INC-199303 · Issue 690629
Guided Tour working from Actions menu
Resolved in Pega Version 8.7
After updating from Pega 8.4 to Pega 8.5, "Manage a Guided Tour" was no longer working under a local action when called from the Actions menu on a work object. An unspecified error message appeared in the tracer. Investigation showed there was a null pointer error caused by the menu being invoked on an invalid page, and this was traced to updated authentication requirements: registration at the portal is not reliable as it is thread-scoped and run only once. The thread name is not guaranteed to stay the same so subsequent invocations of the tour activities failed. This has been resolved by modifying the call registration function to handle the security issues related to the generation of the menu path.
INC-200299 · Issue 689561
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-204897 · Issue 695409
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.7
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-
196961 · Issue 693473
Iteration method updated for SetRequiredSkillsCountColumn
Resolved in Pega Version 8.7.1
After update, database utilization spiked and did not drop. Investigation traced this to the use of Local.totalCount in pzSetRequiredSkillsCountColumn, which caused the iteration loop to run more times than necessary. This has been resolved by replacing Local.totalCount with Local.iterationsCount in the iteration.
INC-184040 · Issue 688256
Improved accessibility for Disclosable Documents/attach files/auto selection dropdowns
Resolved in Pega Version 8.7.1
When using Dragon for accessibility, issues were seen when trying to select different options in the dropdowns related to attaching multiple files. This was caused by the legacy grids being used not supporting this type of accessibility functionality, and has been resolved by updating pzAttachFileDDFileList to use an optimized table instead.
INC-186036 · Issue 685370
Field Level Audit updated to handle hierarchical properties
Resolved in Pega Version 8.7.1
Field Audit was not working for the first change of the data selected/provided for a field. The audit was only reflected after the second change was made. When the property involved a series of hierarchies, for example pageprop.pagelist(1).pageprop, the FLA objects will initially use deferred saves and the generated pzinskeys will be added to a savedFLAMap object. However, when the last pageprop was not eligible to save, all the deferred saves of earlier records were cancelled but the inskeys were not removed from the savedFLAMap object. Because of this, the parent FLA records were assumed to have been saved already when those saves were actually deferred. This was a missed use case for hierarchical properties, and has been resolved by adding an update to remove the inskeys from the savedFLAMap object so that in the subsequent property change the audit's FLA records for the parent properties (pageprop.pagelist(1)) will be saved again.
INC-194180 · Issue 701664
GetChildcases handling updated for large numbers of cases
Resolved in Pega Version 8.7.1
When a very high number of child cases being processed contained a wait shape that was dependent on the movement of a parent case, some of the cases were moved to the next step of the flow automatically while others required a manual command to ResumeFlow. In extreme cases where many child cases were waiting, a node crash could occur. This was traced to the pzGetChildcases report having a maximum value of 500 lines, and has been resolved by increasing the maximum number of rows to retrieve to 9999 in the Data Access Tab of the pzGetChildCases report definition. In addition, the pxCheckFlowDependencies activity has been modified to perform with a higher number of cases, and DSS(MaxRecords) logic has been added to split the child cases into multiple queue items for each access group to decrease load on each thread process.
INC-198765 · Issue 696686
Public URL will be appended with "/" if it is not present
Resolved in Pega Version 8.7.1
When using the Worklink Correspondence Fragment rule with authentication service type "prweb/PRAuth/sso", the returned URL did not contain the needed "/" at the end of public link. The "/" was present when using the legacy authentication service "prweb/sso". This has been resolved by updating the system to include a "/" at the end of a public URL if one is not present.
INC-198807 · Issue 689769
Bulk Transfer Audit displays correct label
Resolved in Pega Version 8.7.1
After Bulk Transferring an assignment, the audit showed the flow action rule name instead of the label. This has been addressed by creating a field value for the name 'pyTransferAssignment' and updating the param.actionLabel to refer to the localized value.
INC-200247 · Issue 701955
WorkAttachmentIcon activity correctly registered
Resolved in Pega Version 8.7.1
The pyWorkAttachmentIcon control used to download attachments was generating a SECU0019 warning. This was traced to pzAppStorageOkToAttachFile not being correctly registered, and has been resolved.