INC-134315 · Issue 578366
Resolved 400 error on second browser session
Resolved in Pega Version 8.5.1
When accessing application URLs in two tabs of a browser window, logging into the second session was throwing a 400 invalid request. This has been resolved by adding specified activities to an allow list which will bypass URLObfuscation in un-authenticated mode. Non-listed activities will be processed using URLObfuscation if it is enabled.
INC-130500 · Issue 580623
Cross-site scripting protections updated for authorization
Resolved in Pega Version 8.5.1
Cross-site scripting protections have been updated for various URLs associated with authorization.