INC-174435 · Issue 659479
Survey Complex Question Definition properly displayed
Resolved in Pega Version 8.4.6
Selecting any Complex Question to look at the definition displayed a blank screen. This was traced to an issue with the ruleformtabs properties for the layout group used by complex questions, and has been resolved by changing the Layout Group display type from "Default" to "Tab".
INC-175533 · Issue 678911
Improved Page compare for page groups
Resolved in Pega Version 8.4.6
Field level auditing on embedded properties sporadically did not report the "old" value when a property was modified even though the page was listed as "Modified". This has been resolved by adding logic to the pxComparePages algorithm to treat Lists and Groups differently. Now Page and Value Groups will use pxSubscript as the primary way to detect add and deletes.
INC-180603 · Issue 661739
Added protections for GetSiblings
Resolved in Pega Version 8.4.6
Cross-site scripting protections have been updated for the GetSibling activity.
INC-182248 · Issue 665782
Added logic to handle manual validate rule creation
Resolved in Pega Version 8.4.6
Manually creating a Validate rule with conditions and then opening the configure view with conditions caused the validation rule to be removed from the flow action rule along with the validation conditions in the validation rule referred in flowAction rule. This has been resolved by updating the logic in the Condition Builder to handle this use case.
INC-191567 · Issue 676158
New application wizard security updated
Resolved in Pega Version 8.4.6
Security around displaying and running the new application wizard has been enhanced.
INC-175706 · Issue 659527
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.4.6
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-179360 · Issue 662178
Check added for allowed editing with CSRF
Resolved in Pega Version 8.4.6
After enabling CSRF, it was not possible to edit a data table used to define ACL rules due to security preventing the adding/editing of rows and user group entitlements. This has been resolved by using browser FingerPrint validation to check whether an activity is in a secured list and skipping validation for allowed activities.
INC-180275 · Issue 666457
Collaboration control hidden if data type is delegated
Resolved in Pega Version 8.4.6
When collaborating using a customized CaseManager portal with some delegated data types, the admin user refreshing the Data Type view changed the collaborator's view from the portal to show the Data Type tabs, allowing the second person to open rules (properties, Data Pages, etc) and see the configuration even though they could not make any changes. This has been resolved by updating pzDataTypeDelegated to display the collaboration control only if pzDelegation is false.
INC-180594 · Issue 670956
Filtering added for DisableDormantOperators
Resolved in Pega Version 8.4.6
When running the Disable Dormant Operators agent, many operators were seen which were dormant but not disabled. Investigation showed the activity was fetching all of the operators without filtering the deactivation state. This has been resolved by adding a filter condition in pzDisableDormantOperators to fetch only deactivate state users.
INC-180858 · Issue 660798
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.4.6
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.