INC-201573 · Issue 694750
Client secret made optional for JWT Bearer Grant type
Resolved in Pega Version 8.6.3
After update, trying to connect a REST API using OpenAM as the provider for OAuth and using JWT Bearer as Grant type was resulting in an error indicating the request was not reaching the destination. This was traced to the client secret being designated a mandatory field when it should be optional in this case as the required key store was already configured with a JWT token profile. To resolve this, an update has been made which will make the client secret optional when the authentication scheme is JWT Bearer. In addition, the blank value caused a null pointer error when the client secret was not passed. This has been handled with a check.
INC-204045 · Issue 694323
Signature map updated for fetching keys
Resolved in Pega Version 8.6.3
MFA login worked with SAML 2.0 when the certificate was disabled but failed when the certificate was enabled in Auth Service. The error " "Signature algorithm is null" appeared. This has been resolved by updating the signature map to ignore case sensitivity while fetching keys.
INC-204897 · Issue 696148
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.3
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-164775 · Issue 681240
Web page generation security updated
Resolved in Pega Version 8.6.3
Cross-site scripting protections have been enhanced around web page generation.
INC-167704 · Issue 671629
Email timing updated to ensure content captured
Resolved in Pega Version 8.6.3
Outbound email replies constructed using a pyReply section were intermittently blank if the 'Send' button was clicked immediately after adding text. This was traced to the blur not happening immediately on click of the submit button, and has been resolved by introducing window.blurDelay to ensure the data is captured. The delay time is configurable, and by default is set to 200ms.
INC-167871 · Issue 666296
Desktop browser java render error corrected
Resolved in Pega Version 8.6.3
Attempting to open Clipboard, schedule a report, or perform any activity which generated in a pop-up resulted in a blank screen and browser errors indicating "Uncaught TypeError: (…) is not a function 2. Uncaught TypeError: cannot set property '...' of undefined". This has been resolved by adding a semicolon to the last line of pzpega_desktop_automation_support_js.
INC-176113 · Issue 661469
Duplicate messages removed from hover over smart info
Resolved in Pega Version 8.6.3
If a particular mandatory field was not selected and saved, scrolling over any help text bubble in that screen caused the error messages to pop up multiple times. This was an issue with the recreation of error tables on hover over smart info and has been corrected.
INC-178417 · Issue 670112
Flag reset added for grid with 'Expand When'
Resolved in Pega Version 8.6.3
A grid using an 'Expand When' condition worked as expected when the condition was true, but once expanded the grid did not collapse if the expand condition was changed to false even if a section/harness refresh was performed. This has been resolved by adding an update which will reset the flag when the result of 'Expand When' is false.
INC-178831 · Issue 680985
Ensured correct context for multi-select
Resolved in Pega Version 8.6.3
When using multi-select controls, there was an intermittent issue with selecting values using a mouse click. Using the tab key worked as expected. This was traced to the focus being event triggered multiple times so pega.ctx.dom returned undefined values in the second call.This has been resolved by focusing the target element before creation of capsule to ensure the context remains the same.
INC-180108 · Issue 667351
Desktop browser java render error corrected
Resolved in Pega Version 8.6.3
Attempting to open Clipboard, schedule a report, or perform any activity which generated in a pop-up resulted in a blank screen and browser errors indicating "Uncaught TypeError: (…) is not a function 2. Uncaught TypeError: cannot set property '...' of undefined". This has been resolved by adding a semicolon to the last line of pzpega_desktop_automation_support_js.