INC-166995 · Issue 642440
DeleteDocumentPg added to allow list
Resolved in Pega Version 8.7
During performance testing with CSRF settings enabled, a '403 Forbidden' error was seen in the network trace when FinishAssignment called pyActivity=pyDeleteDocument on close action. This has been resolved by adding pyDeleteDocumentPg to the list of allowed activities.
SR-D23239 · Issue 499595
Support added for multi-operator SAML logins
Resolved in Pega Version 8.3.1
When a SAML user is logged in by Single Sign-On (SAML), the system processes the login to portal as a different operator if there was a function on the Attribute field under Operator identification in the SAML authentication service. In this scenario, using an expression for operator provisioning did not work because all SAML login sessions resolved to the same first operator due to parseAndEvaluateExpression() in ExpressionHelper.java ignoring new expression arguments if the expression page already existed. To support the use of multiple operator logins in this format, the system has been updated to clone a new expression page for every session and update it with the correct expression arguments.
SR-D47611 · Issue 513113
HTTPS login path issue resolved
Resolved in Pega Version 8.3.1
When using iOS, entering wrong credentials for a login with an https endpoint converted the URL to http. This was traced to a case where the resourcePath was coming as http in SSL enabled system, but the reqURI was still https. To correct this, the system has been updated so that if the reqContextURI starts with https and the requestURL starts with http, then the requestURL will be converted to https.
INC-167254 · Issue 651529
Reports database configuration documentation updated
Resolved in Pega Version 8.4.6
Documentation for working with the reports database has been updated to clarify that only a separate database with same schema/table names is supported. The complete information is available in the support documentation under Reporting Capabilities -> Reporting -> Creating advanced reports -> Setting up reports database.
INC-177323 · Issue 672423
Search string wildcard use documentation updated
Resolved in Pega Version 8.4.6
The support article for the search API has been updated to clarify the ability to use the wildcard character "*" by manually adding it to the prefix of each term in the search string.
INC-190130 · Issue 678543
Help information updated for using Elastic Search with Report Definition
Resolved in Pega Version 8.4.6
The support article "Configuring a report definition to run against an Elasticsearch index" has been updated to clarify that the search can pass multiple values with a space in pySearchString as it does OR operation on all the fields, and that filters in the report definition will be used when executing the report directly or when calling the report in the pxRetrieveSearchData activity.https://community.pega.com/knowledgebase/articles/system-administration/85/configuring-report-definition-run-against-elasticsearch-index
INC-175706 · Issue 659527
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.4.6
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-179360 · Issue 662178
Check added for allowed editing with CSRF
Resolved in Pega Version 8.4.6
After enabling CSRF, it was not possible to edit a data table used to define ACL rules due to security preventing the adding/editing of rows and user group entitlements. This has been resolved by using browser FingerPrint validation to check whether an activity is in a secured list and skipping validation for allowed activities.
INC-180275 · Issue 666457
Collaboration control hidden if data type is delegated
Resolved in Pega Version 8.4.6
When collaborating using a customized CaseManager portal with some delegated data types, the admin user refreshing the Data Type view changed the collaborator's view from the portal to show the Data Type tabs, allowing the second person to open rules (properties, Data Pages, etc) and see the configuration even though they could not make any changes. This has been resolved by updating pzDataTypeDelegated to display the collaboration control only if pzDelegation is false.
INC-180594 · Issue 670956
Filtering added for DisableDormantOperators
Resolved in Pega Version 8.4.6
When running the Disable Dormant Operators agent, many operators were seen which were dormant but not disabled. Investigation showed the activity was fetching all of the operators without filtering the deactivation state. This has been resolved by adding a filter condition in pzDisableDormantOperators to fetch only deactivate state users.