INC-143193 · Issue 595940
Handling added for UI overlap issue
Resolved in Pega Version 8.5.2
Elements of the window "Test Case Record Configuration" were shifted into one another when the Application name was too long that it overlapped with the other UI Elements. This has been resolved by adding a style sheet with overflow hidden.
INC-146424 · Issue 602896
Keyboard users can select DSS records with enter key
Resolved in Pega Version 8.5.2
Keyboard accessible users were not able to select DSS records using the keyboard. This has been resolved by adding the action "Open selected item to the Enter event for the section pzViewInstances.
INC-149728 · Issue 608105
Application wizard security updated
Resolved in Pega Version 8.5.2
A user having PegaRULES:User1 role only was able to run the Create Application wizard until an authorization block was reached, yet some rules were created. No operator records were created as part of this process. This was traced to code left in place after the creation of pxAppConfig and pzAppConfig portals, and has been resolved. The New Application wizard UI will display a message to a user when they lack access to build a new application, and an error will be displayed for any attempt to create a new application directly via pzCreateNewApplication to address a scenario where a user might be trying to call the activity without the front end.
INC-150039 · Issue 608042
Adjusted validation of literal value of a parameter
Resolved in Pega Version 8.5.2
When mapping a parameterized when rule to the proposition filter, parameters passed from the proposition filter page were not getting flown to the when rule. This was caused by special character validation for a literal value of a parameter which necessitated putting the parameter value within quotes and which resulted in a parameter value mismatch at run time. To support this use, this validation has been disabled as parameter values would not get included within quotes. This change does not have any impact on when rule or proposition filter rules java generation.
INC-150845 · Issue 606342
OpenRule logic updated for GetRuleInfo
Resolved in Pega Version 8.5.2
The exception "InsufficientPrivileges:RuleExecutionDenied RULE-OBJ-ACTIVITY @BASECLASS PZGETRULEINFO" was thrown for some access groups when attempting to view a section from the end-user perspective on the Opportunity screen. Investigation showed this happened when a section had a table in which "Optimize code" was unchecked. If "Optimize code" was checked, then the exception was not thrown. This was traced to recent security changes in pzGetRuleInfo which affected the BAC registration process, and has been resolved by updating the way the openRule action registration logic invokes the activity.
INC-130703 · Issue 597255
Operator provisioning on authentication service corrected
Resolved in Pega Version 8.5.2
When operator provisioning was triggered on user login via authentication service, the error "ModelOperatorName is not valid. Reason: declare page parameters not supported by PropertyReference" was generated. This was traced to optimization work that had been done on the expression evaluation for operator identification, and has been resolved by adding the required GRS Syntax support in the Operator Provisioning section in SAML and OIDC.
INC-132191 · Issue 582550
Option added to return to same authenticationService after SAML logoff
Resolved in Pega Version 8.5.2
An enhancement has been added which provides a check box on the Authentication Service ruleform to select the option of redirecting users back to their original authentication service screen after logoff.
INC-133518 · Issue 592227
Context updated for IACAuthentication activity trace
Resolved in Pega Version 8.5.2
After upgrade, tracing the IACAuthentication activity was not working. Investigation showed that the context object had a null tracer value, which has been resolved by updating the system so the tracer runs with the correct context.
INC-134808 · Issue 590711
Property check handling updated for Ajax requestor
Resolved in Pega Version 8.5.2
SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.
INC-137873 · Issue 596159
Java injection security updated
Resolved in Pega Version 8.5.2
Protections have been updated against a Java injection.