case as the required key store was already configured with a JWT token profile. To resolve this, an update has been made which will make the client secret optional when the authentication scheme is JWT Bearer. In addition, the blank value caused a null pointer error when the client secret was not passed. This has been handled with a check.
INC-204045 · Issue 694323
Signature map updated for fetching keys
Resolved in Pega Version 8.6.3
MFA login worked with SAML 2.0 when the certificate was disabled but failed when the certificate was enabled in Auth Service. The error " "Signature algorithm is null" appeared. This has been resolved by updating the signature map to ignore case sensitivity while fetching keys.
INC-204897 · Issue 696148
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.3
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-164775 · Issue 681240
Web page generation security updated
Resolved in Pega Version 8.6.3
Cross-site scripting protections have been enhanced around web page generation.
INC-167704 · Issue 671629
Email timing updated to ensure content captured
Resolved in Pega Version 8.6.3
Outbound email replies constructed using a pyReply section were intermittently blank if the 'Send' button was clicked immediately after adding text. This was traced to the blur not happening immediately on click of the submit button, and has been resolved by introducing window.blurDelay to ensure the data is captured. The delay time is configurable, and by default is set to 200ms.
INC-167871 · Issue 666296
Desktop browser java render error corrected
Resolved in Pega Version 8.6.3
Attempting to open Clipboard, schedule a report, or perform any activity which generated in a pop-up resulted in a blank screen and browser errors indicating "Uncaught TypeError: (…) is not a function 2. Uncaught TypeError: cannot set property '...' of undefined". This has been resolved by adding a semicolon to the last line of pzpega_desktop_automation_support_js.
INC-176113 · Issue 661469
Duplicate messages removed from hover over smart info
Resolved in Pega Version 8.6.3
If a particular mandatory field was not selected and saved, scrolling over any help text bubble in that screen caused the error messages to pop up multiple times. This was an issue with the recreation of error tables on hover over smart info and has been corrected.
INC-178417 · Issue 670112
Flag reset added for grid with 'Expand When'
Resolved in Pega Version 8.6.3
A grid using an 'Expand When' condition worked as expected when the condition was true, but once expanded the grid did not collapse if the expand condition was changed to false even if a section/harness refresh was performed. This has been resolved by adding an update which will reset the flag when the result of 'Expand When' is false.