SR-D62949 · Issue 527502
XSS protection added
Resolved in Pega Version 8.4
The CrossScriptingFilter API has been applied to address a potential XSS issue related to stream rule parameters used in the request header.
SR-D63232 · Issue 524295
Support added for Authentication service rule attributes in embedded pages
Resolved in Pega Version 8.4
SSO login was not working, giving the error "Unable to process the SAML WebSSO request : No value specified for Attribute in SAML assertion". Investigation showed the Authentication service rule could only map attributes that are on the top level page and did not consider embedded page values. To resolve this, tools.getProperty will be used to fetch the property reference value instead of find Page and getString.
SR-D63727 · Issue 531726
Authorization header base 64 format error recategorized as debug logging
Resolved in Pega Version 8.4
Numerous messages were generated indicating that the Authorization Header format was invalid when using the format " : " (Base64 Og==) . As this is the default behavior for a particular class of proxy servers, the error statement has been updated to be logged as a debug statement and will be visible only when that logging is enabled.
SR-D71378 · Issue 533282
Authorization header base 64 format error recategorized as debug logging
Resolved in Pega Version 8.4
Numerous messages were generated indicating that the Authorization Header format was invalid when using the format " : " (Base64 Og==) . As this is the default behavior for a particular class of proxy servers, the error statement has been updated to be logged as a debug statement and will be visible only when that logging is enabled.
INC-184798 · Issue 703269
PRconfig added for JVM user/password
Resolved in Pega Version 8.7.1
The setting Dcom.sun.management.jmxremote.local.only=true has been added for use when JMX authentication is enabled by providing jmxuser/password through prconfig.
INC-194348 · Issue 703374
Resolved multiple copies of Pega0050 alerts
Resolved in Pega Version 8.7.1
The PDC alert Pega0050 was seen multiple times for the standard pxgetoperatordetails activity, step 6.This has been fixed by removing the pagecopy and updating the data page properties.
INC-195580 · Issue 684492
Delay Factor updated to allow values < 1.0
Resolved in Pega Version 8.7.1
After modifying the "Delay factor" parameter on a queue processor rule and and clicking the "Save" button, refreshing the page caused the value of the "Delay factor" parameter to change. This has been resolved by updating the delay calculation strategy to support factors < 1.0.
INC-196478 · Issue 683130
CORS policy updated for GET streams
Resolved in Pega Version 8.7.1
CORS (Access-Control-Allow-Origin) support has been added to handle Stream calls during GET requests.
INC-163791 · Issue 704029
Simplified default reference time calculations
Resolved in Pega Version 8.7.1
After a job scheduler was configured to run at Start time = 21:00:00 for Time zone = Europe/London, the scheduler determined 20:00:00 as the next start time. This was due to the calculation for the next start time using the time zone offset calculation pattern for the date and time stored in System-Runtime-Context.pxCreateDateTime, which had difficulty with changes to the time zone definition implemented in the time between the given date and today (meaning the current time) such as daylight savings time. To resolve this, the default reference time from System Runtime Context will be 'now' instead of Date(0).