SR-D30215 · Issue 503682
cross-site scripting protection added to ClientDynamicData
Resolved in Pega Version 8.2.4
Cross-site scripting protection has been added to the "DesignViewIframe" & "pzHarnessID" parameters in the pzClientDynamicData HTML rule.
SR-D25972 · Issue 501482
Handling added for custom error message in post-authentication activity
Resolved in Pega Version 8.2.4
The error message in post authentication activity was always appearing as 'Login terminated because a post-authentication activity or policy failed' irrespective of the actual message being conditionally set in the activity based on post authentication logic. Investigation showed that the parameter page in the SSO post-authentication activity was not being passed to the 'pzShowAuthPolicyError' activity due to the post-authentication activity executing in authenticated context whereas the HTML fragment executed in the un-authenticated context. In order to support this use, post-authentication activity will set the error message on a predefined property and propagate that to the HTML fragment by appending the error message as a query parameter in the redirect exception URL post-authentication failure.
SR-D23862 · Issue 503896
Corrected test connection for LDAP AuthService using keystore
Resolved in Pega Version 8.2.4
When using a AuthService rule defined for LDAP using ldaps:// and a KeyStore rule that was defined to reference a local file in the server, the Test Connection button on the AuthService rule did not work and generated the following exception: "com.pega.apache.commons.httpclient.contrib.ssl.AuthSSLInitializationError: I/O error reading keystore/truststore file: null". Investigation showed that file reference keystore did not work with an LDAPS test connection because while run time used the LDAPVerifyCredentials activity, the design time validation used the activity “ValidateInfrastructure” which did not have the required code to support file reference keystore. This has been corrected.
SR-D21803 · Issue 502130
Cross-site scripting protection added for embedded portal URI
Resolved in Pega Version 8.2.4
The URI used in the top window of embedded portals has been encoded to prevent DOM based cross-site scripting.
SR-D29485 · Issue 503511
Enhancement added to modify URL encryption for load testing
Resolved in Pega Version 8.2.4
An enhancement has been added which allows conditionally modifying URL encryption for load testing. This uses the flag crypto/useportablecipherforurlencryption: if true, a portable hardcoded key is used to encrypt the URLs and if false, a dynamically generated key per thread/requestor is used to encrypt the URL.
SR-D38581 · Issue 504775
Removed unnecessary cross-site scripting filtering on paragraph rule
Resolved in Pega Version 8.2.4
When a link was set in a paragraph rule, the target option was removed in the returned layout structure. This was traced to unnecessary XSS filtering which has now been removed.
SR-D39956 · Issue 511637
Corrected method IF use with shortcut function
Resolved in Pega Version 8.2.5
After upgrade, method IF was not working as expected when used in an expression like "@if(.totalorders_120days>0,(.remakeorders_120days/.totalorders_120days)<0.3,false)". This was caused by a missed use case for the combination of an exception-generating function in combination with a shortcut function (i.e. ternary, and, or), and has been resolved.
SR-D41207 · Issue 512087
Fallover stategy added to chat routing to keep event processor running
Resolved in Pega Version 8.2.5
Chats were becoming stuck in the queue and end users were not able to connect with the customer service representative. An excessive number of queued items were observed in a Queue Processor named "EventProcessor". This was traced to the setting "Browse from the offset" having been removed because of a retention policy. This resulted in "Browse from the end of the stream" being used instead even though browse should start from the earliest known offset. To resolve this, Stream Producer will be cached based on topic, and Stream consumer will fall over to an earliest strategy in case the requested offset isn't found so the event queue will be handled in a timely manner.
SR-D42662 · Issue 516870
Support added for auto restart of system paused nodes
Resolved in Pega Version 8.2.5
After the system paused a run, nodes had to be manually restarted by hand. Investigation showed that a node had fallen from the Hazelcast cluster due to an instability and that there was no support for an auto-restart under this condition. This has been resolved by adding a pulse task to resume runs stuck in system pause.
SR-D43912 · Issue 509737
Fallover stategy added to chat routing to keep event processor running
Resolved in Pega Version 8.2.5
Chats were becoming stuck in the queue and end users were not able to connect with the customer service representative. An excessive number of queued items were observed in a Queue Processor named "EventProcessor". This was traced to the setting "Browse from the offset" having been removed because of a retention policy. This resulted in "Browse from the end of the stream" being used instead even though browse should start from the earliest known offset. To resolve this, Stream Producer will be cached based on topic, and Stream consumer will fall over to an earliest strategy in case the requested offset isn't found so the event queue will be handled in a timely manner.