INC-125803 · Issue 568661
Cross-site scripting updated on activities
Resolved in Pega Version 8.1.9
Additional Cross-site scripting work has been done on activities.
INC-127981 · Issue 563000
Rulesets removed from direct invocation ability
Resolved in Pega Version 8.1.9
Internal rules have been updated so that they are no longer available to be invoked directly by a client or service.
INC-146837 · Issue 602673
PerformCriteria contains CurUserHasRequiredSkills 'when' rule
Resolved in Pega Version 8.1.9
A customer version of the PerformCriteria data transform was generating a validation error due to a qualified statement that resulted in a null result. This has been resolved by updating the PerformCriteria DT to include the CurUserHasRequiredSkills 'when' rule.
SR-D65866 · Issue 536427
Corrected approval step task message
Resolved in Pega Version 8.1.9
When a case progressed to the approval step, the task name did not properly appear as part of the "Please approve or reject this" message. In another scenario, a portal which supported locale switching was not translating "Please approve or reject this" when the locale was switched, but instead displayed the message in the original language. Investigation traced this to the pzInstructionsForApproval data transform storing the localized field value, causing it to persist inappropriately. This has been resolved.
INC-119669 · Issue 562588
Special character handling added to filters for table sourced with parameterized RD
Resolved in Pega Version 8.1.9
Filters were not working on a table when sourced with a report definition which accepted a parameter value containing special characters (Eg: S&P). This has been resolved by using StringUtils.reversibleCrossScriptingFilter in the pzGetGridColUniqueValues activity to allow filters to contain special characters.
INC-145810 · Issue 599463
BIX log shows correct corrupted BLOB pzInskey
Resolved in Pega Version 8.1.9
An update has ben made to ensure the correct inskey is shown in the BIX logs for a corrupted BLOB.
SR-D90400 · Issue 563187
Explicit parent added for descendants in subreport to correct summary
Resolved in Pega Version 8.1.9
When using a Report Definition with a Summarize column and a subreport with join class, it was not considering implementation class work objects. As a result, the prepared values were only partially computed. This was traced to the SubReport in SetQuery not having reference to a parent for the descendants classes, and has been resolved by explicitly setting the parent value.
SR-D40662 · Issue 511396
OpenRuleAdvanced updated
Resolved in Pega Version 8.3.2
After upgrade, the Update Page and Append and Map to step in Data transform was generating the error "No Server connection while giving page name to Target and Source". This was traced to the OpenRuleAdvanced_OverLabel control, and investigation showed that a variable was not being resolved when invoking pzEncryptURLActionString. This has been resolved by updating OpenRuleAdvanced and reimplementing two parameters as well as moving the call of these variables to the beginning of the script. Security has also been improved by moving some of the encryption to SafeUrls.
SR-D41636 · Issue 521731
Route to configuration in the approval flow accepts Specific User parameters
Resolved in Pega Version 8.3.2
Route to configuration in the approval flow was not accepting a parameter value/property value when select Specific User option from drop down was chosen. This was traced to unique ID change work done in the 8.2 release: the pzSimpleApproval section has two controls (DropDown for Participant & AutoComplete for Operator) configured on same property pyOperatorToAssign with "run visibility on client configuration), and when the control value was being changed in the AutoComplete control, the empty value of DropDown control was being posted to the clipboard. To correct this, the section Work-.pzSimpleApproval has been modified to remove performing run-visibility conditions at client side. Instead, the system will use the ".pyApproverType Changes" condition to refresh the wrapper DL which contains the routeTo type Operator/WB/Participant property controls.
SR-D42566 · Issue 512871
ApplicationInventory function deleted
Resolved in Pega Version 8.3.2
It was possible to call the activity "ApplicationInventory of class Rule-" by appending the activity name in the URL. To improve security, the ApplicationInventory activity and HTML rule have been removed from the system.