Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Go to download resolved issues by patch release.

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please update your bookmarks. This site will be discontinued in Dec 2024.

Pega Platform Resolved Issues for 8.1 and newer are now available on the Support Center.

SR-B56648 · Issue 315674

Added security check when running out-of-the-box reports with ShowSelectorView

Resolved in Pega Version 7.3.1

A security issue was found where non-authorized users were able to access the out-of-the-box report details in their portal by manipulating the URL to pass a "short-cut" parameter that executed the Final "ShowSelectorView" activity. To avoid the need to set the explicit privileges manually, the ShowSelectorView activity will call a security check to prevent this.

SR-B45056 · Issue 328736

XSS filtering added to getClassOfPageReference

Resolved in Pega Version 7.4

XSS filtering has been added to the URL produced when using getClassOfPageReference.

SR-B45056 · Issue 330368

XSS filtering added to getClassOfPageReference

Resolved in Pega Version 7.4

XSS filtering has been added to the URL produced when using getClassOfPageReference.

SR-B74553 · Issue 326255

Refined accessgrouplist checks

Resolved in Pega Version 7.4

Following a system modification that changed the property used to populate the access groups list to match that on clipboard (correct value), a previously unseen issue was uncovered where all the division and organization AGs were being added to the list. This has been addressed by updating the code to add the applications on division and organization only when there is no default selected at the operator. If there is some application selected as default at the operator, then the division or organization applications will not be added. If there is nothing selected at operator, then a check for division will be made, and if there is nothing selected at division then organization will be checked.

SR-B78496 · Issue 327358

Refined accessgrouplist checks

Resolved in Pega Version 7.4

Following a system modification that changed the property used to populate the accessgroups list to match that on clipboard (correct value), a previously unseen issue was uncovered where all the division and organization AGs were being added to the list. This has been addressed by updating the code to add the applications on division and organization only when there is no default selected at the operator. If there is some application selected as default at the operator, then the division or organization applications will not be added. If there is nothing selected at operator, then a check for division will be made, and if there is nothing selected at division then organization will be checked.

SR-B81365 · Issue 332518

Enhanced security for IAC gadget

Resolved in Pega Version 7.4

The code for the IAC gadget has been reworked to replace eval functions in order to enhance security.

SR-B81365 · Issue 331996

Enhanced security for IAC gadget

Resolved in Pega Version 7.4

The code for the IAC gadget has been reworked to replace eval functions in order to enhance security.

SR-B82500 · Issue 331560

Enhancement to support external delegated authentication via custom authentication

Resolved in Pega Version 7.4

OAuth 2.0 configuration has been embedded into the HC mobile app to provide an infrastructure for REST services to be authenticated by an external token which has been issued by third party identity provider. When Pega receives a token, it then contacts the identity provider's token introspection and userinfo endpoint to validate the token and subsequently establish an identity. The new authentication activity has been shipped with the name 'pyPerformDelegatedAuthentication' that can be attached to any Authentication service data instance.

SR-B82500 · Issue 332132

Enhancement to support external delegated authentication via custom authentication

Resolved in Pega Version 7.4

OAuth 2.0 configuration has been embedded into the HC mobile app to provide an infrastructure for REST services to be authenticated by an external token which has been issued by third party identity provider. When Pega receives a token, it then contacts the identity provider's token introspection and userinfo endpoint to validate the token and subsequently establish an identity. The new authentication activity has been shipped with the name 'pyPerformDelegatedAuthentication' that can be attached to any Authentication service data instance.

SR-B83952 · Issue 338450

Handling added for URL encoding problem

Resolved in Pega Version 7.4

A button configured with 'onClick > Open URL in window' had the "?" replaced by "?=%26" in the URL. This was traced to a safeURL bug which encodes '&' in the URL when there is no key=value pair in the request params. To compensate for this, a design time configuration has been added to skip encoding if the system encounters custom URLs with no key=value pairs.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us