The following issues were fixed in RSA Identity Governance and Lifecycle version 7.2.
After the scheduled run time for a review was changed, the task was duplicated in the memory and the review was run multiple times.
Review escalations scheduled to run before or after the review due date were not triggered when either the escalation was scheduled after the review due date had passed or when the application was down during the due date.
When a role containing app-roles was deleted in a role review, change items to remove the app-roles were not generated.
The user interface took a long time to load certain tabs in reviews that had large data sets.
Users were able to schedule reviews and collectors using a past date.
Multi-step review generation failed when secondary step definitions enabled the user selection option "By selecting supervisors and using their subordinate users.”
A review with a value for SIGN_OFF_ENABLED other than Y or N caused a server startup failure.
In a review definition that already had a coverage file that determined the monitors, if the definition was edited to deselect the coverage file option, the earlier coverage file was still saved with the review definition despite being displayed as unselected in the user interface.
An SQL error occurred when changing a review state to complete.
The reassign action in the review user interface took longer than expected.
Review analysis failed with the ORA-01706 error.
The review monitor/owner interface loaded slowly, even when no table data was displayed.
Clarification was required on the review definition user interface to indicate that user selection is not used for rule actions.
Escalation workflows erroneously allowed the assignment of reviews to deleted supervisors.
In an environment using AFX, when deleting review results that had the "Delete pending change requests" option selected, the "ORA-02292: integrity constraint violated" error occurred.
Group review definitions erroneously displayed the Include Users option.
A role review caused changes in the review state even when all review items were maintained.
The By Monitor tab for group and role reviews showed incorrect display names.
Account Review Change Preview tab did not download content when exporting the table.
Completed Review Escalation Tasks and RefreshReview tasks were erroneously listed in the schedule information under Admin > Monitoring > Schedule Information.
Coverage files were erroneously not applied to review items associated with deleted objects.
Inefficient SQL statements were called with every move through the tabs of the Role screen.
The EmailByMonitor message type did not consider the configured columns in the review. Instead, it had only considered the hard-coded columns.
When performing review analysis, the ORA-30926 error could be generated when calculating unchanged review items because of the incorrect join that compared old review items to items in the current review.
Account reviews that filtered accounts and groups could experience poor performance during review generation.
A blocking session could occur as a result of the ORA-30926 error in the RULE_FUNCTIONS package in certain circumstances when a reviewer approved exceptional access for a user.
Custom Attribute placeholders were not properly allocated and propagated for Review components and Rule Violations.
In user access violation reviews, comments were always required for the revoke state even when the "Comments are required" option was not selected in the review definition.
Delegation from the user interface created duplicate coverage entries resulting in reviewers seeing the same review item twice.
Violations for terminated or deleted users were erroneously unassigned in the User Access Violation Review.
Filtering on the Account User column in account reviews threw an IndexOutOfBound error when the accounts in review had changed from one of orphaned, single user, or shared to another during collections that occurred after the review is generated.
A role review could not be completed if the role had a parent, due to review generation incorrectly adding the parent role as a sub role.
When exceptional access granted from a violation review expired while the same review was still active, the violating entitlements were no longer excepted, and the remediator was unable to re-grant exceptional access.
The new reviewer interface has been optimized to perform better in Internet Explorer 11. Previous browser memory issues experienced when selecting multiple reviews has been resolved.
Duplicate role memberships caused the following error when running a user access review: "ORA-20126: The creation of reviews failed. Stored Procedure:Parse_Roles_In_User_Review execution aborted. ORA-01427: single-row subquery returns more than one row".
A "Remove account to group" change request from a webservice did not set the affected users in the request information.
Change requests to remove a user from a group that were generated by a Group review did not complete if the fulfillment workflow was configured to “Create a Job per group.”
Optimized statements for Change Requests involved with determining missing or extra indirect entitlements.
When a user is granted the same entitlement through both a role and an account and the account is deleted from the user, an error occurs when the role is later deleted from the user.
Pre-processing for unauthorized change detection failed with the ORA-06402: PL/SQL: numeric or value error.
Subject of email incorrectly contained HTML markup.
When users clicked a link to a change request in an email, after logging in, they were redirected to the home page instead of the change request.
The Revert Completed Changes option was missing from the cancellation pop-up when canceling a change request, even though completed items existed.
When multiple sessions changed role-related items, such as users or entitlements, deadlocks could occur when refreshing role metrics, which interrupted processing.
