INC-161260 · Issue 634050
Enhanced logging for CBAC policies
Resolved in Pega Version 8.4.5
Additional logs have been added to assist in easier debugging of any configuration issues with CBAC policies.
INC-163226 · Issue 632964
Alert resolved for query parameter in non-standard format
Resolved in Pega Version 8.4.5
A failure status occurred during refresh of an optimized grid section. Investigation showed this was caused by a parameterized datapage being used as a source for a section that passed a query parameter in a non-standard format. There was no functional impact, and the alert has been resolved by setting the system to call StreamParameter extraction only if the rejectTamperedRequests DSS is explicitly set to true.
INC-169186 · Issue 655539
Disconnect button availability extended
Resolved in Pega Version 8.4.5
A case was not refreshing when the disconnect button was selected while using the standard section for authorization grant type authentication. This was traced to a query executed to find a div with attribute pzInsHandle, but that attribute was not applicable in the user portal. To support this use, the query has been extended to be applicable for user portal (attribute data-ui-meta) and Dev Studio landing page.
INC-170423 · Issue 648982
Added catch for SAML WebSSO duplicate key exception
Resolved in Pega Version 8.4.5
After logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint. Cannot insert duplicate key in object." This has been resolved by updating the session index handling and adding a catch for the duplicate key exception.
INC-171838 · Issue 651438
Added mail/telephone link to allowed CSP child frame
Resolved in Pega Version 8.4.5
After upgrade from v8.3 to v8.5, clicking on the mail / telephone link in the out of the box case participants gadget generated the Content Security Policy error "This content is blocked. Contact the site owner to fix the issue." Examination of the browser dev-tools console indicated the object refused to frame because it violated the Content Security Policy directive: "frame-src *". This behavior was specific to the Google Chrome browser, and has been resolved by adding code so the mailto: and tel: will be added to the frame-src when Data is selected under Child Frame-Source option. Unchecking the Data checkbox for Child Frame-Source on the policy landing page will remove these from allowed actions under CSP.
INC-171875 · Issue 653894
Skip restored for browser request CSRF token
Resolved in Pega Version 8.4.5
Many SECU0008 alerts were seen in the production logs. This was the result of a CSRF token check on requests without pyActivity or pyStream, and has been resolved by restoring a conditional skip of the check as those other browser requests do not contain a CSRF token.
INC-188469 · Issue 714844
Updated retainLock for DoClose activity
Resolved in Pega Version 8.6.5
After sending an external email notification from a case, attempting to use the "close" button resulted in an access denied error. This was traced to a missed use case for recent security improvements which resulted in not setting the required parameter retainLock for the DoClose activity, and has been resolved.
INC-208394 · Issue 713554
Error handling updated for Data-Work-Attach-File
Resolved in Pega Version 8.6.5
If a file is uploaded which has the same name as an existing case attachment or if any issue happens during file attachment, the attachment will fail and an error message is displayed with an option to cancel the operation. However, even if the upload was not successful the related Data-WorkAttach-File instance was created and persisted in the Workattach table. Investigation showed this was caused by the process for persisting the Data-WorkAttach-File record occurring prior to the process that returns the errors, and this has been resolved.
INC-209404 · Issue 710406
MultiFilePath supports file upload with leading special character
Resolved in Pega Version 8.6.5
Updates have been made to the pzMultiFilePath control in order to support uploading a file with a special character such as "%" at the beginning of the name.
INC-210787 · Issue 710393
Multiple child case assignments open correctly in Ajax container
Resolved in Pega Version 8.6.5
After configuring two cases with a parent-child relationship, the child case was configured with a parallel process with two assignments. When trying to open the child case assignments in an Ajax container, only the first assignment would open. Investigation showed this was caused by the "reloadAlways" parameter not being sent to openAssignment due to a custom control being used. To resolve this, the reloadAlways has been added as an argument to the OpenAssignment function call in pyAssignmentsLabel.