INC-173068 · Issue 654068
HTML tags escaped in Audit History field values
Resolved in Pega Version 8.7
The case narrative section was showing case statuses with encoded special characters such as % or ( ), resulting in entries such as "Status changed to Complete &# 40;approved& #41; !@#$ %^& amp;*&# 40;&# 41;_&# 43;.". This has been resolved by updating the PyMemo field from type Text Input to DisplayAsLiteral for case narrative, which matches the setting for case history.
INC-173725 · Issue 656480
Logic updated for DX API retrieving View/Action ID using embedded property
Resolved in Pega Version 8.7
While calling the DX API using Assignment ID and action ID, a 500 error response was logged indicating that the server encountered an unexpected condition that prevented it from fulfilling the request. Investigation traced this to the logic used for resolving an embedded property referenced in a control/field to identify the correct page class. In a non-work object context for flow actions the new assign page doesn't exist, but the system was checking for it and clearing off errors from the named page. This has been corrected.
INC-173953 · Issue 650852
Updated Pega DX API special character handling
Resolved in Pega Version 8.7
When the using Pega API v1 and invoking api/v1/cases/{ID}/actions/{actionID} for a few fields in section, special characters were being converted into HTML entities. For example,"You'll usually find this information in your terms and conditions." was being converted as "You& #39;ll usually find this information in your terms and conditions" in the API response. This has been resolved by updating the system to ensure the pyDXAPIEncodeValues application setting is honored.
INC-174045 · Issue 650737
DSS added to control merge strategy
Resolved in Pega Version 8.7
The activity page merge option takes merge strategy as input and supports different merge strategy options like 'Replace', 'Update' etc. Previously, V1 DX APIs defaulted to REPLACE as the merge strategy; this has been updated to support both 'REPLACE' and 'UPDATE' merge strategies which can be controlled with the new DSS "v1MergeStrategy". The DSS to customize the merge strategy for v2 APIs is 'v2MergeStrategy', which also takes the values 'REPLACE' and 'UPDATE', which are for merge strategy '1' and '3' respectively. The default strategy from Pega 8.6 forward is 'UPDATE' and any other value other than the above two values will be considered as 'UPDATE'.
INC-175630 · Issue 653863
Application selections only announced when visible
Resolved in Pega Version 8.7
The elements of the application switcher were being announced by the NVDA screen reader even when toggled off, i.e. not visible. The issue was occurring because the focus was remaining at the search bar even after closing the app switcher window, and has been resolved by adding the necessary logic to switch the focus.
INC-175762 · Issue 669398
BulkProcess harness deprecated in favor of BulkProcessing
Resolved in Pega Version 8.7
The harness pzBulkProcess has been marked as deprecated. In place of this, implement the new Bulk Action functionality available using the harness pzBulkProcessing.
INC-175882 · Issue 658641
Updated bulk action audit history logic and security
Resolved in Pega Version 8.7
After update, using the standard bulk action feature did not record an audit history entry for the SLA action on a case. This was traced to changes made around authorization for opening worklists when using pzBulkProcessItem that limited the audit history to reassign, transfer or transfer assignment, and has been resolved by updating the login the Work-pzBulkProcessItem activity. In addition, the Require authentication to run checkbox has been enabled on the Security tab of the activity, and the Allow invocation from browser checkbox has been disabled.
INC-177665 · Issue 662020
Security updated to allow Access group switching
Resolved in Pega Version 8.7
When a member of two different access groups attempted to switch from one group to another, an "access denied" message occurred. This was traced to the use of BAC, and has been resolved by updating the pzProcessApplicationSwitch activity to use the pzEncryptURLActionString function to register the request.
INC-178489 · Issue 659914
Handling updated for custom attachment method
Resolved in Pega Version 8.7
When sending a correspondence using the standard SendSimpleEmail activity, choosing only one attachment from the multiple attachments in the work object by passing the pxLinkedRefTo property from the clipboard page to the AttachmentKeysToSend parameter instead of passing the value to the AttachmentCategoriesToSend parameter successfully sent the message and attached it to the work object. However, opening the correspondence attached to the work object showed the attached file as blank even though the attachment was present in the receiver’s email. Research showed that during the comparison of keys in place of pxLinkedRefTo, pzinskey was used. This caused the comparison to not register as true and the attachments display was skipped. Duplicate files were also being attached due to the previously attached files not being verified. Previous work updated the Data-Corr-Email.Show Html rule to use the pxLinkedRefTo field to find the right attachment. The URL encryption was also updated to ensure the links are functional and attachments can be downloaded. Additional work has been added to expand the use of the pxLinkedRefTo field to Show HTML called from @baseclass.
INC-178650 · Issue 673548
Cross-site scripting protections updated
Resolved in Pega Version 8.7
Cross-site scripting protections have been updated around the DisplayAttachment function.