A change request in the Pending Submission state could not be canceled from the user interface when 'Allow Cancel in Fulfillment Phase' was set to false in the workflow.
AFX incorrectly indicated a failure after removing entitlements from deleted accounts in SAP.
Passwords and encrypted fields with a value starting with the characters "ENC" failed with the following error: "java.lang.IllegalStateException: An issue with handling encryption was encountered".
If a user closed the browser or navigated away from the page using any function other than the cancel or back buttons, entries for pending accounts were left in T_AV_ACCOUNTS.
The request button type Add/Remove Using Request Sources did not have an option for including terminated users.
Local entitlements were not provisioned to the user when given through an account or when the directory for accounts was set in an application.
The Workflow Architect failed to load when using SSO because the double slash // in the URL caused issues with some web agents.
Refreshing any review data other than business descriptions resulted in coverage information automatically refreshing, even when the option to refresh coverage was not selected.
Under Request > Activities > By Entitlement and Approvals > By Entitlement, table columns either were not properly displayed or displayed incorrect data from other attributes.
When multiple roles exist with the same raw name due to deleted roles, creating a change request for that role failed because the system selected a deleted role entry instead of the active entry.
In a change request, the role name is displayed inconsistently, at times using the role raw name.
Some Role Names were unexpectedly changed to Role Raw Names without a change request.
ACM Security Model
Account information on the MAEDC wizard was not displayed as expected to users authorized to edit or administer the MAEDC.
When saving the data from an application accounts table as a CSV file, the column name "Is Deleted" was displayed in the CSV output along with HTML code for an unneeded special character.
Duplicate accounts were created when a pending account was created with the same name but different capitalization as another account in a case-insensitive ADC. The next time the accounts were collected for the case-insensitive ADC, the pending account’s name is updated to match the capitalization, which caused duplicate accounts in the system. The system will now take an ADC's case-sensitivity into consideration and result in an error when necessary.
When generating a request, if a resolved pending account name already existed but was deleted, the reactivated account was not updated for all of the change items that depend on the pending account.
Account creation change requests could fail when the account parameter was mapped with attributes of more than one type, because the code failed to group them based on the type.
The Account Load Data error was not listed for available types in the properties of a Create Admin Error workflow node.
When the database suddenly went down or was unable to connect to AFX, AFX stopped running until the AFX service was restarted.
In a clustered environment, afx start incorrectly checked for the application running in standalone mode.
Improved error messages with regards to connector configuration.
AFX requests were getting stuck after upgrading to 7.x.x with the error "Error handling AFX primary request java.lang.NullPointerException", due to the schema change.
A provisioning command node stalled the workflow if the AFX request was in an invalid state.
Unable to update the implementation JAR in a Java code based connector after migrating from 6.9.1 to 7.1.0 due to a due to a JAR-type mismatch.
The AFX RESTful web service failed to process responses when the response body was empty.
On a request form, when a form field was mapped to a provisioning parameter that contained encrypted values, the form did not properly substitute the correct value when generating the request.
SF-1304327 SF-1395022 SF-1271598 SF-1353050
Hardened communication between AFX server and ActiveMQ JMX interface.
AFX logs reported that headers were not being used in JMS Message-compliant way.
Parameters in provisioning with a value starting with the characters “ENC” failed with the following error: "java.lang.IllegalStateException: An issue with handling encryption was encountered".
Output parameters were not resolved when DN suffix mapping was used for account creation.
The ISIM 6.0 connector timed out when testing the connector, and Test Connector Capabilities indicated a "class not found" error.
Removed unnecessary directories from AFX that contained demo and example files.
Standalone AFX installation failed to start because of the missing file /etc/aveksa.conf. Because this file is only required when AFX is installed in a WildFly application server, this requirement has been removed.
If the database goes down and causes AFX to require a restart, the logs do not display the correct reason for the AFX going down.
Attribute synchronization change requests resulted in inconsistent updates in Active Directory. Now, when attribute synchronization requests are automatically fulfilled and missing mapped attributes for required command parameters, the system uses the last collected attribute values from the account.
PV_AUDIT_EVENTS erroneously displayed logged users as AveksaAdmin instead of the user logged in through SSO.
When multiple SSO User Headers authentication sources were configured, an authentication source was randomly picked without verifying the authentication source name during authentication.
Change Requests and Workflows
The "Assign to" list incorrectly showed as an option for Resource Selection.
The REST Node POST request body mandated XML code that was not required.
Changes to customerstrings.properties did not reflect in the change request milestone display.
