SR-D21803 · Issue 502130
Cross-site scripting protection added for embedded portal URI
Resolved in Pega Version 8.2.4
The URI used in the top window of embedded portals has been encoded to prevent DOM based cross-site scripting.
SR-D29485 · Issue 503511
Enhancement added to modify URL encryption for load testing
Resolved in Pega Version 8.2.4
An enhancement has been added which allows conditionally modifying URL encryption for load testing. This uses the flag crypto/useportablecipherforurlencryption: if true, a portable hardcoded key is used to encrypt the URLs and if false, a dynamically generated key per thread/requestor is used to encrypt the URL.
SR-D38581 · Issue 504775
Removed unnecessary cross-site scripting filtering on paragraph rule
Resolved in Pega Version 8.2.4
When a link was set in a paragraph rule, the target option was removed in the returned layout structure. This was traced to unnecessary XSS filtering which has now been removed.
INC-
184212 · Issue 677287
Updated AgentName handling for QueueItemID
Resolved in Pega Version 8.7.1
A report was showing as scheduled but no mail was received when it was supposed to run. Investigation showed this was due to the reports being corrupted, leading to the flow skipping the necessary Queue-For-Agent method. While there was a workaround of doing a "Save As" to create a new version of the report, this has been addressed by setting the agentName before saving to the database to handle missing agentName cases and ensure pyAgentname is always populated when pzQueueItemID is not empty.
INC-172836 · Issue 655462
Added check for attachment upload for filename ending in $
Resolved in Pega Version 8.7.1
Attempting to upload a file to external web storage was failing if the filename's last character was $. This was traced to the system attempting to decode the name, and has been resolved by adding a check to see if there are at least two characters after $. If there are none, the decode step will be skipped.
INC-198029 · Issue 695562
Check added for empty SendAs in MSGraph
Resolved in Pega Version 8.7.1
When using MSGraph, logging showed the errors "Could not parse the address into InternetAddress Objects, falling back to parse with the regex" and "Unable to use the configured "Send As" email address from Records. Will fall back to 'first' recipient of incoming email." This has been resolved by adding a check for a blank SendAs field.
INC-199320 · Issue 696941
Corrected duplicate record error message
Resolved in Pega Version 8.7.1
When inserting a duplicate record in a grid, the error was shown at the harness level instead of the record level. This was traced to the error messages being removed from the step page, and has been resolved by updating the system so messages will not be cleared if the same value is being set.
INC-199341 · Issue 694712
Content-type values made consistent
Resolved in Pega Version 8.7.1
The content-type for service APIs was returned as 'text' for 401 errors when using a custom authentication type instead of the parent-type/child-type format such as text/plain, text/html, application/json, etc. This has been corrected.
INC-199665 · Issue 692753
Logic added to handle upper/lower case for Content-Type header value
Resolved in Pega Version 8.7.1
After Integrating REST Service with a HTTP/2 header, pzExecuteRestService was throwing a null pointer exception. This was traced to headers not being treated in a case-insensitive manner: the header contained a lower-case 'content-type' while the system was looking for 'Content-Type' (upper-case). To resolve this, logic has been added to check for both 'content-type' and 'Content-Type' keys.
INC-199679 · Issue 688738
Handling added to email encoding for ISO-8859-8-i charset
Resolved in Pega Version 8.7.1
After update, cases were intermittently not getting created from inbound email and the process became stuck. This has been resolved by adding handling to replace the ISO-8859-8-i charset with ISO-8859-8 for encoding the mail content.