INC-118838 · Issue 560691
OKTA receives parameters on logout
Resolved in Pega Version 8.2.7
When using an OIDC logout endpoint with a parameter set as a data page value, the data page retrieved the ID Token from the DB, but when logout was clicked the datapage name was being displayed in the browser instead of the IDToken. To resolve this, code has been added to support sending ID token parameters for logoff endpoint for OKTA logoff using OpeniD connect.
SR-D95148 · Issue 557483
Port validation updated for redirect URI
Resolved in Pega Version 8.2.7
When an offline app for windows client was generated, trying to login via SSO resulted in the error "invalid redirect_uri". This was traced to the system validating the whole loopback redirection URL, e.g. "http://127.0.0.1:1234/redirection", including the port number. To enhance flexibility, an update has been made so that the port number will not be validated, allowing the client to establish it based on availability at the moment of the request to the authorization service. NOTE: As a best practice, a loopback URL should not be configured as a redirect URI. If a loopback URL is configured, then at run time the port number will not be validated, and the client application can use any available port on the system including ports that may not be intended for use.
INC-227878 · Issue 727855
UPDATE IMPACT FOR PEGA CALL
Resolved in Pega Version 8.7.3
Log4j-1.2.14.jar and Log4j-1.2.17.jar have been removed to address the security concerns with these versions, and logger jars have been upgraded to 12.7.2 version (from 12.7.1 version) to make Pega Call compatible. This change will impact Pega Call customer environments due to Avaya or Genesys, which are part of Pega Call, having an internal dependency on Log4j1.x version jars. As a result, the SDK logging for Avaya or Genesys will not be available in the 8.7.3 release unless the Log4j-1.x jar files are reimported locally.
INC-173596 · Issue 673089
Apache Commons HttpClient dependency removed
Resolved in Pega Version 8.7.3
As part of moving from the Apache Commons HttpClient project (which is at end of life and no longer being developed) to the Apache HttpComponents project, openws dependencies on the commons-httpclient jar have been removed.
INC-228169 · Issue 729187
Login error messages updated
Resolved in Pega Version 8.7.3
Exception response messages have been updated in order to improve security around attempts to bypass operator authentication.
INC-217655 · Issue 723565
Resolved validation check freeze for Dynamic Layout Group
Resolved in Pega Version 8.7.3
After creating a multi-step form where step 1 had a Dynamic Layout Group(tabbed) that used form fields configured with validations, clicking next with empty/invalid values in the form intermittently caused the screen to freeze and a javascript exception was logged. This was traced to a missed use case related to templates in the childNode, and has been resolved by adding the necessary safe checks in lgtemplate and lgcelltemplate.
INC-218855 · Issue 718834
DSS added to control section collapse on refresh
Resolved in Pega Version 8.7.3
After update from 8.5, using dynamic layouts that included certain controls (autocomplete/text/dropdown) configured with Refresh-Other Section -> Parent / Top Level Section such as a pyCaseActionArea with Event 'On Change' showed a different behavior: entering a value in the configured text/auto-complete field that leads to the refresh of the top level section will collapse all expanded sections if there is a refresh trigger within the embedded section or dynamic layout of the collapsible layouts. In order to control this behavior, a new DSS has been introduced. By default HonourExpandWhenOnRefresh (owning ruleset Pega-UIEngine) will be set to false to maintain the current behavior of collapse on refresh, while setting it to true will use the older behavior of maintaining expanded sections.
INC-223222 · Issue 723634
Corrected apiContext when using bulkActions
Resolved in Pega Version 8.7.3
Row selections in the multi-selection table were intermittently not working after opening a table with bulk actions enabled. Investigation showed that opening a table with bulkActions enabled and then navigating to a table where bulk actions are not available but multi-select is enabled led to functions like setSelectedRows and getSelectedRows still being available in apiContext. This has been resolved by correcting apiContext when bulkActions is enabled.
INC-225236 · Issue 725703
Corrected LiveDesignViewDisplay error handling
Resolved in Pega Version 8.7.3
When all rulesets were locked and a section was opened from Live UI in a portal, a "rule deleted" message appeared and it was confirmed the rule was deleted even though the rule was in locked ruleset. Investigation traced this to a pzLiveDesignViewDisplay call to pxChooseBestRuleSet which jumped to failure logic when "allow check out" was disabled, and this has been resolved by correcting the error handling in pzLiveDesignViewDisplay.