The workflow setting "Show job level variables" did not work as expected.
In a fulfillment workflow, REST nodes did not display job variables as expected.
A change request was canceled when an approver approved an indirect role that was deleted.
In the Workflow Architect, the node editor displayed a role's raw name in the Resources panel of the node editor, but the Resource drop-down menu in the dialog displayed the role's alt name.
Email-based rejection of approvals did not cancel all remaining tasks, resulting in inconsistent behavior compared to UI-based approval rejection.
When changing the state of a change request item, the indirect items for that change request did not always have their states changed.
When a change request workflow contained a decision that used the filter "Contains at least one violation", the change request did not go to the True transition when expected.
In a change request with an approval phase that contained two approval activity notes configured to send an email to the approvers, an email was sent only to the first reviewer and not the second.
In a workflow that is configured to group by business source, password resets skipped the workflow and the change request workflow completed with the item still in Pending Action status.
Approval workflows randomly ran simultaneously in a change request.
When entitlements were grouped by category, auto-approve did not work as expected.
Unable to hide the attachments in change requests.
Parallel Phase Nodes duplicated workflow and fulfillment jobs because of concurrency errors.
After attempting to remove the Edit and Cancel buttons for change requests by deselecting options to Edit and Cancel within the request workflow, the buttons were still visible and actionable in certain circumstances.
When change requests were split based on the Max Items settings, the generated requests did not have a set fulfillment date.
After upgrading to 7.1.1, tables in email nodes in workflows were malformed.
The error "RSA002: Invalid Configuration" was displayed during workflow runtime for a REST node, even though the node was successful.
Reassign Escalation Workflow and Technical Approval nodes changed the watch Workflow ID to the escalation Workflow ID.
An access request generated thousands of unrelated activities when a call to filter change request items for a subprocess returned an empty list. Now, if this occurs, an exception occurs and an error message is displayed for user interface operations. For operations that are not performed through the UI, the processing will go to the Error state.
A pending change item with the type Container was erroneously displayed in the User Changes table.
A user could submit a change request with a pending submission from the Additional Information submission screen. This fix disables the Finish and Next buttons in this use case.
Admin > Workflow > Monitoring did not update the Pending Verification (Count) icon when the number of pending verification items changed.
The Workflow Architect failed to load when using SSO because the double slash // in the URL caused issues with some web agents.
Could not open workflows because the URL contained a double slash //.
Variables were not populated in emails for account review change requests when revoking an account from a group.
In the out-of-the-box Reassign to Supervisor node, the Comments field was missing from the Resource sections.
Workflow emails removed hyperlinks upon saving if they contained variables.
When workflow change grouping was set to "Create an individual job for each change", the list was limited to 100 change items on one page, rather than allowing for paging.
Users who had previously been in a group but were no longer in the group were erroneously assigned activities and tasks. These users could see the tasks but not perform any action.
Hyperlinks in the email template of a workflow node were not saved if the value contained a job-level variable.
The Salesforce ADC was missing attributes listed in the datasheet.
The ServiceNow collector failed after certain plug-ins were activated.
The Salesforce Entitlement Data Collector on versions 7.0.0 or 7.0.2 failed when collecting large data sets.
The account data collector incorrectly processed the AD PwdLastSet attribute when the value was set to zero.
Data on the account/entitlement collector page loaded more slowly than expected.
An account collector had performance issues when searching for a cycle of groups in an environment with multiple ADCs when one ADC collected the majority of groups but the SQL explain plan was not appropriate for that collector.
After modifying a collector, the Last Modified value was not updated.
SF-1348150 SF-1319278 SF-1305102
ACM-94653 ACM-95318 ACM-97281
Updated the driver that does SQL processing of the CSV files involved in collections. This address bug fixes in the driver on earlier versions.
Modified the Workday collector response group filter and attribute configuration to optimize response time.
The Archer account data collector switched the values for email and phone numbers in collected data.
An LDAP collector with an Active Directory endpoint was unable to collect group membership for groups with more than 1500 members.
AFX connectors were unable to handle role membership changes, and displayed an error that the command was not supported on the endpoint.
The Configure Extensible Attributes fields for Workday did not handle the quote character properly.
In the user interface, validation of XPath configuration using the Evaluate XPath button did not work properly, but is now fixed.
Difficulty saving Active Directory connector after performing a migration.
