SR-B96909 · Issue 357163
Enhanced features for SecureAll settings
Resolved in Pega Version 8.1
Previously, the option existed to support secureAll (i.e. securing all streams and activities) or to list the streams or activities which needed to be secured against CSRF attack. An enhancement has now been added to support the list of allowed activities or streams for which CSRF attack is skipped so that secureAll can be set to True with a provided exemption list of activities or streams. 1) A new DSS setting security/csrf/AllowSameDomainReferrer which allows either True or False has been added. 2) When DSS security/csrf/AllowSameDomainReferrer is set True then the current behavior is retained, i.e. if the referrer is in the allowed referrer list or the request is from same domain of the Pega app then the request is considered as valid even if the token validation fails. 3) When DSS security/csrf/AllowSameDomainReferrer is set False and if the token validation fails. it will be considered a CSRF attack. If the token validation passes then that success is returned. 4) New DSS settings security/csrf/allowedActivities and security/csrf/allowedStreams have been introduced to take the list of activities and streams for which CSRF validation is skipped when security/csrf/secureall is set True. 5) The new DSS settings security/csrf/allowedActivities and security/csrf/allowedStreams will take precedence over the existing DSS settings security/csrf/securedActivities and security/csrf/securedStreams
SR-C14922 · Issue 357161
Improved CSRF features support whitelist
Resolved in Pega Version 8.1
Previously, the system had an option to support secureAll (i.e. securing all streams and activities) or the ability to list the streams or activities which needed to be secured against CSRF attack (blacklist). This has now been enhanced to support the list of allowed activities or streams for which CSRF protection is skipped so that customer can set secureAll to True and can provide the exemption list of activities or streams (whitelist).The DSS setting security/csrf/AllowSameDomainReferrer allows either True or False. When DSS security/csrf/AllowSameDomainReferrer is set True then the current behavior is retained, i.e. if the referrer is in the allowed referrer list or the request is from same domain of the pega app then request is considered as valid even if the token validation fails. When DSS security/csrf/AllowSameDomainReferrer is set False and if the token validation fails then it will be considered a CSRF attack. If the token validation passes then it's returned as success. The DSS settings security/csrf/allowedActivities and security/csrf/allowedStreams will take the list of activities and streams for which CSRF validation is skipped when security/csrf/secureall is set True. The DSS settings security/csrf/allowedActivities and security/csrf/allowedStreams will take precedence over the existing DSS settings security/csrf/securedActivities and security/csrf/securedStreams .
INC-146564 · Issue 607856
DX API returns application specific validation messages
Resolved in Pega Version 8.5.2
When trying to validate the input swagger details with application specific conditions, the create case DX API did not return the validation messages from application but instead returned a "500 Internal Server Error". Investigation showed that the error parameter was not set on validation fail, and this has been corrected.
SR-C37748 · Issue 379478
Connect-SOAP 'Request Only' call maps SOAP async call faults
Resolved in Pega Version 8.1
When a failure occurs on a Connect-SOAP configured as 'Request Only' with asynchronous processing, the failure was not logged or copied to the clipboard. This was standard behavior for Request-Only, but did not account for asynchronous calls where the status code was not correct for failed calls. This has been updated to correctly register the failed calls.
SR-C39192 · Issue 377615
pyshowFAButtons property populated on primary page
Resolved in Pega Version 8.1
Buttons needed to finish an assignment or close a case were not visible in mobile offline. This was traced to the pyshowFAButtons property not being populated on pyWorkPage when the condition couldn't be triggered on client side, and has been fixed by modifying 'FlowActionHTML_Simple so it populates 'pyShowFAButtons' on the primary page.
INC-189781 · Issue 677816
Database Transaction Log update overflow resolved
Resolved in Pega Version 8.7
When automatic.resume=false was encountered during an update, cleaning up the existing codeset from previous updates ended up filling up the database transaction logs and caused the update to fail. This has been resolved by updating the process of clearing the codeset so it doesn't overflow the transaction log.
INC-139328 · Issue 588584
Corrected Excel table picture being included with the rich-text editor paste
Resolved in Pega Version 8.5.2
Corrected Excel table picture being included with the rich-text editor pasteAs an unintended consequence of code added to allow pasting or dragging and dropping an image for upload using the rich-text editor and the CK Editor, any copied content from Excel also added a table picture to the last cell as part of the pasted data. This has been resolved by updating the system to recognize content copied from Excel and prevent uploading of the image.
SR-C17679 · Issue 358529
Enhancement to support international currencies in SmartDispute
Resolved in Pega Version 8.1
An enhancement has been added to the Smart Dispute application to support using international currencies. The currency control 'pxCurrencyInternational' is available in the base Pega Platform, similar to the existing control 'pxCurrency' but with format type as 'Text'. The control also has a script that removes any text other than non- numeric, comma, decimal, or negative sign values and supports both comma and dot as decimal separators.
SR-C18886 · Issue 358530
Enhancement to support international currencies in SmartDispute
Resolved in Pega Version 8.1
An enhancement has been added to the Smart Dispute application to support using international currencies. The currency control 'pxCurrencyInternational' is available in the base Pega Platform, similar to the existing control 'pxCurrency' but with format type as 'Text'. The control also has a script that removes any text other than non- numeric, comma, decimal, or negative sign values and supports both comma and dot as decimal separators.
SR-C36692 · Issue 377206
Corrected double-encoding of Japanese characters in My Team name
Resolved in Pega Version 8.1
Creating a team from the case default portal (My Team tab) with a Japanese team name while using the Japanese locale would display correctly on the My Team list, but selecting the Japanese-named team generated a "not found" error message, and attempting to edit the team information resulted in an error and the data was not saved. This was an issue with the Japanese characters in the data-transform parameter being double-encoded, and has been fixed.