INC-209298 · Issue 704141
Added security tokens to Worklist assignment error wizard
Resolved in Pega Version 8.6.4
After enabling CSRF, moving to 'Configure -> Case Management -> Tools -> Work Admin -> Worklist assignment errors' and then selecting a record and clicking on 'Delete' resulted in a '403 Forbidden' error. This has been resolved by adding CSRF and fingerprint tokens as part of the form data.
INC-211426 · Issue 706061
UI and code changes to support Client Assertion in Open ID Connect
Resolved in Pega Version 8.6.4
In order to support private_key_jwt, an enhancement has been added which will pass the “Client ID” and “Client assertion” (in the form of a signed JWT) as part of the authorization code grant flow for an IDP-initiated SSO. The Authorization Server will then authenticate Pega (the client) to verify the signature and payload of assertion by retrieving the public key via Pega’s JWKS endpoint.
INC-215343 · Issue 711141
Security updates
Resolved in Pega Version 8.6.4
Security updates have been made relating to rulesets using allow lists, checks for Java code injections, SAML-based SSO code, and supporting SFTP as part of the validation in the pxValidateURL rule.
INC-239902 · Issue 628577
Handling added for multi-file upload of duplicated files
Resolved in Pega Version 8.7
Attaching the same file multiple times during a single upload caused some of the duplicated files to not be included. The issue was not seen when attaching the same file multiple times but in different attempts. The exception "Can't continue with file attachment. FileData.xlsx is missing and might have been quarantined by anti-malware software" was logged. This was caused by the files being uploaded without updating filenames to have a unique ID, so multiple files with the same name were overwriting the previous file. This has been resolved by setting the appendUniqueIdToFileName parameter to true in the upload request so each copy of the filename is treated as an individual file.