After setting a specific user as a Backup Business Owner or Backup Technical Owner for any Directory, Application or Role set, when the user's name was changed through the IDC, the CAU1_NAME attribute was not updated and the application object showed an outdated name in details, tables, and pop-ups.
After upgrading, custom attributes were missing from the PV_USER_ALL_ACCESS view.
When editing an object on which a managed custom date attribute was previously set, the attribute field was blank.
The field length of custom attributes did not match the field length in the base tables.
An object dashboard was not displayed in the order expected based on the specified Display Sequence value.
A dashboard using the component System Portlet: System Summary displayed incorrect values.
Dashboard import and export created new dashboard topics instead of overriding previous topics.
Data Collection Processing and Management
The Last Reviewed Date OOTB attribute erroneously showed as an available collector mapping attribute in the UI.
The “Is Terminated” attribute was not being displayed as collected for some unified users.
Indirect relationship processing failed with the following error: "ORA-30926: unable to get a stable set of rows in the source tables."
Optimized unification to reduce the use of TEMP tablespace.
Unification cleanup for the User Mapping table took longer than expected due to the table containing excessive data.
Unification failed with the “ORA-30926: unable to get a stable set of rows in the source tables” error when a IDC had join attributes change
Identity collectors created duplicate entries for users after their accounts were terminated, reinstated, and then terminated again.
Inactivating an IDC that creates users and moves a subset of users to another collector creating users could cause duplicates in the next Unification run.
When a user record was terminated during an IDC full refresh, a duplicate identity record could be created during a user rehire scenario.
Change Verification was not using an optimal Oracle execution plan for environments with many Accounts and Change Requests for new Accounts, and caused performance delays.
Hyperlinks were removed from the comments section of a group collection.
Role membership stopped working as expected when an IDC was disabled.
After a role membership was removed from source data, the raw data reflected the change, but the user remained a member of the role.
When running the data archiving function, the data archiving process completed as expected but the purging process fails due ORA errors.
Reviewers performing a bulk revoke during a fine grain role review experienced performance issues.
Users experienced performance issues with the email log page.
Source data tables had Oracle logging disabled, resulting in potential Oracle data file corruption.
When database purging exceeded the threshold of four hours, the process did not exit and complete as expected.
A database script (ACM-95711.sql) was not able to handle cases when Unicode characters appeared in strings, because the function "LENGTH" counts characters.
The system performed slowly after upgrading and using Oracle 12.2.
RSA Identity Governance and Lifecycle did not start during remote database switchover.
Additional columns that were added to the Groups table were not exposed in all views.
Data archiving runs failed.
Migration from 7.0.x to 7.1.x failed with the following error: "ORA-01720: grant option does not exist for 'SYS.DUAL'"
Users experienced performance issues with the overall user interface, workflows, and collections.
Data purging failed due to the ORA-02292 error while deleting data from work point tables.
After creating 500 SoD rules using a correlation specification, rules processing exceeded 17 hours.
During archive creation, the archive start date was calculated incorrectly resulting in the following error: "The archive Start and End dates can not be overlapping with the existing archives."
After deleting archive runs from the monitoring page, the runs were deleted from the system and an error was displayed when trying to view the archive table.
Performance problems could occur while accessing the raw data for a collection when there was a large amount of rejected data in the tab being accessed.
After running the createSchema.sh script, initialization completed with errors.
A Security Context's sub-query with embedded SQL hints was causing poor performance of another query.
After upgrading, the default value of is_deleted in the T_MASTER_ENTERPRISE_USERS table was changed from 0 to null.
Special characters were not displayed properly in email subjects.
During virtual application installation, the following error could occur in environments with a customer-supplied database: “[Step 1 of 9] Error configuring certificates ('./configureSSLCertificates.sh')”.
Installation of RSA Identity Governance and Lifecycle 7.1 for software bundles and hardware appliances with local databases failed because the installation script checked for packages that were not required.
All items on the metadata export screen were erroneously selected when browsing between pages.
When a customer added a custom user-type attribute named Technical Owner, Business Owner, or Exception Manager, an ORA-00904 error occurred during the creation of public views.
Deleted entitlements were referenced when importing a role definition.
Deprecated migrate_deleted_connectors code because it was failing during role migration.
Database migration stalled with the ACM-76636_2.sql query processing for three days.
Upgrading to a patch failed due to increased security restrictions on the "DUAL" table when it was used by Views. RSA Identity Governance and Lifecycle has now deprecated the use of this table in views.
The migration script ACM-72719.sql failed with the ORA-19011 error.
