INC-137317 · Issue 585404
Security improved for searches
Resolved in Pega Version 8.3.5
Authentication requirements have been added to activities associated with searching.
INC-139700 · Issue 591563
Shortcut works for copying reports into private rulesets
Resolved in Pega Version 8.3.5
Copying out of the box shortcuts to other categories in the Report Browser was failing with the error ".pyShortcutName: The rule name pyTimePerStage is a reserved name (starts with px, py, or pz) and is not created in a Pega- ruleset." This was caused by the system trying to create a new rule with a py prefix in a non pega- ruleset, which was a missed use case in the refactoring work of report actions to use the Record API. This has been corrected by moving the report ID generation logic from the activity pzValidateSaveAsInput to a new Rule-Utility-Function in the ReportingUtils library called pzGenerateUniqueRecordName so that it can also be used by pzCopyShortcutPostActivity7 when the shortcut's ID is prefixed with px, py, or pz.
INC-140701 · Issue 602862
The Report Resource Limit is applied on Job Scheduler
Resolved in Pega Version 8.3.5
The Job Scheduler was ignoring the application-wide limit for maximum number of rows to retrieve that was set on the Report > Settings landing page. If the limit was set on the Data Access tab of the report, it was honored. If it was set on the Application settings rule Pega-RulesEngine.pyMaxRecords it was not honored. This behavior was due to pzUpdateSystemSettings being called by pxRetrieveReportData. In pzUpdateSystemSettings, .pyContent.pyMaxRecords was updated to match the value in px.Requestor.pyReportSettings.pyMaxRecords. In some cases, that was not available and the max amount of records was not limited in that case. This has been resolved by updating pzUpdateSystemSettings to pull pyMaxRecords using @getRuleSystemSetting().
INC-148056 · Issue 602837
Context updated for IACAuthentication activity trace
Resolved in Pega Version 8.3.5
After upgrade, tracing the IACAuthentication activity was not working. Investigation showed that the context object had a null tracer value, which has been resolved by updating the system so the tracer runs with the correct context.
INC-140224 · Issue 604005
Corrected SAML SSO error
Resolved in Pega Version 8.3.5
After opening a case from the Pega-FCM portal or after logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint %27pr_data_saml_requestor_PK%27. Cannot insert duplicate key in object". This was a missed use case that happens only under the old SAML configuration, and has been resolved by removing a when condition that checks for stepstatus fail for the pySAMLwebSSOAuthentication activity.
INC-135437 · Issue 589489
Export to Excel working for reports with "Display values across columns"
Resolved in Pega Version 8.3.5
Attempting to use Export to Excel when "display values across columns" was checked resulted in a null pointer error. This was traced to a null page being passed to pzRDExportWrapper, and has been resolved by adding a check for the primary page If it is null, the step page will be used.
INC-145033 · Issue 599481
ForgotPassword responses made consistent
Resolved in Pega Version 8.3.5
To prevent possible exposure of valid usernames, the ForgotPassword logic has been updated so that it will show the same messages and set of screens to both valid and invalid users if a lost password request is made.
INC-137873 · Issue 596158
Java injection security updated
Resolved in Pega Version 8.3.5
Protections have been updated against a Java injection.
INC-142531 · Issue 598438
Keystore certificate alias updated to support mixed case names
Resolved in Pega Version 8.3.5
The Java Keystore stored aliases only in lower case letters, but it accepted uppercase letters also during retrieval. This was causing the error "No certificate found in truststore : Azure AD SSOIDPCertStore with Alias : CN=Microsoft Azure Federated SSO Certificate" when the names didn't match. To resolve this, the keystore layer has been modified to support upper case letters in the certificate alias.
INC-133450 · Issue 585994
Login button hidden after click
Resolved in Pega Version 8.3.5
When the login button was clicked fast several times, intermittently the login would fail with the blue screen and "Security violation attempting to access requestor" error in the logs. To resolve this, on click of the login button will be hidden to prevent firing multiple login requests.