INC-160372 · Issue 629922
Resolved unneeded chat survey error logging
Resolved in Pega Version 8.6
After configuring a chat server to do a post chat survey, the post chat survey was correctly served but errors indicating "Cannot find PegaCA-Work-SurveyNPS.Thank you for your feedback. van type Rule-HTML-Paragraph" were logged. This was caused by the method used by the system to distinguish between text and paragraph questions in pyProcessNextStep, and has been resolved by adding additional checks for whether paragraph exists before opening it.
INC-160688 · Issue 632230
Skip topics from the attachments setting honored
Resolved in Pega Version 8.6
Topic detection was happening for attachments even when it is disabled in the UI. This issue was traced to pyTopics which were not properly configured by selecting checkboxes in iNLP configuration for Email Channel, and has been resolved.
INC-165188 · Issue 635775
Third-party links allowed to pass target attribute in anchor
Resolved in Pega Version 8.6
Attempting to connect to Docusign, a third party application, via Email in an interaction portal was not working, and the error "account.docusign.com refused to connect" appeared. This was caused by the HTML data being sanitized so the attribute 'target' was not allowed to pass and the application could not open in a new tab. To resolve this, an update has been made that will allow the target attribute for an anchor tag.
INC-165886 · Issue 637242
JWT token support added for Digital Messaging
Resolved in Pega Version 8.6
An enhancement has been added to support the use of JWT tokens for authentication with the Digital Messaging API.
INC-128533 · Issue 588007
Property check handling updated for Ajax requestor
Resolved in Pega Version 8.6
SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.
INC-130703 · Issue 597254
Operator provisioning on authentication service corrected
Resolved in Pega Version 8.6
When operator provisioning was triggered on user login via authentication service, the error "ModelOperatorName is not valid. Reason: declare page parameters not supported by PropertyReference" was generated. This was traced to optimization work that had been done on the expression evaluation for operator identification, and has been resolved by adding the required GRS Syntax support in the Operator Provisioning section in SAML and OIDC.
INC-133518 · Issue 592228
Context updated for IACAuthentication activity trace
Resolved in Pega Version 8.6
After upgrade, tracing the IACAuthentication activity was not working. Investigation showed that the context object had a null tracer value, which has been resolved by updating the system so the tracer runs with the correct context.
INC-134808 · Issue 590712
Property check handling updated for Ajax requestor
Resolved in Pega Version 8.6
SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.
INC-137709 · Issue 584981
New security role added to restrict access to development-specific classes
Resolved in Pega Version 8.6
A new security role and related RAROs have been implemented to allow better security for end users on non-BAC systems. This restricts access to Rules and execution of activities on classes that are development-specific.
INC-137873 · Issue 596157
Java injection security updated
Resolved in Pega Version 8.6
Protections have been updated against a Java injection.