Migration from 6.9.1 failed due to locked statistics on some tables.
After running the HardenHTTPSProtocols.sh script in the /home/oracle/deploy directory, the following error occurred: “WARN: can’t find jboss-cli.xml. Using default configuration values.”
The modifynetworksettings.sh script did not modify the /etc/hosts entry and instead added an additional line.
The HardenHTTPSProtocols.sh script, which enabled TLS 1.2 protocols, did not successfully run. This script has been deprecated, because TLS 1.2 has been automatically enabled in RSA Identity Governance and Lifecycle since version 7.0.1.
The modifyhostname.sh script attempted to run when the Oracle database was down, resulting in errors. It now only runs if the database is running.
Sudo access as the aveksa or oracle user did not work after a fresh installation of RSA Identity Governance and Lifecycle.
An Oracle ORA-22835 “Buffer to small” error could occur while provisioning an account through AFX under high load.
The OOTB report using the template "Changes in User Global Roles by Date Range" could become stuck due to excessive query executions.
System performance was affected by the report deletion process.
The audit event name for REVIEW_DEFINITION had a typo.
After specifying an equals filter for an application name, its alternate name was saved in the report XML while the underlying view contained the raw name. Because of this mismatch, the report did not generate results or load the filter properly when the report was reopened. This also occurred with other objects that had alternate names. The system now saves the raw name as expected to prevent this issue.
Column display names in a report definition were not updated if the alias column name in the query was the same as the display header but with different capitalization.
Old attributes in jrxml report definitions resulted in spam to the server logs.
Reports that use styles did not retain the style when downloaded to an output file such as PDF or HTML.
The default Drop Down Select with Web Service control was unable to pass a request token to a Web Service.
ASR report generation failed when the Environment Name was 100 characters of longer.
Reports did not display line breaks in the Long Description attribute of entitlements.
ASR report generation failed with an ORA-06502 error when an environment name exceeded a length of 100 characters.
ASR generation failed when the MultiAppAccount Collector collected data from internal tables.
Checkboxes on a form were not disabled when the form was disabled.
Users were unable to submit a form that used an external validation URI, because the Next button was unusable.
Request forms allowed the selection of entitlements for a user that they had already been indirectly granted.
Unable to attach files to forms using Internet Explorer 11.
Unable to attach files to forms if the filename contains spaces.
When localizing the language of request form elements, the prefixes for the localized properties files were not updated to the correct form type when the entire form type was updated.
After performing an upgrade, an error occurred loading the fields in a request form that had previously worked.
When a JSP file was referenced in the Validation URI for a request form, an exception occurred.
Could not open an associated request form from a change request.
A form element of control type "Drop Down Select with Web Service" received an exception or error string as a value when the "URI from which to get options" is invalid or fails.
Validation URI JSPs did not work when uploaded to the secured JSP pages.
Request forms that used additional filters were not isolated from the main query, which caused the user counts to be incorrect.
Unable to create an out-of-office request when additional fields under Requests > Configuration > Submission were present but not enabled for display.
SF-1402613 SF-1439285 SF-1474289
An Invalid Content Type error appeared when uploading an attachment to a form if the filename contained spaces.
An Insufficient Privileges to View This Page error appeared when a user attempted to use the password reset functionality.
During role creation, users who were configured as the Other Technical Owner for some role sets and who had the Role Set: View All entitlement were erroneously able to create roles under any role set.
The Role Creation wizard displayed a role set’s raw name instead of the role set name to technical and business owners.
A role membership rule could not be removed or deleted after it was created.
When the Apply Changes button was clicked on a changed global role, the View Changes link incorrectly showed the same entitlements as both added and removed.
Under rare circumstances, Aveksa Entitlements became out of sync when the privileges were granted or revoked through a Role or a Group.
The rule type Role Missing Entitlements did not capture missing Global Role entitlements in email.
Role export failed with error ORA-12899 when role names exceeded 128 characters.
Roles explosion from a change request failed when there were duplicate roles in the system.
After making a change to a role and clicking the Apply Changes button, the role change was stuck for 20 hours as a result of a ClassCastException seen in the logs.
A deadlock occurred when two sessions were both calculating role metrics at the same time.
A provisioning/termination rule did not create change requests to revoke entitlements when there are accounts to disable and delete.
Segregation of duties rules did not work properly with child application roles.
The unauthorized access rule detected and revoked legitimate account to group memberships that had been previously provisioned by RSA Identity Governance and Lifecycle as user changes or Add User to Group requests.
