INC-227878 · Issue 727855
UPDATE IMPACT FOR PEGA CALL
Resolved in Pega Version 8.7.3
Log4j-1.2.14.jar and Log4j-1.2.17.jar have been removed to address the security concerns with these versions, and logger jars have been upgraded to 12.7.2 version (from 12.7.1 version) to make Pega Call compatible. This change will impact Pega Call customer environments due to Avaya or Genesys, which are part of Pega Call, having an internal dependency on Log4j1.x version jars. As a result, the SDK logging for Avaya or Genesys will not be available in the 8.7.3 release unless the Log4j-1.x jar files are reimported locally.
INC-215785 · Issue 722554
Corrected logic for parsing imported Excel formula cells
Resolved in Pega Version 8.7.3
Integers specified as cells with formulas in Excel were getting an additional ".0" in them due to them being parsed internally as doubles during the floating point arithmetic of the Apache POI library. This has been resolved by modifying the logic in ExcelUtils.java to apply DataFormatter to get the string value instead of an integer by default for a formula cell.
INC-220770 · Issue 718028
Null check added to getBaseRef
Resolved in Pega Version 8.7.3
When using a customized Cosmos portal that included tabs, some of the Pega APIs were not available in the child frame and javascript errors were generated when calculating the clipboard path for live UI elements. This was traced to invalid references to "pega.api.ui.util.getBaseRef", and has been resolved by adding null checks to the getBaseRef API call to make sure javascript errors are not thrown.
INC-173596 · Issue 673089
Apache Commons HttpClient dependency removed
Resolved in Pega Version 8.7.3
As part of moving from the Apache Commons HttpClient project (which is at end of life and no longer being developed) to the Apache HttpComponents project, openws dependencies on the commons-httpclient jar have been removed.
INC-228169 · Issue 729187
Login error messages updated
Resolved in Pega Version 8.7.3
Exception response messages have been updated in order to improve security around attempts to bypass operator authentication.
INC-137709 · Issue 584297
New security role added to restrict access to development-specific classes
Resolved in Pega Version 8.5.1
A new security role and related RAROs have been implemented to allow better security for end users on non-BAC systems. This restricts access to Rules and execution of activities on classes that are development-specific.
INC-128811 · Issue 587213
Operator created with save-as has correct application access
Resolved in Pega Version 8.5.1
Creating an operator using Save As retained access to the applications of the original operator even if they were removed in the creation process. This was due to the saveAs operation of the Operator not retaining consistency between the records in the ValueList pyAccessGroupsAdditional and the page list pyaccessgroups_opid. To resolve this, the PreSaveAs of the Operator ID has been updated to maintain consistency in the records.
INC-132517 · Issue 578985
Correct manager name retained for skill-based routing updates
Resolved in Pega Version 8.5.1
In App Studio, having a manager update a team member's skills changed that team member's reporting Manager name (.pyReportTo) upon save. This was a use case where multiple operator IDs were required for the same person (name and email), so that using the report definition parameter 'BestOperatorValue' for the pzUpdateOperatorInfo activity caused an incorrect manager name to be set to the team member's operator ID. This has been resolved.
INC-127392 · Issue 574286
Delegated Decision table rule grid loads in iFrame with SSO
Resolved in Pega Version 8.5.1
The delegated decision table rule grid and checkout options were not displayed when launched from iFrame using SSO sign in. Without SSO, the delegated decision table grids were loading properly for the same Access group. The heart of this issue was that decision tables were using an older style of Designer Studio javascript which was not designed to be embedded in an iFrame due to issues related to Cross-Origin Resource Sharing (CORS). In order to support the usecase of the Pega end user portal/application being integrated to an external domain application using an iFrame, enhancements have been made to the necessary delegated rule function definitions.
INC-135095 · Issue 581849
Tracer toolbar shows correctly in IE
Resolved in Pega Version 8.5.1
After upgrade, the developer toolbar for the tracer pop up was not visible in Internet Explorer. Investigation showed that Microsoft Internet Explorer was loading the correct elements, but they were not displaying due to recent updates made to prevent Cross-site scripting vulnerabilities for the tracer. This has been resolved.