INC-163914 · Issue 668845
Improved Agile Studio passivation recovery
Resolved in Pega Version 8.6.2
When an Agile Studio session was passivated, the error "SECU0008 : CSRF Detected and Blocked" was seen. Reactivating the session resulted in a blank page. This was traced to the clearing of requestor level registrations added for that particular thread, and has been resolved by adding a new flag to identify if a thread is passivated along with the necessary structure for the conditionalized clearing of requestor level registrations based on this flag.
INC-179360 · Issue 662177
Check added for allowed editing with CSRF
Resolved in Pega Version 8.6.2
After enabling CSRF, it was not possible to edit a data table used to define ACL rules due to security preventing the adding/editing of rows and user group entitlements. This has been resolved by using browser FingerPrint validation to check whether an activity is in a secured list and skipping validation for allowed activities.
INC-180275 · Issue 666455
Collaboration control hidden if data type is delegated
Resolved in Pega Version 8.6.2
When collaborating using a customized CaseManager portal with some delegated data types, the admin user refreshing the Data Type view changed the collaborator's view from the portal to show the Data Type tabs, allowing the second person to open rules (properties, Data Pages, etc) and see the configuration even though they could not make any changes. This has been resolved by updating pzDataTypeDelegated to display the collaboration control only if pzDelegation is false.
INC-180594 · Issue 670955
Filtering added for DisableDormantOperators
Resolved in Pega Version 8.6.2
When running the Disable Dormant Operators agent, many operators were seen which were dormant but not disabled. Investigation showed the activity was fetching all of the operators without filtering the deactivation state. This has been resolved by adding a filter condition in pzDisableDormantOperators to fetch only deactivate state users.
INC-184804 · Issue 669638
Password security enhanced
Resolved in Pega Version 8.6.2
Security and authentication have been enhanced for password handling.
INC-185362 · Issue 668825
Keystore update properly revises the cache
Resolved in Pega Version 8.6.2
A keystore updated with the latest certificate was not getting reflected in the runtime and the old certificate was getting picked. In a multi-node environment when the new JKS is uploaded in one node, the changes are expected to be communicated to other nodes so that the cache can be cleaned up. In this case, investigation showed that the keystore label was in uppercase and the cache entry was not correctly removed. This has been resolved by adding an update that will convert the cache key to lowercase and maintain uniformity to ensure proper cleanup.
INC-186512 · Issue 669327
Password security enhanced
Resolved in Pega Version 8.6.2
Security and authentication have been enhanced for password handling.
INC-161463 · Issue 638003
Case Dependency corrected for different access groups
Resolved in Pega Version 8.7
Creating a queue item as part of the case dependency was not working as expected when the access groups of the dependent cases were different. Investigation showed that in this scenario, the logic was looping differently and the DependencyList page in pxCheckFlowDependencies was getting removed. To resolve this, the DependencyList page has been moved so it is processed inside the DependencyList.pxResults loop.
INC-161948 · Issue 638963
Locking settings enabled for circumstanced case types
Resolved in Pega Version 8.7
Optimistic locking options were not present for a circumstanced case type, and the option to select the "Lock parent case when an action is performed on this case" check box was not available. However, when the parent case type was enabled with optimistic locking, a circumstanced child case could inherit a lock from its parent. Because "Lock parent case when an action is performed on this case" was not enabled on the circumstanced child case type, trying to update the parent case from the child case and save the parent case resulted in a "Lock not held on parent" error. This was a missed use case, and has been resolved by enabling locking settings in Case Designer for circumstanced case types.
INC-162168 · Issue 644731
Refresh works for nested lists
Resolved in Pega Version 8.7
After creating Pagelist A with another Pagelist within (B), a section was created with a repeating dynamic layout to display Pagelist A and a button was added with action set to refresh this section. In the embedded section of the repeating dynamic layout, a nested repeating dynamic layout was created for Pagelist B and a button was set to refresh this section. When using this configuration, the refresh was returning the actionID for Pagelist A regardless of which button was used. To resolve this, an update has been made which will iterate over the stack and append the individual indexes to the encoded value in the pzAPICreateJsonForField function.