User access rules failed during execution.
When entitlements of different types had the same ID, suggested entitlements could include empty or invalid entitlements. The query has now been fixed to join on entitlement type as well as ID.
The Attribute Change rule skipped users when multiple Rule runs were queued.
A segregation-of-duties rule with a correlation attribute created violations with one bucket only.
Testing a rule took significantly longer to display the results than the time the actual rule run took to generate violations.
Segregation-of-duties rules took an excessively long time to process.
Movers rule processing time increased over time.
Additional validation was required for JSP files uploaded in the Admin section.
Improved security of X-Content-Type-Options headers in responses from RSA Identity Governance and Lifecycle.
Improved security surrounding the session token for requests to Identity Governance and Lifecycle.
Enhanced security in the Workflow Architect.
Data purging failed with the following error: “ORA-02292: integrity constraint (AVUSER.FK_T_IDCAV_T_IDCA_ID) violated - child record found.”
An error in pending workflow cleanup resulted in RSA Identity Governance and Lifecycle failing to start with the following error: Initialization operations completed with errors. Please resolve the problem(s) before the application server can accept requests. Unable to start service WorkflowService. java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
Data purging failed with the following error: "ORA-20001: No jobs were found to delete."
Data archiving failed with the ORA-06512 error.
SF-1272396 SF-1427765 SF-1453638
The Wildfly application server log was not updating as expected after upgrading.
Intermittent high CPU usage caused performance issues in the RSA Identity Governance and Lifecycle user interface.
Under Reviews > Activities, when an Actions menu appeared at the bottom of the page, some menu options were cropped out of view.
Users granted view access to a group's directory could not see the group members.
In the list of applications, the Sensitivity column was not available in the table options under Displayed Columns.
A custom help URL did not work immediately after logging into RSA Identity Governance and Lifecycle.
Import incorrectly allowed values greater than the defined value of 256 for the short description of business descriptions.
A "request cannot be handled" error occurred when clicking on an external URL request button with a special character in its name.
After clicking the back button in a web browser, the user interface displayed incorrect breadcrumbs to link back to parent pages.
Menu tabs in the user interface did not load in certain circumstances.
Nested items in a drop-down menu were capped at a 25 character limit, causing button names in the dashboard to be truncated.
The reviewer interface did not display dates properly when the user interface was configured to use the Polish language.
Unable to resize SQL data query boxes in the collector configuration screen.
A request error occurred after clicking the History tab for any rule.
When account summary table data was saved in CSV format, the data was exported along with HTML tags from the exported table.
After specifying a sequence of attributes under Admin > Attributes, saving the sequence, and then editing any attribute, the sequence no longer displayed correctly.
When viewing User > Requests or collection run details from the Collector History tab of a specific collector, the displayed breadcrumbs were incorrect.
The search option for tables did not work if the string began with the special character #.
When the environment name specified under Admin > System contained double quotes, metadata export in Firefox browsers generated an incorrect file name.
Under Resources > Applications, in the Accounts tab, custom attributes were not displayed for Application Roles or Entitlements.
Proxy protocol changes in a Rest Node could not be saved.
When the Ignore Case option was selected, the "one of" search option erroneously remained case sensitive.
After upgrading, the Business Source column was missing from the accounts table under the ADC collector. This column has now been added back to the accounts table.
Loading the Review Definitions table took an excessive amount of time due to unnecessary fetching of reviewer/monitor coverage data that is not required to render the table.
Pop-up windows appeared outside of the viewable area of a user’s screen when the screen had scrollable content.
Grouping on the Requests > Requests page erroneously included change lists that were in the pending submission state, resulting in an error when a user expanded a grouping that included one or more pending submission change requests. Group queries now exclude partially submitted change requests.
An Invalid Content Type error appeared when uploading a .msg file to a change request.
An Invalid Content Type error appeared when uploading a valid file on a request form.
The new review interface had some hard-coded text that could not be translated. The text has now been converted so that it can be translated.
Duplicate group names on a multi app collector could cause the web service call that created a change request to choose the wrong group.
The User Attribute Change web service reported a "User Not Found" error when the User ID was on record.
The documentation for the processRule Web Service did not state that a token was mandatory.
Change requests created from a web service erroneously included a deleted account.
When multiple records were found for userId, the web service failed to update the user's review items.
When adding entitlements to a role, if the “one of” filter was used, the ORA-00904: “ENTITLEMENT_NAME”: invalid identifier error occurred.