INC-147643 · Issue 605386
Corrected filtering logic for Report Definition with declarative join
Resolved in Pega Version 8.5.2
When using a report definition with declarative join enabled, running the report produced the correct results, but filtering on any other column resulted in all values being shown. This has been resolved by modifying the logic used for pzGetGridColUniqueValues.
INC-147856 · Issue 607132
Description input for new reports restricted to 64 characters
Resolved in Pega Version 8.5.2
After saving a report with a description containing more than 64 characters, trying to delete the same report generated error messages saying the report description exceeds 64 characters. There was no maximum character limit set on the description input when creating/editing/save as a report. The delete modal shows any page-level warnings, so the guard rail warnings show up at that time. This has been resolved by disallowing the creation of a description greater than 64 characters in length.
INC-150054 · Issue 607387
Drilldown works for display of all locks
Resolved in Pega Version 8.5.2
In Developer studio, drilling down from the summary count of all locks to see the actual cases locked gave a generic error screen. This was a missed drilldown use case for List Views during security updates, and has been resolved.
SR-D91660 · Issue 555724
Updated document ID handling for deleting indexes
Resolved in Pega Version 8.5.2
When trying to delete a document for index name "work*", intermittent errors were seen indicating an invalid index name or index does not exist value. This has been resolved by updating the handling for delete by ID.
INC-130703 · Issue 597255
Operator provisioning on authentication service corrected
Resolved in Pega Version 8.5.2
When operator provisioning was triggered on user login via authentication service, the error "ModelOperatorName is not valid. Reason: declare page parameters not supported by PropertyReference" was generated. This was traced to optimization work that had been done on the expression evaluation for operator identification, and has been resolved by adding the required GRS Syntax support in the Operator Provisioning section in SAML and OIDC.
INC-132191 · Issue 582550
Option added to return to same authenticationService after SAML logoff
Resolved in Pega Version 8.5.2
An enhancement has been added which provides a check box on the Authentication Service ruleform to select the option of redirecting users back to their original authentication service screen after logoff.
INC-133518 · Issue 592227
Context updated for IACAuthentication activity trace
Resolved in Pega Version 8.5.2
After upgrade, tracing the IACAuthentication activity was not working. Investigation showed that the context object had a null tracer value, which has been resolved by updating the system so the tracer runs with the correct context.
INC-134808 · Issue 590711
Property check handling updated for Ajax requestor
Resolved in Pega Version 8.5.2
SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.
INC-137873 · Issue 596159
Java injection security updated
Resolved in Pega Version 8.5.2
Protections have been updated against a Java injection.
INC-140101 · Issue 597637
System will attempt to decrypt data ending in "+"
Resolved in Pega Version 8.5.2
Encrypting and decrypting one specific email address was not working properly when showing on the UI. It was possible to force a decryption using decryptproperty, but Pega generated an error. This was due to the actual encrypted value ending with '+', which conflicted with a system check that skips decryption if the encrypted property value ends with + . To resolve this, the system will attempt to decrypt the property even when encryptedText ends with + .