SR-C1107 · Issue 351146
Oauth tokens obtained on login timeout
Resolved in Pega Version 7.4
When the client idle time expires, the user must perform a login in order to get back into the application. If OAuth is being used for authentication there is no need to re-send the credentials to NetIQ if neither the refresh token nor access token are expired yet, but the hybrid client was repeating the ROPC flow and obtaining a new refresh token each time the user logged in after the client idle timeout expires. With this change, the tokens are obtained on login timeout. There will be a further update targeted for the next release to show the lock screen and not log the user out.
SR-C1107 · Issue 351606
Oauth tokens obtained on login timeout
Resolved in Pega Version 7.4
When the client idle time expires, the user must perform a login in order to get back into the application. If OAuth is being used for authentication there is no need to re-send the credentials to NetIQ if neither the refresh token nor access token are expired yet, but the hybrid client was repeating the ROPC flow and obtaining a new refresh token each time the user logged in after the client idle timeout expires. With this change, the tokens are obtained on login timeout. There will be a further update targeted for the next release to show the lock screen and not log the user out.
SR-C147 · Issue 343884
Security improvements for generateCellContent RUF
Resolved in Pega Version 7.4
Code changes have been made to improve security for getting the parameter value in the generateCellContent RUF.
SR-C1787 · Issue 346038
XSS filtering added for insHandle
Resolved in Pega Version 7.4
XSS filtering has been added for the inshandle parameter in the downloadFile activity.
SR-C1787 · Issue 320158
Exception message will not include invalid filename
Resolved in Pega Version 7.4
To enhance security, the exception message In the activity Rule-File-Binary.downloadFile will not display the invalid filename.
INC-147873 · Issue 610865
Custom header character encoding for Subject added
Resolved in Pega Version 8.5.5
Case correspondence that contained a Subject with accent characters such as "Invitation à être" was being rejected by MailJet on the basis of encoding issues on the "Thread-Topic" when using custom headers. The error "BAD HEADER SECTION, Non-encoded non-ASCII data (and not UTF-8)" was generated. This was traced to the Send Email Smart Shape handling when using custom headers, and has been resolved by encoding the Subject before appending it to the Thread-topic header while adding custom headers.
INC-161645 · Issue 634639
Java Bean import updated to handling differences in Java 7 and Java 8
Resolved in Pega Version 8.5.5
The behavior of the java bean Introspector class is inconsistent across different versions of the JDK when detecting indexed properties built off of java.util.List objects, causing Java Bean import to generate differently in Java 7 and Java 8. This has been resolved by updating PRIndexedPropertyDescriptor to better handle this JDK difference by resolving indexed read and write methods manually using simple reflection.
INC-163292 · Issue 635839
Portlet service deprecated
Resolved in Pega Version 8.5.5
Portlet authentication services have been removed from the standard installation package. The IAC service has been restored.
INC-158018 · Issue 633374
Archiving updated to include pxobjclass in CTE column list
Resolved in Pega Version 8.5.5
After enabling the case archival feature on a casetype, cases were getting stuck in the Archive-Ready state while being archived, and a 'column not found' error was seen. Investigation showed that the generated SQL statement used to retrieve the resolved case instances used a common table expression (CTE) whose columns were inskey, insclass, and parentinskey, and the query that referenced the CTE was attempting to compare the column pxobjclass when pxobjclass did not exist in the CTE's column list. To resolve this, the CTE column list has been updated to pzinskey, pxobjclass, and parentinskey to prevent the 'column not found error' from occurring, and the query that referenced the CTE was also updated to use the correct column names and aliases.
INC-159244 · Issue 627864
Bulk actions check in preserves declare expression legacy setting
Resolved in Pega Version 8.5.5
When a declare expression was saved in legacy mode with "Whenever used" selected in change tracking, performing a bulk check-in of the rule caused the expression to default to the new forward chaining method. This did not occur when using a direct check-in. Investigation showed this was caused by the check-in page holding a legacy value before the step execution, and has been resolved by adding a pre-save activity before the validation activity that will restore the .pyIsLegacy value from .pyExpressionTypeSelector, if set.