INC-182827 · Issue 691528
URL security updated
Resolved in Pega Version 8.6.4
Security has been updated for URL tampering defense and Rule Security Mode.
INC-209298 · Issue 704141
Added security tokens to Worklist assignment error wizard
Resolved in Pega Version 8.6.4
After enabling CSRF, moving to 'Configure -> Case Management -> Tools -> Work Admin -> Worklist assignment errors' and then selecting a record and clicking on 'Delete' resulted in a '403 Forbidden' error. This has been resolved by adding CSRF and fingerprint tokens as part of the form data.
INC-211426 · Issue 706061
UI and code changes to support Client Assertion in Open ID Connect
Resolved in Pega Version 8.6.4
In order to support private_key_jwt, an enhancement has been added which will pass the “Client ID” and “Client assertion” (in the form of a signed JWT) as part of the authorization code grant flow for an IDP-initiated SSO. The Authorization Server will then authenticate Pega (the client) to verify the signature and payload of assertion by retrieving the public key via Pega’s JWKS endpoint.
INC-215343 · Issue 711141
Security updates
Resolved in Pega Version 8.6.4
Security updates have been made relating to rulesets using allow lists, checks for Java code injections, SAML-based SSO code, and supporting SFTP as part of the validation in the pxValidateURL rule.
SR-D71977 · Issue 535602
Obj-Browse will retrieve more than 50 records
Resolved in Pega Version 8.5
After performing multiple skims, a newly added property was not retrieved when an Obj-Browse was performed. In Obj-Browse action, when a class is mapped to an external table and does not contain BLOB column pzpvstream, in a specific case where pxObjClass value is a reference to a parameter, a list of properties mapped to the class explicitly by querying pr4_rule_property table using NativeSQL is fetched. This call by default returns only 50 records: in cases where there are more than 50 properties for an external class, some of the properties from the obj-browse response mapping are therefore missed. To resolve this, the limit of 50 records has been removed from this NativeSQL call.
SR-D65112 · Issue 541149
Added support for imported rules to populate bixreportpage
Resolved in Pega Version 8.5
Extract rules were not holding the filter criteria after upgrade while performing save-as (for the first time) of the imported rules from the previous version. Criteria were held when the filters were created in the new version. This was caused by BIX extracts created in earlier releases (7.x) not having bixreportpage included. When an environment was upgraded to 8.x versions, opening an extract required the bixreportpage to be populated with RD metadata including the filters defined in the actual extract. Although the filters from the original extract were converted to filters that are acceptable by ReportDefinition, they were not being added to bixreportpage on opening the extract. To resolve this, the system has been updated to copy the filters back to bixreportpage on opening the extract in the upgraded environment.
SR-D76150 · Issue 539454
Logging updated for EmailListener and Data-Agent queue items
Resolved in Pega Version 8.5
In order to avoid the pr_sys_queue_ftsindexer table being overwhelmed with Data-Admin-Connect-EmailListener and Data-Agent-Queue instances for queued items, the Data-Admin-Connect-EmailListener and Data-Agent-Queue class definitions have been modified to filter queue items to incremental indexing if updates are from system and instance type is data- .
SR-D66986 · Issue 539414
BIX command line support improved
Resolved in Pega Version 8.5
Post-upgrade, it was seen that changes to the engine which validate that Data-Admin-DB-Name is not defined multiple times caused the BIX command line extracts to no longer work the same way. In order to improve backwards compatibility, updates have been made to loosen the validation in JdbcConfigurationFactory to always prefer prconfig settings if there are multiple definitions.
SR-D70890 · Issue 542871
Enhanced diagnostic logging for automatic search re-index
Resolved in Pega Version 8.5
To better analyze an out of memory error, enhanced diagnostic logging has been enabled for the below classes to get more information regarding re-index triggered automatically after search index is complete. PegaSearch.SearchManager.SearchInitlizationUtils PegaSearch.SearchManager.BuildIndicesTask Rule_Obj_Activity.pzLPFTSManagerRunBuildIndex.Pega_Search_Manager.Action PegaSearch.Indexer.AbstractIndexer
SR-D61971 · Issue 529608
Search Landing Page handling added for email addresses containing hyphens
Resolved in Pega Version 8.5
When an e-mail addresse containing a hyphen was entered for the Automated Search Alert functionality, the validation error "Please Enter Valid Email Address(s)" appeared. For example, [email protected] was not accepted. To resolve this, the regexp function used for the email validator has been updated.