INC-166995 · Issue 642440
DeleteDocumentPg added to allow list
Resolved in Pega Version 8.7
During performance testing with CSRF settings enabled, a '403 Forbidden' error was seen in the network trace when FinishAssignment called pyActivity=pyDeleteDocument on close action. This has been resolved by adding pyDeleteDocumentPg to the list of allowed activities.
SR-D37415 · Issue 508967
Parameter page update added to improve backwards compatibility for ShowTestLibraryTab
Resolved in Pega Version 8.2.4
An error was observed on the first attempt to modify the 'when' rule "ShowTestLibraryTab" located in PegaProjectMgmt:08-01-01. Analysis showed the when rule (Always, Never) which was called from this rule was not found, which was an issue traced to the Rule-Obj-When function alias parameter name being changed from "strWhen" to "blockName" in the 8.1 release. Subsequent attempts to save the modified rule succeeded due to step#7 in the Embed-UserFunction.pzPopulateDropdownFBUIParameters activity upgrading the pyParameters page with the latest data. To resolve this backwards compatibility issue, the activity step#6 has been modified to upgrade the parameter name for the Rule-Obj-When function alias.
SR-D38053 · Issue 508225
Upcase case shape will fall back to pyWorkCover if multiple pages are present
Resolved in Pega Version 8.2.4
In the Update a Case shape, selecting "A Single Case" and providing .pxCoveredInsKeys(1) for the With ID field worked as expected, but using the same data transform and selecting either "All child cases and descendants" or a specific child case resulted in no update on the children. This was traced to the findPageByHandle API not returning the most appropriate page, which created an issue whenever multiple pages were present in the clipboard. To correct this, the system has been updated to use pyWorkCover if present.
SR-D40685 · Issue 508810
Custom routing configured in early Pega versions will be mapped to custom on upgrade
Resolved in Pega Version 8.2.4
After upgrade, a configured custom routing option under assignment properties was missing in all assignments. This has been resolved by updating pzUpdateRouting with a condition that will take assignments configured in Pega 6 versions and map them to 'custom'.
SR-D24750 · Issue 507118
Resolved importing PublicFormat file using RuleFromFile Wizard
Resolved in Pega Version 8.2.4
When attempting to create a flow from a Public Format XML file using the Rule From File Wizard, the following error was seen: "Problem invoking function: pega_procom_harvest.performXSLT--(String,String,boolean,HashStringMap)". This was caused by a mapping failure related to the pyComments property in baseclass pega social functionality, and has been resolved with the addition of a new page group property pyComments of type "Data-MO-Annotation-Comment" which applies to "Embed-Rule-Obj-Flow-ProcessModel". In addition, a system property set has been added:'System.setProperty("javax.xml.transform.TransformerFactory","com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl");' to make the security flags work properly in java step of 'transformPublicFlow' activity
SR-D41636 · Issue 509433
Route to configuration in the approval flow accepts Specific User parameters
Resolved in Pega Version 8.2.4
Route to configuration in the approval flow was not accepting a parameter value/property value when select Specific User option from drop down was chosen. This was traced to unique ID change work done in the 8.2 release: the pzSimpleApproval section has two controls (DropDown for Participant & AutoComplete for Operator) configured on same property pyOperatorToAssign with "run visibility on client configuration), and when the control value was being changed in the AutoComplete control, the empty value of DropDown control was being posted to the clipboard. To correct this, the section Work-.pzSimpleApproval has been modified to remove performing run-visibility conditions at client side. Instead, the system will use the ".pyApproverType Changes" condition to refresh the wrapper DL which contains the routeTo type Operator/WB/Participant property controls.
SR-D42402 · Issue 508895
Added differentiated handling for special symbols based on location in the label string
Resolved in Pega Version 8.2.4
While importing an Excel file into a decision table that used custom functions like@string:notequal or equal, label names like 'AlphaPrefix !=AAA' resulted in the error "invalid expression or reference: line 1:28 extraneous input '"True"' expecting {<EOF>, '-', '+', '=', '*', '/'," " . Investigation found that the problem was with the label of the column not handling the the special characters like (‘!=’, ‘<’ , ‘<=’, ‘>’, ‘>=’ ) present in the middle of the label string: the label and default operator were being updated irrespective of the location of the symbols within the string. To resolve this, DecisionTableWorkBookConverter.java has been modified to set the operator only if the special strings (‘!=’, ‘<’ , ‘<=’, ‘>’, ‘>=’ ) are present at the end of the label.
SR-D28060 · Issue 505637
Cross-site scripting protection added to Pega App Studio Spaces
Resolved in Pega Version 8.2.4
Ajax Request's callback success method has a mechanism to process the response object's HTML responseText, initiate and modify the changeTracker changes, and eventually call renderUI to render the DOM. However, the response object sometimes may return a different type (JSON) that may expose cross-site scripting vulnerabilities. To improve security for the Pega App Studio, the system will process the Ajax request's response text only if the response date type is not JSON by accepting a flag in the callback object passed by the caller.
SR-D26244 · Issue 504223
Label control cross-site scripting protection added
Resolved in Pega Version 8.2.4
cross-site scripting protection has been added to label control.
SR-D30215 · Issue 503682
cross-site scripting protection added to ClientDynamicData
Resolved in Pega Version 8.2.4
Cross-site scripting protection has been added to the "DesignViewIframe" & "pzHarnessID" parameters in the pzClientDynamicData HTML rule.