SR-113624 · Issue 167070
Enabling out-of-the-box Security Policies now redirects immediately
Resolved in Pega Version 7.1.7
When enabling out-of-the-box Security Policies, it was not immediately redirecting to the change password screen but instead requiring the timeout interval to expire before redirect happened. This has been corrected.
SR-118077 · Issue 170104
Excessive logging addressed in Pega Mobile 4.3
Resolved in Pega Version 7.1.7
In PegaMobile, the oLog debugging statements were generating excessive log files. This has been addressed in Pega Mobile 4.3.
SR-118880 · Issue 172588
Change Password redirect loop fixed
Resolved in Pega Version 7.1.7
When URLEncryption is enabled along with Security Policies, redirection to the Change Password screen caused the browser to loop into an endless redirect (HTTP 302 loop). This was caused by Incorrect (un-obfuscated) data being used internally when obfuscation was enabled, and has been fixed.
SR-D23239 · Issue 499591
Support added for multi-operator SAML logins
Resolved in Pega Version 8.4
When a SAML user logged in by Single Sign-On (SAML), the system processed the login to portal as a different operator if there was a function on the Attribute field under Operator identification in the SAML authentication service. In this scenario, using an expression for operator provisioning did not work because all SAML login sessions resolved to same first operator due to parseAndEvaluateExpression() in ExpressionHelper.java ignoring new expression arguments if the expression page already existed. To support the use of multiple operator logins in this format, the system has been updated to clone a new expression page for every session and update it with the correct expression arguments.
SR-D31734 · Issue 515657
XSS protection added for parameter page properties
Resolved in Pega Version 8.4
An XSS vulnerability was seen with the Edge browser when run on visibility on client check was enabled with dynamic layouts and some properties were accessed from parameter page. Because run on visibility on client check is not required in this scenario, is has been removed and the values will be accessed from the server instead.
SR-D17418 · Issue 498723
Attached note header displays properly in Hebrew locale
Resolved in Pega Version 8.4
With the locale set to Hebrew, the whole portal is presented correctly from right to left, but when opening a case note (attached email) the header was not displayed as right to left. This has been resolved by updating the 'DisplayNote' HTML of class 'Data-WorkAttach-Note' and 'Show' HTML of class 'Data-Corr-Email' to use locale information from the operator.
SR-D17575 · Issue 492689
Survey route to work queue option restored for smartshape
Resolved in Pega Version 8.4
After upgrade, routing to workqueue was no longer available for the new create survey smart shape. This has been restored.
SR-D18589 · Issue 495717
Google Map API updated
Resolved in Pega Version 8.4
When using Address Map control with enabled markers whose source is a datapage, the location in the map was redirected as expected to the address populated by the datapage, but the marker overlay that appeared by default containing address details and a link to "Open in Google Maps" did not load. Clicking on random places on the map caused it to load correctly. This has been corrected with the creation of a custom activity to get section markup that will use reload section with proper context to fix the issue. In addition, enhancements have been made to enable automatic upgrade of existing apps which use Address Map to use pxMap by auto-generating pxMap from the existing configuration. Properties set in Address Map's design time configuration should be mapped to corresponding properties in pxMap as given below. If report definition, clipboard page. or list property was used as marker source, a data page will need to be created manually. 'Starting Lat, Long' property is mapped to 'Custom initial lat / long' 'Markers source' is mapped to 'MARKERS' as follows: - 'None' to 'None' - 'Data page' to 'Data page', 'Property for location' -> 'Location property', 'Marker info section' -> 'Info section' - 'Property' to 'Property', 'Address property' -> 'Address property', 'Allow marker repositioning to change the address value' -> 'Drag marker position to update address value', 'Report lat long in property' -> 'Lat / long logging property', 'Report incorrect address' and 'Error message' is ignored at this time - 'Report definition' is ignored - 'Clipboard page' is ignored - 'List defined on property' is ignored 'Visibility' and 'Tour ID' are mapped 1to1 It is also possible to disable rendering of the Map control from the Address Map configuration: when switched off, pxAddressMap will be generated instead of pxMap.
SR-D21004 · Issue 492467
Corrected case comparison to prevent completed cases being routed to error workbasket
Resolved in Pega Version 8.4
Some cases were routing to the sync error workbasket even while being resolved. Investigation showed that pzSetDeferWrite was comparing the serverside assignhandle with the assignahandle sent by the client upon sync, but since the client was sending assignahandle in lowercase (reproduced if workid prefix is customized), the comparison was failing. To resolve this, the AI has been modified to pass the pzInskey as uppercase to the pzSetDeferWrite activity.
SR-D28060 · Issue 498751
XSS filtering added to App Studio
Resolved in Pega Version 8.4
The pzDisplaySpaceFeedTitle control which is used to display the audit feed in Pega App Studio has been updated with XSS filtering.