INC-144591 · Issue 601608
Oauth and beanutils jars upgraded
Resolved in Pega Version 8.6
The third party Oauth2 jars and commons-beanutils jar have been updated to the latest versions.
INC-144597 · Issue 598304
Updated handling for MT query of pr_data_admin table
Resolved in Pega Version 8.6
When using a multi-tenant environment with Oracle, as the number of users in the environment increased, the number of queries of the pr_data_admin table "WHERE pyEnableAuthService" increased exponentially and causes system slowness. This was traced to missed handling for the @ character in the authentication service cache while requesting, and has been resolved by updating authservicecache.java.
INC-144756 · Issue 602723
Security improved for searches
Resolved in Pega Version 8.6
Authentication requirements have been added to activities associated with searching.
INC-145033 · Issue 599479
ForgotPassword responses made consistent
Resolved in Pega Version 8.6
To prevent possible exposure of valid usernames, the ForgotPassword logic has been updated so that it will show the same messages and set of screens to both valid and invalid users if a lost password request is made.
INC-145694 · Issue 601293
Property check handling updated for Ajax requestor
Resolved in Pega Version 8.6
SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.
INC-146434 · Issue 602739
Accessibility added to Security Event Configuration headers
Resolved in Pega Version 8.6
Labels for the headers in the Security Event Configuration screen have been converted to dynamic layout headers so they will be detected by JAWS screen reader.
INC-146921 · Issue 601636
Cross site scripting update for Dev Studio
Resolved in Pega Version 8.6
Cross Site Scripting (XSS) protections have been added to Developer Studio.
INC-148117 · Issue 608005
Option added to return to same authenticationService after SAML logoff
Resolved in Pega Version 8.6
An enhancement has been added which provides a check box on the Authentication Service ruleform to select the option of redirecting users back to their original authentication service screen after logoff.
INC-150317 · Issue 625882
Certificate updates handled across nodes
Resolved in Pega Version 8.6
An SSL handshake exception was occurring when running a Connect-REST call automatically from the flow as a background process on a background processing node. The same Connect-REST worked fine when run manually. The exception detailed the issue as "SSLHandshakeException: java.security.cert.CertificateException: None of the TrustManagers allowed for trust of the SSL certificate(s) provided by the remote server to which this client attempted a connection." This was traced to a pulse change scenario where the reloading of the certificates was not happening on all the nodes after adding a new certificate or deleting a certificate. This has ben resolved by adding the DATA-ADMIN-SECURITY-CERTIFICATE class into the UpdatesCacheUtils.java class.
INC-151253 · Issue 607625
Hash comparisons adjusted for upgraded sites
Resolved in Pega Version 8.6
Existing Pega Diagnostic Cloud SSO URLs were not working after upgrade. This was traced to the previous tenant hash (or AG hash) having padding characters like ‘(’ which are no longer used in higher versions. This caused the tenant hash comparison during the SAML login flow to fail. To resolve this, the system will not compare an incoming tenant hash (in relay state) with a current platform tenant hash, but instead will rely on the “/!” pattern to identify the tenant hash in the relay state.