INC-196839 · Issue 695281
Removed duplicate clipboard page creation
Resolved in Pega Version 8.7.1
An out of memory exception occurred due to the pyInstanceInfoForUpdate clipboard page having 6.5M Embed-InstanceInfo entries. This was traced to the ClientUpdateRequestHandler.getInstanceInfoPage method continuously appending to the ClipboardProperty instanceInfoPage. This has been resolved by removing the extra creation of instance pages within the loop.
INC-200303 · Issue 692845
OIDC authentication service token reload updated
Resolved in Pega Version 8.7.1
The exception “PRSecurityException: Invalid State Parameter received" was generated along with "Unable to execute OIDC flow : Caught exception while parsing the id token”. The issue was identified in the Keystore cache refresh strategy for the 'reload once per interaction' option. While the Refresh interval was one minute for reload once per interaction, if there was a login request/keystore request in that one minute then the refresh interval was pushed to one minute again from that timestamp. The system was also maintaining the cache refresh interval as one minute. That meant if there were continuous requests, then the refresh interval was pushed to one minute for each request. As a result, the Refresh interval was repeatedly extended until the exception occurred. To resolve this, the Refresh token will happen if there are no requests for a period of one minute, and the cache refresh interval for "Reload once per iteration" has been removed completely.
INC-200877 · Issue 693823
Functions supported in Authorization Service
Resolved in Pega Version 8.7.1
An enhancement has been added to support operator page context evaluation with a Rule-Utility-Function during property mapping evaluation.
INC-209298 · Issue 704142
Added security tokens to Worklist assignment error wizard
Resolved in Pega Version 8.7.1
After enabling CSRF, moving to 'Configure -> Case Management -> Tools -> Work Admin -> Worklist assignment errors' and then selecting a record and clicking on 'Delete' resulted in a '403 Forbidden' error. This has been resolved by adding CSRF and fingerprint tokens as part of the form data.
INC-227878 · Issue 727855
UPDATE IMPACT FOR PEGA CALL
Resolved in Pega Version 8.7.3
Log4j-1.2.14.jar and Log4j-1.2.17.jar have been removed to address the security concerns with these versions, and logger jars have been upgraded to 12.7.2 version (from 12.7.1 version) to make Pega Call compatible. This change will impact Pega Call customer environments due to Avaya or Genesys, which are part of Pega Call, having an internal dependency on Log4j1.x version jars. As a result, the SDK logging for Avaya or Genesys will not be available in the 8.7.3 release unless the Log4j-1.x jar files are reimported locally.
INC-173596 · Issue 673089
Apache Commons HttpClient dependency removed
Resolved in Pega Version 8.7.3
As part of moving from the Apache Commons HttpClient project (which is at end of life and no longer being developed) to the Apache HttpComponents project, openws dependencies on the commons-httpclient jar have been removed.
INC-228169 · Issue 729187
Login error messages updated
Resolved in Pega Version 8.7.3
Exception response messages have been updated in order to improve security around attempts to bypass operator authentication.