INC-142589 · Issue 595489
Corrected tooltip evaluation for multiselect
Resolved in Pega Version 8.4.3
After adding help text for a multiselect help icon with overlay on hover field, the value was not being sourced. Changing to a different type of help text or control type worked as expected. This was due to an error in case sensitivity, using pyToolTip when it should have been pyTooltip, and has been corrected.
INC-142714 · Issue 596554
Recent Cases from different applications available to open
Resolved in Pega Version 8.4.3
An enhancement has been added which will allow opening other application assignments in the Recent Cases section of the current application when the user has access to multiple applications.
INC-143005 · Issue 596954
Fluid Overlay displays as expected in Firefox
Resolved in Pega Version 8.4.3
After upgrade, using the Overlay format "Fluid" to perform the screening matches task in CLM using Firefox had an overlay that covered the entire screen but was missing the scrollbar to manage the content. This has been resolved by adding changes to support dynamic content (with scrollbar) for center overlay.
INC-137874 · Issue 599131
Cross-site scripting update for Dev Studio
Resolved in Pega Version 8.4.4
Cross Site Scripting (XSS) protections have been added to Developer Studio.
INC-140224 · Issue 604006
Corrected SAML SSO error
Resolved in Pega Version 8.4.4
After opening a case from the Pega-FCM portal or after logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint %27pr_data_saml_requestor_PK%27. Cannot insert duplicate key in object". This was a missed use case that happens only under the old SAML configuration, and has been resolved by removing a when condition that checks for stepstatus fail for the pySAMLwebSSOAuthentication activity.
INC-141595 · Issue 602715
CSRF and Browser fingerprint tokens added for testing custom scripts
Resolved in Pega Version 8.4.4
After upgrade, the test window appeared blank when attempting to test Decision Table rules. This was traced to there not being CSRF token and Browser fingerprint handling in the custom script used to show a prompt screen to the user. Because the CSRF token validation was missing, the request failed. To resolve this, CSRF and Browser fingerprint tokens have been added as hidden fields.
INC-141940 · Issue 601543
Revoke Access Token check removed from OAuth Client Registration
Resolved in Pega Version 8.4.4
When client credentials were implemented, the OAuth 2.0 Client Registration form was designed such that once the instance was created and a token issued, the access tokens were deleted on save. Process changes now indicate that it should be possible to save the form because it may only have History Description/Usage changes made to it and Revoke Token and Regenerate Secret buttons are already available. To address this, the Revoke Access Token check has been removed from the validate activity of Client Registration.
INC-144591 · Issue 601611
Oauth and beanutils jars upgraded
Resolved in Pega Version 8.4.4
The third party Oauth2 jars and commons-beanutils jar have been updated to the latest versions.
INC-144597 · Issue 598307
Updated handling for MT query of pr_data_admin table
Resolved in Pega Version 8.4.4
When using a multi-tenant environment with Oracle, as the number of users in the environment increased, the number of queries of the pr_data_admin table "WHERE pyEnableAuthService" increased exponentially and causes system slowness. This was traced to missed handling for the @ character in the authentication service cache while requesting, and has been resolved by updating authservicecache.java.
INC-145033 · Issue 599482
ForgotPassword responses made consistent
Resolved in Pega Version 8.4.4
To prevent possible exposure of valid usernames, the ForgotPassword logic has been updated so that it will show the same messages and set of screens to both valid and invalid users if a lost password request is made.