INC-200299 · Issue 689561
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-204897 · Issue 695409
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.7
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .
INC-239902 · Issue 628577
Handling added for multi-file upload of duplicated files
Resolved in Pega Version 8.7
Attaching the same file multiple times during a single upload caused some of the duplicated files to not be included. The issue was not seen when attaching the same file multiple times but in different attempts. The exception "Can't continue with file attachment. FileData.xlsx is missing and might have been quarantined by anti-malware software" was logged. This was caused by the files being uploaded without updating filenames to have a unique ID, so multiple files with the same name were overwriting the previous file. This has been resolved by setting the appendUniqueIdToFileName parameter to true in the upload request so each copy of the filename is treated as an individual file.