INC-225840 · Issue 730754
Key ID made optional for JWT
Resolved in Pega Version 8.8
After update, Connect-REST services were failing with a Admin_Security_Token.Action error. This was traced to kID (key ID) being mandated following previous work done to address an issue. To resolve this and better support backwards compatibility, the kID has been made optional in the JWT header.
INC-226479 · Issue 727465
Cross-site scripting filters added to redirect parameters
Resolved in Pega Version 8.8
Cross-site scripting protections have been added to Param.redirect to improve security.
INC-227736 · Issue 744475
Added polling lock to handle CDK Key rotation issues
Resolved in Pega Version 8.8
An error was generated when attempting to open existing encrypted contacts created in the Sales Automation application. This was traced to multiple nodes generating CDKs simultaneously, leading to a race condition, and has been resolved by refactoring the CDK generation code so it will acquire a lock when polling the database to avoid a race condition.
INC-227769 · Issue 731726
ReloadHarness security updated
Resolved in Pega Version 8.8
Security handling has been updated for ReloadHarness to ensure proper CSRF validation.
INC-228169 · Issue 729003
Login error messages updated
Resolved in Pega Version 8.8
Exception response messages have been updated in order to improve security around attempts to bypass operator authentication.
INC-232970 · Issue 742011
Security update for MashUp
Resolved in Pega Version 8.8
Cross site scripting protections have been updated for the LoadMashupPage activity and RedirectTo parameter.
INC-178831 · Issue 680984
Ensured correct context for multi-select
Resolved in Pega Version 8.8
When using multi-select controls, there was an intermittent issue with selecting values using a mouse click. Using the tab key worked as expected. This was traced to the focus being event triggered multiple times so pega.ctx.dom returned undefined values in the second call.This has been resolved by focusing the target element before creation of capsule to ensure the context remains the same.
INC-180100 · Issue 699838
Scrollbar persists for multiselect
Resolved in Pega Version 8.8
Selecting more than 20 values in the multiselect control caused the scrollbar to disappear. This has been resolved by removing a custom popover height calculation.
INC-183966 · Issue 676560
Corrected duplicated select file label reading
Resolved in Pega Version 8.8
When using a screen reader, the select file button label was announced twice on focus. Investigation showed this was caused by the helper text and tooltip having the same content which sounded like a duplicate reading. To resolve this, the text is now differentiated.
INC-183996 · Issue 669645
Step name given heading level for better accessibility
Resolved in Pega Version 8.8
When using the JAWS shortcut for navigating through headings, the Step name was not announced as expected. This was due to the Step name not containing the necessary code for a heading, and has been resolved.