SR- · Issue 403102
Links updated for Security Checklist rule documentation
Resolved in Pega Version 8.1.1
The links for the following tasks in the documentation for the Security Checklist rule have been updated: "Secure web.xml"; "Appropriately encrypt data"; and "Define appropriate access control for client personal info subject to regulations like EU GDPR". In addition, the task "Configure Dynamic System Settings for production" has been renamed to"Define appropriate Cross-Site Request Forgery (CSRF) settings" and is linked to the CSRF landing page.
SR- · Issue 404593
Thread name implementation fixed for FCM use with micro DC
Resolved in Pega Version 8.1.1
When attempting to invoke a remote case in the Interaction Manager portal via FCM with the Customer Service for Insurance application which uses micro DC, the case was not invoked and an empty screen was displayed. Invoking the case from the interaction portal resulted in a JavaScript error. Invoking the case from a WSS or directly from the Create button in Designer Studio worked correctly. This was traced to a recent change to the implementation for generating the thread name. Because of this, CRM apps could not load the Federated cases via micro DC. This has been fixed through changes in "pzFCMMashupGadget" to replace the slash with underscore for the FCM thread.
SR- · Issue 406436
OIDC and authorization_code flow corrected
Resolved in Pega Version 8.1.1
The OIDC and authorization_code flow was not working work on the first attempt. This was traced to the server that was performing the OAuth 2.0 authorization_code redirecting straight to the Pega application after successful user authentication instead of returning an authorization code via redirect_uri. As a result, the Pega application was rendered in a external Safari window which is supposed to be used for user authentication only. Second and subsequent attempts to perform the OAuth 2.0 authorization_code flow were successful and the Mobile Client was logged in. This was caused by the unnecessary retainment of state parameters in the OIDC flow, and has been fixed by removing the code that appended the querystring parameters used for the Hybrid Client.
SR- · Issue 402877
Merge Wizard errors fixed, and created rules will use the highest ruleset version available
Resolved in Pega Version 8.1.1
Code errors in the Merge Wizard that were causing Null Pointer Exception errors have been fixed, In addition, branch rule sets created through this wizard did not have the 'Application validation' option and rule set pre-requisite filled automatically; the system has been updated so the version prerequisite will be the highest existing ruleset version in the ruleset.
INC-173068 · Issue 654064
HTML tags escaped in Audit History field values
Resolved in Pega Version 8.4.6
The case narrative section was showing case statuses with encoded special characters such as % or ( ), resulting in entries such as "Status changed to Complete &# 40;approved& #41; !@#$ %^& amp;*&# 40;&# 41;_&# 43;.". This has been resolved by updating the PyMemo field from type Text Input to DisplayAsLiteral for case narrative, which matches the setting for case history.
INC-175882 · Issue 658642
Updated bulk action audit history logic and security
Resolved in Pega Version 8.4.6
After update, using the standard bulk action feature did not record an audit history entry for the SLA action on a case. This was traced to changes made around authorization for opening worklists when using pzBulkProcessItem that limited the audit history to reassign, transfer or transfer assignment, and has been resolved by updating the login the Work-pzBulkProcessItem activity. In addition, the Require authentication to run checkbox has been enabled on the Security tab of the activity, and the Allow invocation from browser checkbox has been disabled.
INC-177183 · Issue 660537
Refresh assignment checks updated
Resolved in Pega Version 8.4.6
Additional privilege checks have been added to refresh assignment.
INC-178650 · Issue 673550
Cross-site scripting protections updated
Resolved in Pega Version 8.4.6
Cross-site scripting protections have been updated around the DisplayAttachment function.
INC-183947 · Issue 673735
Query split added to handle Oracle expressions limit
Resolved in Pega Version 8.4.6
The PXCHECKFLOWDEPENDENCIES activity was throwing the Oracle error message "ORA-01795: maximum number of expressions in a list is 1000" when a case had a very large number of sub-cases, causing a failure in trying to submit additional child cases which sent them into the broken process. This has been resolved by updating the pxCheckFlowDependencies rule to break down the query parameter into batches of 999 so they can be handled by Oracle.
INC-184271 · Issue 668414
Portal Header persists appropriately
Resolved in Pega Version 8.4.6
The Portal header was disappearing immediately after case attachments were opened from the right sidebar and did not reappear even after refresh. This was traced to the absence of pd(event), and has been resolved by adding pd(event) to the onclick attribute in the anchor tag in the attachment UIKit rules.