SR-C14922 · Issue 357161
Improved CSRF features support whitelist
Resolved in Pega Version 8.1
Previously, the system had an option to support secureAll (i.e. securing all streams and activities) or the ability to list the streams or activities which needed to be secured against CSRF attack (blacklist). This has now been enhanced to support the list of allowed activities or streams for which CSRF protection is skipped so that customer can set secureAll to True and can provide the exemption list of activities or streams (whitelist).The DSS setting security/csrf/AllowSameDomainReferrer allows either True or False. When DSS security/csrf/AllowSameDomainReferrer is set True then the current behavior is retained, i.e. if the referrer is in the allowed referrer list or the request is from same domain of the pega app then request is considered as valid even if the token validation fails. When DSS security/csrf/AllowSameDomainReferrer is set False and if the token validation fails then it will be considered a CSRF attack. If the token validation passes then it's returned as success. The DSS settings security/csrf/allowedActivities and security/csrf/allowedStreams will take the list of activities and streams for which CSRF validation is skipped when security/csrf/secureall is set True. The DSS settings security/csrf/allowedActivities and security/csrf/allowedStreams will take precedence over the existing DSS settings security/csrf/securedActivities and security/csrf/securedStreams .
SR-C15039 · Issue 360857
improved security for static content requests
Resolved in Pega Version 8.1
In order to improve security, the logic used for extracting a file extension from a static content request has been updated to use relative references that avoid needing a PRThread if it doesn't exist.
SR-C15346 · Issue 357008
Label error CSS appended to drop down field
Resolved in Pega Version 8.1
When configuring a Repeat Grid layout with inline always editable mode and a section include containing drop down fields associated with required input fields like DateTime and Text Input fields, exiting out of the drop down did not append the input field label to the CSS class as expected. This was due to incomplete generation of the repeatindex for the ID, and has been fixed.
SR-C15461 · Issue 357308
Corrected locking message
Resolved in Pega Version 8.1
If a case was locked, attempting to open the case elsewhere displayed the incorrect error message "The case type does not yet have any fields defined" instead of indicating the case was locked. This has been corrected by updating the harness locking.
SR-C15546 · Issue 362398
'Close' button hidden when browser doesn't support it
Resolved in Pega Version 8.1
Attempting to access an external NPS survey assignment a second time generates an Access Denied / Logon Denied window; the resulting window was not closeable by using the 'close' button in Google Chrome and Firefox. This was traced to browser security restrictions imposed by Firefox and Google Chrome that disable Window.close()for URLs launched directly by hitting the URL. To avoid confusion, the DenyExternal HTML rule has been modified to avoid showing the 'close' button for browsers that do not support it in this case.
SR-C15602 · Issue 358258
Multiple case handling performance improvements for mobile
Resolved in Pega Version 8.1
Memory leaks have been repaired to improve performance when working numerous simultaneous cases on mobile.
SR-C15620 · Issue 360995
Command line BIX extracts correctly resolve properties
Resolved in Pega Version 8.1
BIX extracts worked as expected within Designer Studio, but the same extracts failed to resolve properties when run from command line without supplying a username and password and using a -i/-I option. This was caused by recent logic changes that missed a use case, and has been fixed.
SR-C15639 · Issue 355647
Localization added for Delegated Descriptions
Resolved in Pega Version 8.1
Localization has been added to the field pyDelegateShortDescription in pzRuleFormKeysAndDescription, to the field pyDelegateDescription in pzRuleformLayoutDelegated [Pega], to pzDataTypeDelegate->Param.DetailDescription, and .pzDataTypeKeysAndDescription->Param.ShortDescription.
SR-C15670 · Issue 357484
Customization added to Report Browser
Resolved in Pega Version 8.1
In order to support customization of the Report Browser, the below rules are now marked as available:PZRBSHORTCUTSGRID7 PZRBREPORTACTIONS RULE-HTML-HARNESS CODE-PEGA-LIST DISPLAYREPORT #20151123T213308.460 GMT RULE-HTML-HARNESS CODE-PEGA-LIST PZRRDISPLAYCUSTOMFILTERSECTION #20160512T224721.208 GMT Schedule options and Shortcut/Category options can be hidden via 'when' rules: pyReportBrowser_ShowActions should be set to False to hide the shortcut/category actions, and pyReportBrowser_ShowSubscriptionActionsAndInfo should be set to false to hide the report subscription information. When both rules are set to false, the gear icon on the shortcuts grid and list of Public categories will not be displayed. In addition, the DisplayReport and pzRRDisplayCustomFilterSection harnesses have been made available to allow changing the Microsoft Internet Explorer Document mode.
SR-C15742 · Issue 357768
Corrected refresh for Proposition filter
Resolved in Pega Version 8.1
When creating a new Proposition for a Proposition Filter, it did not appear under the Proposition section. This was due to a missing refresh call to load the data rows, and has been corrected.