INC-178070 · Issue 658677
Browser invocation allowed for UnlockOperator
Resolved in Pega Version 8.5.5
Attempting to unlock an operator who was locked out due to security policies was failing. This was an unintended side effect of security work performed earlier, and has been resolved by reenabling 'Allow invocation from browser ' for pzUnlockOperator. This activity requires an authentication check with privilege protection.
INC-179111 · Issue 659476
Toolbar delete handling modified
Resolved in Pega Version 8.5.5
After upgrade from Pega 7.4 to 8.5, the toolbar delete button behavior was different. Previously, the pzRuleFormToolbarDeleteRule section rule invoked RuleFormMain on refresh, but the updated version was calling RuleFormHeader, preventing the deletion of the assignment from the class instance. This was an unanticipated edge case and has been resolved by updating the action in the button to refresh the section RuleformMain instead of header.
INC-180468 · Issue 659924
JAWS correctly reads work group header
Resolved in Pega Version 8.5.5
While creating the groups within the organizational unit, JAWS was reading the name of the frame as "Process Work Area" instead of "Create Work Group" and "enter data" instead of the name of the edit field with edit instructions. This has been resolved by adding a property to the short description label so it contains the instance type that is being created.
INC-180603 · Issue 661741
Added protections for GetSiblings
Resolved in Pega Version 8.5.5
Cross-site scripting protections have been updated for the GetSibling activity.
INC-181091 · Issue 662779
Strategy rules open from proposition filter after update
Resolved in Pega Version 8.5.5
After update, strategy rules could not be opened from the proposition filter. This was caused by the pxInsName property being populated only when a strategy rule gets selected/configured from the CB gadget. For upgrade scenarios where the condition is already configured with a strategy rule, the pxInsName property will be missing. To handle this upgrade use case, the "Rule-open-by-keys" action will be used instead of "Rule-open-by-name", as rule keys are always present while pxInsName gets populated for only new configurations.
INC-182150 · Issue 669851
DSS added to control Pega Version Banner
Resolved in Pega Version 8.5.5
Nuisance errors were being logged related to the application trying to connect to Pega to confirm available versions. This has been resolved by adding the 'when' rule pyShowVersionBanner to pzStudioHomeWrapper which allows disabling/enabling the Version Banner based on the setting used in the DSS ShowVersionBanner. pyShowVersionBanner defaults to true when DSS ShowVersionBanner does not exist.
INC-169186 · Issue 655536
Disconnect button availability extended
Resolved in Pega Version 8.5.5
A case was not refreshing when the disconnect button was selected while using the standard section for authorization grant type authentication. This was traced to a query executed to find a div with attribute pzInsHandle, but that attribute was not applicable in the user portal. To support this use, the query has been extended to be applicable for user portal (attribute data-ui-meta) and Dev Studio landing page.
INC-171875 · Issue 653891
Skip restored for browser request CSRF token
Resolved in Pega Version 8.5.5
Many SECU0008 alerts were seen in the production logs. This was the result of a CSRF token check on requests without pyActivity or pyStream, and has been resolved by restoring a conditional skip of the check as those other browser requests do not contain a CSRF token.
INC-174321 · Issue 664237
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.5.5
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-175058 · Issue 660935
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.5.5
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.