SR-D3556 · Issue 445684
Requestor.OperatorID page updated to stay in sync with current OperatorID to enable post-Auth activity mapping
Resolved in Pega Version 8.3
The systems pages were not getting updated to the right operator's context when a post-Auth activity was used for mapping. To support this use, the UpdateOperatorID trigger has been updated to keep the pxRequestor.OperatorID page in sync with the current operatorID page during SAML. The operator will also be saved during provisioning.
SR-D9157 · Issue 445709
Pega-RULES session decryption issue resolved
Resolved in Pega Version 8.3
When the Pega-RULES session encryption key was updated (rotated) after 90 days by the pyValidateKMSMetadata agent, the in-memory version of the key was then corrupted leading to a failure to decrypt the session header. This had the result of preventing any users from logging into the system. Users could connect to the login page and enter their credentials, but after clicking the Login button they were redirected back to the starting login page and their credential information was cleared. This was traced to the pulse change of SystemCDK moving the encryption and decryption process to inconsistent state where the CurrentSystemEncryptKeyIDHash still contained the old CDK ID.To resolve this, the system has been updated to use only ActiveKeyID instead of the previous behavior of using both ActiveKeyID and CurrentSystemEncryptKeyIDHash.
SR-D7427 · Issue 445716
Stack overflow error resolved for pxObjClass returned as declarative target
Resolved in Pega Version 8.3
After installation, logging in for the first time as [email protected] with the temporary password was generating an exception. Investigation showed that the system was attempting to obtain the class name of page containing a declarative target and ended up in recursion due to pxObjClass, which was read while getting class name, being returned as a declarative target from the conclusion cache. To avoid this, the code has been modified to ensure that pxObjClass can never be a declarative target.
SR-D1386 · Issue 446261
Warning message visibility conditions updated for Records Editor
Resolved in Pega Version 8.3
The Report Definition Result screen was showing the message "Warning : We were unable to create columns to match the new properties added. This will cause performance problems when using this data type. Please click here to fix this." Along with the RD results screen, this particular warning message was also shown in the Records tab of the respective Datatype. Initially, the Records Editor was developed for Designer Studio and Express usage. When the delegation functionality was later given to portals, the 'when' condition for the warning message was not updated to restrict displaying it to portal users. This has been fixed by updating the pzManageRecords section to properly manage the visibility condition of the warning message.
SR-D4304 · Issue 446373
Locale object handling added to SimpleDateFormat
Resolved in Pega Version 8.3
Configuring an Authentication Service with signing certificates failed at runtime with a invalid date exception in non-English locales. This has been fixed by passing the locale object as parameter to SimpleDateFormat.
SR-D8319 · Issue 446427
Case name caption security inserted with cross-site scripting filtering
Resolved in Pega Version 8.3
In order to protect against the possibility of executing malicious JavaScript code by entering an appropriately modified name while adding new case type, pyCaption in menu items has been made HTMLSafe by converting JSON through the GSON library. An additional fix has been made to use cross-site scripting filtering to ensure the script does not execute while page is loaded. Additional handling for Firefox has also been added to normalize tabName to properly display Recents.
SR-D6947 · Issue 446500
Email AttachmentPage updated to support use of Data-WorkAttach
Resolved in Pega Version 8.3
Attachments were not getting appended in the email sent by the Agent SendCorr. This was traced to a null Page that resulted if the attachment was of type custom Data-WorkAttach, and has been resolved by modifying the condition check on the objclass of AttachmentPage to change it from equalsIgnoreCase(Data-WorkAttach-File to startsWith(Data-Work-Attach-) .
SR-D4464 · Issue 456291
Deprecated RowRepeat control replaced with table/grid
Resolved in Pega Version 8.3
After upgrade, opening the parameters popup for a Data Page's source did not display the parameter input fields and instead showed what appeared to be encoded values for the properties those fields referenced. This was traced to row repeat not being properly rendered due to the stream generation being interrupted. Row repeat is a deprecated control, and even though an old section with that control may still be used in pages imported to more recent versions of Pega, issues may arise from time to time when trying to mesh deprecated controls with the newer technology. In order to ensure greater compatibility going forward, the row repeat control has been replaced with table/grid.
SR-D3947 · Issue 456344
cross-site scripting security added to GET Request Work-DeleteAttachment activity
Resolved in Pega Version 8.3
Security has been improved against a potential cross-site scripting vulnerablity on GET Request Work-DeleteAttachment Activity.
SR-D5388 · Issue 456426
Corrected dropdown focus issue with dynamic layouts
Resolved in Pega Version 8.3
The focus was not retained on the dropdown field whose property was used in the dynamic layout for the refresh condition. Investigation showed that in pzpega_ui_doc_focus.js, the function "focusNextElement" was setting pega.u.d.gFocusElement set to null after the first load. This has been corrected.