INC-143320 · Issue 602281
Support added for email addresses with hyphen in domain name
Resolved in Pega Version 8.3.5
When attempting to enter a email with a hyphen '-' in the domain part of an email ID ([email protected]), the reply button was getting disabled. This was caused by the regex validation implemented in the "pzValidateEmailAddress" (Work-Channel-Triage-Email) standard activity not covering all the possible cases. To resolve this, regex has been changed to instead use a platform-provided rule to ValidateEmailAddress.
INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
INC-127591 · Issue 564818
isAuthenticated checks trimmed for Performance Improvement
Resolved in Pega Version 8.2.7
In order to improve performance, a duplicate check of pxIsRepositoryAuthenticated has been removed from the Function Rule.
INC-127859 · Issue 564619
Email image retrieval switched to Lazy Load
Resolved in Pega Version 8.2.7
In email, multiple images being loaded at once resulted in a performance impact. To resolve this, the fetching of inline images has been modified to use Lazy Load optimization which will retrieve file content from S3 storage on a need basis.
INC-127891 · Issue 564726
Added check for redirects when getting images from S3
Resolved in Pega Version 8.2.7
When retrieving images from S3 storage, a 303 redirect status response code was shown. Investigation showed that using a public URL caused the redirects, and this has been resolved by adding an AG hash while fetching images via an activity.