INC-133301 · Issue 580677
Resolved authorization request errors on mobile
Resolved in Pega Version 8.2.8
After upgrading and rebuilding the APK with the HC Client Version – 7.41.8-SNAPSHOT, numerous "PYREDIRECTAUTHORIZATIONREQUEST" alerts during mobile interactions caused system performance issues. This was traced to a change in the handling for OAuth2 tokens and related to missing pyClientID column in the database table which forced the system to read all records from the table, and has been resolved.
INC-135159 · Issue 580673
Logic updated for deepMergeObj API
Resolved in Pega Version 8.2.8
Issues with the embedded page values being removed when navigating from a flow action and inconsistent localization of labels and captions in a mobile app were traced to the deepMergeObj API; the logic for the API has been revised to ensure the pxObjClass property is not removed from embedded pages during the doSave function.
INC-144948 · Issue 602275
Resolved JBoss memory leak
Resolved in Pega Version 8.2.8
JBoss logs indicated connection leaks. This has been resolved by limiting the scope of instance of ActionProvider, DataSyncRequestParser to a try-with-resources block which ensures that all resources are released.
SR-D95638 · Issue 556964
Added handling for mobile SharePoint attachments
Resolved in Pega Version 8.2.8
When an application was using SharePoint to store the attachments, adding an attachment in an offline-enabled mobile app and then synching resulted in the mobile app crashing if the user re-logged in and launched the same work object. This was due to the attachment handling. Attachments are downloaded during synchronization and they are base64 encoded: when a mobile phone processes the synchronization response, it decodes the base64 encoded attachment and saves the data in internal storage. In this scenario, attachments retrieved from SharePoint (REST Service) use a base64 conditional encoding that is different than in case Repositories or Pega Database storage. To resolve this, a check has been added to determine whether the base64 text contains newline characters, and if so the text is merged into one line.
INC-130500 · Issue 580621
Cross-site scripting protections updated for authorization
Resolved in Pega Version 8.2.8
Cross-site scripting protections have been updated for various URLs associated with authorization.
INC-132191 · Issue 582547
Option added to return to same authenticationService after SAML logoff
Resolved in Pega Version 8.2.8
An enhancement has been added which provides a check box on the Authentication Service ruleform to select the option of redirecting users back to their original authentication service screen after logoff.
INC-132209 · Issue 577001
CDK key loading modified for better database compatibility
Resolved in Pega Version 8.2.8
Users were unable to log on to the system and received the error "There has been an issue; please consult your system administrator." Investigation showed the log errors stating "(dataencryption.DataKeyProvider) ERROR localhost - Could not get CDK from systemKeyManagementCache - System CDK is null". This was an issue specific to the MS SQL Server database when there were 6 or more CDKs in the database: CDK keys are loaded from database into Cache using an SQL statement which had the ORDER clause. By default, the ORDER clause treats NULL values differently on different databases, and this caused MS SQL databases to not load a necessary CDK key. To resolve this, the SQL query has been modified so the result will be the same for all supported daatbases (Oracle, Postgres & MS SQL Server).
INC-132897 · Issue 576549
UseSSL correctly set for password reset email
Resolved in Pega Version 8.2.8
Email was not being sent as part of the password reset functionality for Agile Studio when the email account was set to use SSL. An EmailClientException was logged. This was traced to the 'forgot password' flow reading .pyUseSSL as false, and has been resolved by setting pyUseSSL from the email account page.
INC-133518 · Issue 592225
Context updated for IACAuthentication activity trace
Resolved in Pega Version 8.2.8
After upgrade, tracing the IACAuthentication activity was not working. Investigation showed that the context object had a null tracer value, which has been resolved by updating the system so the tracer runs with the correct context.
INC-134315 · Issue 578367
Resolved 400 error on second browser session
Resolved in Pega Version 8.2.8
When accessing application URLs in two tabs of a browser window, logging into the second session was throwing a 400 invalid request. This has been resolved by adding specified activities to an allow list which will bypass URLObfuscation in un-authenticated mode. Non-listed activities will be processed using URLObfuscation if it is enabled.