INC-194429 · Issue 682882
Updated FieldLevelAuditing logic for page comparison
Resolved in Pega Version 8.7
Optimistic locking was resulting in orphan assignments and the error "Error: Flow Not At Task, Error: Flow Removed". In addition, Get Next Work was causing duplicate Field Level Auditing records. This was traced to a missed use case in the logic used in pxFieldLevelAuditing where previousPage and PrimaryPage are compared to see whether they are equal or not, and has been resolved by adding one more condition to mark previousPage as null when the update date time or commit date time are not updated as part of processing.
INC-194981 · Issue 681369
Validation error message corrected for delegated SLA rule
Resolved in Pega Version 8.7
When delegating any SLA rule to a Business user like the Manager Access group, editing it from the Case Manager portal did not give an option to configure seconds in that available text field (label hh:mm) even though the validation error stated that the time needed to be in hh:mm:ss format. The pzDelegatedSLAGoal, pzDelegatedSLADeadline and pzDelegatedSLAPassedDeadline sections do not include seconds field, which is a difference from Designer Studio (hh:mm:ss). For this update, the validation error message has been corrected to indicate only hh:mm is used while delegating the SLA rule. An enhancement is planned in a future version to support the hh:mm:ss format for this use.
INC-198514 · Issue 688852
CheckFlowDependencies query performance improved
Resolved in Pega Version 8.7
In order to improve performance on very large tables, the pxCheckFlowDependencies activity has been modified. Previously, checking whether a dependency exists retrieved all columns. The updated query will instead return a count.
INC-157095 · Issue 638808
Enhancement added for tenant-level authentication
Resolved in Pega Version 8.7
In a multi-tenant PDC with a few tenants that utilize their own custom SSO, a pre-authentication activity inside a tenant that should block community access was also affecting tenants that did not have that pre-auth activity set. This was a missed use case and has been resolved by adding a tenantId hash in SchemePRAuth.makeUniqueSchemeName() to create the authServiceName.
INC-162434 · Issue 640051
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-163201 · Issue 646910
BrowserFingerprint updated
Resolved in Pega Version 8.7
Security improvements have been added to the browser fingerprint process.
INC-163914 · Issue 668846
Improved Agile Studio passivation recovery
Resolved in Pega Version 8.7
When an Agile Studio session was passivated, the error "SECU0008 : CSRF Detected and Blocked" was seen. Reactivating the session resulted in a blank page. This was traced to the clearing of requestor level registrations added for that particular thread, and has been resolved by adding a new flag to identify if a thread is passivated along with the necessary structure for the conditionalized clearing of requestor level registrations based on this flag.
INC-164336 · Issue 634151
URL validation updated to handle custom token endpoints
Resolved in Pega Version 8.7
While saving an authentication profile with OAuth details, validation was failing for a valid URL given in the access token endpoint and revoke token endpoint fields. This was traced to the use of the Apache URL validator, which considered some domains to be invalid. To resolve this, the urlvalidator constructor has been updated to include a custom RegexValidator for access token and refresh token URLs.
INC-168837 · Issue 646972
CSRF token updated for use with OKTA login
Resolved in Pega Version 8.7
An issue seen while connecting via OKTA has been resolved by updating the CSRF token validation for use with IDP initiated SSO login.
INC-169186 · Issue 655537
Disconnect button availability extended
Resolved in Pega Version 8.7
A case was not refreshing when the disconnect button was selected while using the standard section for authorization grant type authentication. This was traced to a query executed to find a div with attribute pzInsHandle, but that attribute was not applicable in the user portal. To support this use, the query has been extended to be applicable for user portal (attribute data-ui-meta) and Dev Studio landing page.