INC-170041 · Issue 649669
Check and error message added for filename containing "%00"
Resolved in Pega Version 8.5.4
At the time of file attachment or upload, if the file name contained % followed by two 0s (%00), the file upload mechanism distorted the UI and the Pega logo screen popped up. The file was saved properly in the ServiceExport directory, but while fetching the attachment info, the file was split in two because the engine considered %00 as a delimiter. This has been resolved by adding a file name check and a pyInvalidFileName field value to be used for an error message.
INC-173953 · Issue 650851
Updated Pega DX API special character handling
Resolved in Pega Version 8.5.4
When the using Pega API v1 and invoking api/v1/cases/{ID}/actions/{actionID} for a few fields in section, special characters were being converted into HTML entities. For example,"You'll usually find this information in your terms and conditions." was being converted as "You& #39;ll usually find this information in your terms and conditions" in the API response. This has been resolved by updating the system to ensure the pyDXAPIEncodeValues application setting is honored.
INC-174355 · Issue 652051
Corrected file download in Cosmos
Resolved in Pega Version 8.5.4
An unauthorized request error was seen in tracer while downloading files in the Cosmos application. This was traced to the pyAttachmentFeedDescription control in the Theme Cosmos Rule Set not being correctly updated, and has been resolved.
INC-176091 · Issue 652121
Busy indicator correctly resolves with Microsoft Internet Explorer upload
Resolved in Pega Version 8.5.4
When using Microsoft Internet Explorer to upload documents, the busy indicator was not resolving after the file was attached. This was due to a missed use case in work done around the timing of the busy indicator when attaching multiple files, and has been resolved by modifying PzMultiFilePath to ensure the busy Indicator is removed when the file count is zero.
INC-157095 · Issue 638807
Enhancement added for tenant-level authentication
Resolved in Pega Version 8.5.4
In a multi-tenant PDC with a few tenants that utilize their own custom SSO, a pre-authentication activity inside a tenant that should block community access was also affecting tenants that did not have that pre-auth activity set. This was a missed use case and has been resolved by adding a tenantId hash in SchemePRAuth.makeUniqueSchemeName() to create the authServiceName.
INC-161260 · Issue 634051
Enhanced logging for CBAC policies
Resolved in Pega Version 8.5.4
Additional logs have been added to assist in easier debugging of any configuration issues with CBAC policies.
INC-161660 · Issue 633030
Authorization token handling and cleanup improved
Resolved in Pega Version 8.5.4
When using a mobile app configured with default authentication, clicking on the "Trouble logging in?" link opened a new window and displayed the message "please contact your system administrator" along with the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY CODE-SECURITY PZGETAUTHORIZATIONCODE". This has been resolved. In addition, the OAuth token generation and handling has been improved, and the purge agent has been updated to accept a DSS setting for the max number of expired records to purge each time it is run. The default value is 5000.
INC-162434 · Issue 640052
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.5.4
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-163201 · Issue 646911
BrowserFingerprint updated
Resolved in Pega Version 8.5.4
Security improvements have been added to the browser fingerprint process.
INC-168837 · Issue 646973
CSRF token updated for use with OKTA login
Resolved in Pega Version 8.5.4
An issue seen while connecting via OKTA has been resolved by updating the CSRF token validation for use with IDP initiated SSO login.