INC-143191 · Issue 596470
Scheduled tasks landing page shows all tasks
Resolved in Pega Version 8.2.8
Due to pzGetScheduledTasks listview having a hardcoded limitation of 500 records to be fetched, not all scheduled tasks were being shown in the scheduled tasks landing page. This has been resolved by modifying the pyCreateSummary activity to use a newly created Report Definition to fetch data instead of list view.
INC-144756 · Issue 602724
Security improved for searches
Resolved in Pega Version 8.2.8
Authentication requirements have been added to activities associated with searching.
INC-120343 · Issue 573075
Explicit parent added for descendants in subreport to correct summary
Resolved in Pega Version 8.2.8
When using a Report Definition with a Summarize column and a subreport with join class, it was not considering implementation class work objects. As a result, the prepared values were only partially computed. This was traced to the SubReport in SetQuery not having reference to a parent for the descendants classes, and has been resolved by explicitly setting the parent value.
SR-D90400 · Issue 563185
Explicit parent added for descendants in subreport to correct summary
Resolved in Pega Version 8.2.8
When using a Report Definition with a Summarize column and a subreport with join class, it was not considering implementation class work objects. As a result, the prepared values were only partially computed. This was traced to the SubReport in SetQuery not having reference to a parent for the descendants classes, and has been resolved by explicitly setting the parent value.
INC-130500 · Issue 580621
Cross-site scripting protections updated for authorization
Resolved in Pega Version 8.2.8
Cross-site scripting protections have been updated for various URLs associated with authorization.
INC-132191 · Issue 582547
Option added to return to same authenticationService after SAML logoff
Resolved in Pega Version 8.2.8
An enhancement has been added which provides a check box on the Authentication Service ruleform to select the option of redirecting users back to their original authentication service screen after logoff.
INC-132209 · Issue 577001
CDK key loading modified for better database compatibility
Resolved in Pega Version 8.2.8
Users were unable to log on to the system and received the error "There has been an issue; please consult your system administrator." Investigation showed the log errors stating "(dataencryption.DataKeyProvider) ERROR localhost - Could not get CDK from systemKeyManagementCache - System CDK is null". This was an issue specific to the MS SQL Server database when there were 6 or more CDKs in the database: CDK keys are loaded from database into Cache using an SQL statement which had the ORDER clause. By default, the ORDER clause treats NULL values differently on different databases, and this caused MS SQL databases to not load a necessary CDK key. To resolve this, the SQL query has been modified so the result will be the same for all supported daatbases (Oracle, Postgres & MS SQL Server).
INC-132897 · Issue 576549
UseSSL correctly set for password reset email
Resolved in Pega Version 8.2.8
Email was not being sent as part of the password reset functionality for Agile Studio when the email account was set to use SSL. An EmailClientException was logged. This was traced to the 'forgot password' flow reading .pyUseSSL as false, and has been resolved by setting pyUseSSL from the email account page.
INC-133518 · Issue 592225
Context updated for IACAuthentication activity trace
Resolved in Pega Version 8.2.8
After upgrade, tracing the IACAuthentication activity was not working. Investigation showed that the context object had a null tracer value, which has been resolved by updating the system so the tracer runs with the correct context.
INC-134315 · Issue 578367
Resolved 400 error on second browser session
Resolved in Pega Version 8.2.8
When accessing application URLs in two tabs of a browser window, logging into the second session was throwing a 400 invalid request. This has been resolved by adding specified activities to an allow list which will bypass URLObfuscation in un-authenticated mode. Non-listed activities will be processed using URLObfuscation if it is enabled.