INC-151568 · Issue 610221
Handling added for comma value in FusionCharts XML
Resolved in Pega Version 8.4.4
After creating a Summary Report through the report browser and adding that report to the Dashboard, clicking on the report to drill down generated the error "Can't open the rule with the specified keys". Investigation showed that if a category or series in a Report Definition chart contained a comma, the drilldown would not work because of an incorrect pyclassname being passed. This was traced to the use of XML to configure the chart: the FusionCharts third-party library parses the link XML incorrectly and splits JS arguments at any comma. This was a missed use case for having a comma in the name, and has been resolved by adding encoding for the comma value in pzMultiSeriesData FusionCharts XML rule. Then this will be decoded in the drilldown JS APIs pzPega_chart_legacydrilldown and pega_report_summary.
INC-152800 · Issue 611749
Reports filtering made accessible
Resolved in Pega Version 8.4.4
In order to ensure accessibility, titles and helper texts have been added to the text fields and checkboxes that appear in the Edit Filter non-modal window after a 'Filtered By' value is selected on the My Reports page.
INC-153692 · Issue 620243
Added accessibility to Report view context menu
Resolved in Pega Version 8.4.4
When on the My Reports screen and a Summary report is selected, the Report Viewer displays a Summarized Reports table with a column header that opens a command menu upon right-click of the mouse. This functionality is enabled in the Report Definition rule by selecting the checkbox Enable column command menu under the Report Viewer tab. Although keyboard users can open the menu via Shift+F10, keyboard users who cannot see the screen were not informed that this functionality is available as the screen reader did not announce this. This has been resolved.
INC-137874 · Issue 599131
Cross-site scripting update for Dev Studio
Resolved in Pega Version 8.4.4
Cross Site Scripting (XSS) protections have been added to Developer Studio.
INC-140224 · Issue 604006
Corrected SAML SSO error
Resolved in Pega Version 8.4.4
After opening a case from the Pega-FCM portal or after logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint %27pr_data_saml_requestor_PK%27. Cannot insert duplicate key in object". This was a missed use case that happens only under the old SAML configuration, and has been resolved by removing a when condition that checks for stepstatus fail for the pySAMLwebSSOAuthentication activity.
INC-141595 · Issue 602715
CSRF and Browser fingerprint tokens added for testing custom scripts
Resolved in Pega Version 8.4.4
After upgrade, the test window appeared blank when attempting to test Decision Table rules. This was traced to there not being CSRF token and Browser fingerprint handling in the custom script used to show a prompt screen to the user. Because the CSRF token validation was missing, the request failed. To resolve this, CSRF and Browser fingerprint tokens have been added as hidden fields.
INC-141940 · Issue 601543
Revoke Access Token check removed from OAuth Client Registration
Resolved in Pega Version 8.4.4
When client credentials were implemented, the OAuth 2.0 Client Registration form was designed such that once the instance was created and a token issued, the access tokens were deleted on save. Process changes now indicate that it should be possible to save the form because it may only have History Description/Usage changes made to it and Revoke Token and Regenerate Secret buttons are already available. To address this, the Revoke Access Token check has been removed from the validate activity of Client Registration.
INC-144591 · Issue 601611
Oauth and beanutils jars upgraded
Resolved in Pega Version 8.4.4
The third party Oauth2 jars and commons-beanutils jar have been updated to the latest versions.
INC-144597 · Issue 598307
Updated handling for MT query of pr_data_admin table
Resolved in Pega Version 8.4.4
When using a multi-tenant environment with Oracle, as the number of users in the environment increased, the number of queries of the pr_data_admin table "WHERE pyEnableAuthService" increased exponentially and causes system slowness. This was traced to missed handling for the @ character in the authentication service cache while requesting, and has been resolved by updating authservicecache.java.
INC-145033 · Issue 599482
ForgotPassword responses made consistent
Resolved in Pega Version 8.4.4
To prevent possible exposure of valid usernames, the ForgotPassword logic has been updated so that it will show the same messages and set of screens to both valid and invalid users if a lost password request is made.