INC-149728 · Issue 608105
Application wizard security updated
Resolved in Pega Version 8.5.2
A user having PegaRULES:User1 role only was able to run the Create Application wizard until an authorization block was reached, yet some rules were created. No operator records were created as part of this process. This was traced to code left in place after the creation of pxAppConfig and pzAppConfig portals, and has been resolved. The New Application wizard UI will display a message to a user when they lack access to build a new application, and an error will be displayed for any attempt to create a new application directly via pzCreateNewApplication to address a scenario where a user might be trying to call the activity without the front end.
SR-119055 · Issue 174515
Corrected drop-down onchange event firing for accessibility mode
Resolved in Pega Version Pega Platform, Resolved in Pega Version 7.1.7
If a select button was associated to a DynamicSelect control in a Cascading Dynamic Select configuration with WAI, at runtime, the child DynamicSelect list was auto loaded once the value on the parent DynamicSelect list was changed. In accessibility cases, the select button was introduced to be beside the drop down to set the value selected from the drop down. However, in cascading dynamic select, selecting the value from first drop down caused the values in the second drop down to load because an onchange event was fired. In order to handle this correctly, pega_ui_dynamicselect js has been updated to not fire upon change event when in accessibility mode, but instead fire upon click of the select button.
INC-139966 · Issue 606841
JAWS announces popup error message
Resolved in Pega Version 8.5.2
When a form is submitted without giving value to required field, a browser pop up appears. The expected behavior is that the screen reader (JAWS) should move the focus to the field that has error and read the error message However, JAWS was not announcing the error "Value cannot be blank". This was traced to a scenario where if pega.u.d.fieldErrorType === "ERRORTEXT" is true, the class on the span within the error div will be set to "inputSpans", and this resulted in the return of an empty array for document.querySelectorAll("span.iconError.dynamic-icon-error"). To resolve this, support has been added for the "inputSpans" class.
INC-150072 · Issue 621294
Section Include error handling updated
Resolved in Pega Version 8.5.3
When trying to add or include a section in the design template mode of a section rule or during run time of the application, the error "java.lang.StringIndexOutOfBoundsException: String index out of range: -1" was generated. Investigation showed this was originating from the SectionIncludeForm_Post activity of the class Rule-File-Form, and was traced to a system error related to the 'if' condition which verifies the circular reference of the section being newly added. Because this was a system error and not one generated by Pega, there was no handling for it. To resolve this, the sectionincludepost activity in rule-form class has been updated to determine the source and properly handle the error messages.
SR-115808 · Issue 169924
Instantiation logic enhanced
Resolved in Pega Version 7.1.7
In an application with a parent case (CaseInstancePOC) and two lower levels of cases (Case_Level2 and Case_Level3), the top level case starter flow CaseInstancePOC creates multiple subcase instances of type Case_level2. This is caused by automatic case instantiation of Case Level3 based on Case level2 Work Status - Open being configured. In some cases, this may not be the desired behavior. For example, when there are two Case_Level2s and one work status is changed to Open, the user may want a child case to be instantiated for only that particular Case_Level2and not the other Case_Level2. To allow more flexibility, an enhancement has been added to limit scoping through the AddChildWork setting.
INC-139624 · Issue 595988
Validation error messages persist appropriately
Resolved in Pega Version 8.5.2
Whenever there was a Validation check on a flow action Validation Tab and Post Processing Activity, the error message appeared on the screen momentarily and disappeared. Intermittently, the validation error would stay on the screen after appearing a second time. This was traced to the refresh action happening in the wrong context due to the refresh action of the Ajax container being called twice, once in postacrenderac and another time in the harness unload function.The case error DOM was present in the markup, but because of the refresh in the harness unload, the error message was removed from the DOM. This has been resolved by changing the refresh call from onHarnessUnload callback to postAcRender callback. Logic has also been added to prevent refresh when error messages are present.
INC-152647 · Issue 609605
Email Listener auto-reply evaluation updated
Resolved in Pega Version 8.5.3
After upgrade, messages were being read but not getting processed for a specific Email listener (RCEmailListerner). The error "Email flagged as an autoreply email and will not be processed" appeared in the logs. Previously, an email was not considered to be an auto-reply only when the 'auto-submitted' header didn't exist or existed with value 'no'. This caused issues with auto-forward or auto-redirect emails where 'auto-submitted:auto-generated' could be in the header. Due to this, email was marked as auto-reply and email listener stopped processing it. To resolve this, the system has been modified to mark the message as auto-reply if it finds 'auto-submitted: auto-replied' in the header, but not 'auto-submitted:auto-generated'.
INC-157081 · Issue 623806
Email Listener auto-reply evaluation updated
Resolved in Pega Version 8.5.3
After upgrade, messages were being read but not getting processed for a specific Email listener (RCEmailListerner). The error "Email flagged as an autoreply email and will not be processed" appeared in the logs. Previously, an email was not considered to be an auto-reply only when the 'auto-submitted' header didn't exist or existed with value 'no'. This caused issues with auto-forward or auto-redirect emails where 'auto-submitted:auto-generated' could be in the header. Due to this, email was marked as auto-reply and email listener stopped processing it. To resolve this, the system has been modified to mark the message as auto-reply if it finds 'auto-submitted: auto-replied' in the header, but not 'auto-submitted:auto-generated'.
INC-156128 · Issue 620484
Added mail/telephone link to allowed CSP child frame
Resolved in Pega Version 8.5.3
After upgrade from v8.3 to v8.5, clicking on the mail / telephone link in the out of the box case participants gadget generated the Content Security Policy error "This content is blocked. Contact the site owner to fix the issue." Examination of the browser dev-tools console indicated the object refused to frame because it violated the Content Security Policy directive: "frame-src *". This behavior was specific to the Google Chrome browser, and has been resolved by adding code so the mailto: and tel: will be added to the frame-src when Data is selected under Child Frame-Source option. Unchecking the Data checkbox for Child Frame-Source on the policy landing page will remove these from allowed actions under CSP.
INC-156647 · Issue 626295
Improved disconnected requestor cleanup for FieldService
Resolved in Pega Version 8.5.3
A large number of requestors from FieldService with the status as 'Disconnected' were accumulating and causing performance issues. This was traced to the requestors not getting passivated due to users not logging out and new requestors being created for the same users next time, and was caused by the value of the DSS Initialization/PersistRequestor being set as "OnTimeout". When the DSS prconfig/timeout/browser/default is not configured, the default browser requestor timeout is 60 minutes. In this scenario, requestors were not passivating as the requestor passivation timeout was set to the refresh token lifetime for mobile users, which was very large and overwrote the DSS value. This has been resolved by removing the code which set the passivation timeout to the OAuth2 refresh token lifetime.