INC-143320 · Issue 602281
Support added for email addresses with hyphen in domain name
Resolved in Pega Version 8.3.5
When attempting to enter a email with a hyphen '-' in the domain part of an email ID ([email protected]), the reply button was getting disabled. This was caused by the regex validation implemented in the "pzValidateEmailAddress" (Work-Channel-Triage-Email) standard activity not covering all the possible cases. To resolve this, regex has been changed to instead use a platform-provided rule to ValidateEmailAddress.
INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
SR-D32991 · Issue 504129
Email Discussion Thread retains Formatting
Resolved in Pega Version 8.3.1
CSS styles were not being retained in the discussion thread when replying to InboundCorrespondence cases. This was traced to a missing value in Param.latestReply activity pzCreateExternalPostFromMail, and has been resolved by setting an initial plain text value to the param.latestReply before it is set with the HTML value. This prevents having a blank parameter value if the incoming HTML value is empty.
SR-D28342 · Issue 504970
ChatMashup loading issue with IDP resolved
Resolved in Pega Version 8.3.1
When using a harness containing chat scripts via Mashup that called an activity to set parameters, attempting to launch the Mashup from an external application failed on the first attempt: an incorrect URL was generated and the activity was not triggered, resulting in an empty harness. The second attempt to launch the Mashup worked as expected. This was seen when using an IDP initiated Login with query string - pyActivity= classname.ActivityName, and there was a workaround to use SP initiated login or to use the activity URL directly on the IDP portal. Investigation showed that the resourcePath was coming as http in SSL enabled system, but the reqURI was still https. To correct this, the system has been updated so that if the reqContextURI starts with https and the requestURL starts with http, then the requestURL will be converted to https.
SR-D24750 · Issue 501745
Resolved importing PublicFormat file using RuleFromFile Wizard
Resolved in Pega Version 8.3.1
When attempting to create a flow from a Public Format XML file using the Rule From File Wizard, the following error was seen: "Problem invoking function: pega_procom_harvest.performXSLT--(String,String,boolean,HashStringMap)". This was caused by a mapping failure related to the pyComments property in baseclass pega social functionality, and has been resolved with the addition of a new page group property pyComments of type "Data-MO-Annotation-Comment" which applies to "Embed-Rule-Obj-Flow-ProcessModel".