SR-D23239 · Issue 499591
Support added for multi-operator SAML logins
Resolved in Pega Version 8.4
When a SAML user logged in by Single Sign-On (SAML), the system processed the login to portal as a different operator if there was a function on the Attribute field under Operator identification in the SAML authentication service. In this scenario, using an expression for operator provisioning did not work because all SAML login sessions resolved to same first operator due to parseAndEvaluateExpression() in ExpressionHelper.java ignoring new expression arguments if the expression page already existed. To support the use of multiple operator logins in this format, the system has been updated to clone a new expression page for every session and update it with the correct expression arguments.
SR-D31734 · Issue 515657
XSS protection added for parameter page properties
Resolved in Pega Version 8.4
An XSS vulnerability was seen with the Edge browser when run on visibility on client check was enabled with dynamic layouts and some properties were accessed from parameter page. Because run on visibility on client check is not required in this scenario, is has been removed and the values will be accessed from the server instead.
SR-D47685 · Issue 514647
Cookie logging restored
Resolved in Pega Version 8.4
As part of security updates, Cookies were restricted from being logged. However, this caused some business use cases such as a custom function call to obtain the list of cookies that are present in the application to stop working. To resolve this, the cookie logging restriction has been reverted.
INC-133986 · Issue 585431
Encryption documentation updated for embedded properties
Resolved in Pega Version 8.6
Documentation updates have been made to provide instructions on configuring property encrypt policies for embedded properties. This includes information on creating two policies, on the class where the property is referred/used and on the final property level, so these properties can be smoothly encrypted/decrypted at all the places in the UI.
INC-137757 · Issue 600489
Primary page setting updated for micro DC container
Resolved in Pega Version 8.6
In Cosmos, a "Cannot Render Section" error displayed on submit of modal dialogue. This was caused by a primary page calculation error for the micro DC container, and has been corrected.
INC-138443 · Issue 584680
SAML authentication documentation expanded
Resolved in Pega Version 8.6
Documentation for SAML authentication services has been updated to include more detailed information about app alias URL changes.
INC-139085 · Issue 589553
Documentation updated for using Custom Stored Procedure after upgrade
Resolved in Pega Version 8.6
Documentation has been updated to reflect that when upgrading an environment to Pega 8.3+, the following two prconfig/DSS settings should be removed. This is the preferred approach to use the new ID generation mechanism. Additionally, if a database sequence was previously used to generate IDs, pc_data_uniqueid should be added or updated to make sure each case type has a row defined, and that the pyLastReservedID matches the maximum of the relative database sequence value plus 1. env name="pega/sequenceid/useOldOOTBIDGenerator" value="true" or DSS: prconfig/pega/sequenceid/useoldootbidgenerator/default env name="database/databases/customUniqueIDproc" value="sppc_data_uniqueid_custom" or DSS: prconfig/database/databases/customuniqueidproc/default To keep using the old custom stored procedure, the following settings should be given either through prconfig or DSS setting (prefixed with "prconfig/"). The sppc_data_uniqueid_custom can be replaced with a custom procedure name with the same signature as the standard stored procedure. env name="pega/sequenceid/useOldOOTBIDGenerator" value="true" env name="database/databases/customUniqueIDproc" value="sppc_data_uniqueid_custom"
INC-139843 · Issue 594083
WSDL for Connect SOAP documentation updated
Resolved in Pega Version 8.6
SOAP integration documentation has been updated to include information regarding handling a WSDL that contains references to external XSD documents.
INC-143033 · Issue 607836
Access Control Policy documentation updated
Resolved in Pega Version 8.6
The documentation for the ACP rule (https://community.pega.com/knowledgebase/articles/security/85/creating-access-control-policy) has been updated to clarify that these rules must be checked in for the policy change to take effect. Access control policies only work when a rule is checked in. Therefore, any changes in a checked out rule will be ignored. When changing or modifying any ABAC policy rules, the rule must be checked out, updated, saved, and checked in for the changes to take effect.
INC-145944 · Issue 612847
Product Rules help updated for Report Definition filters
Resolved in Pega Version 8.6
The Product Rules help documentation has been updated to remove references to the deprecated use of When filters and List View filters as these have been replaced by Report Definition filters.