INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
INC-148154 · Issue 602921
Hot Fix Manager updated to use installation order for schema import
Resolved in Pega Version 8.3.5
Schema changes were not being imported during the hot fix manager DL import process. Investigation showed this was due to hotfixes in the DL being iterated over from newest to oldest, causing older hotfixes to replace the value added to a map by the newer. To resolve this, the system has been updated to use hotfix install order, which considers selected and dependent hotfixes, rather than ordering newest to oldest. This ensures that newer table representations will override older rather than the other way around.
INC-194330 · Issue 708711
Added special character handling for DecisionTable column-label
Resolved in Pega Version 8.7.2
The label of a decision-table column was being appended to the original decision-table return-value. The column label and comparator were handled differently for columns containing special characters (+, -, *,...), causing the data after the special character to be trimmed and appended to the row output value. This has been resolved by adding handling for special characters so the output and the label are rendered properly.
INC-200802 · Issue 714845
Line break handling added for setting required question asterisk
Resolved in Pega Version 8.7.2
If a survey question was formed in multiple sentences, the asterisk marking it as required was not displayed in screen. The asterisk displayed as expected if the question was one sentence. This has been resolved by updating the setMandatoryIconforQP script handle linebreaks and set the required symbol as expected.
INC-205666 · Issue 702936
Database table correctly prevents deletion if there are descendant classes
Resolved in Pega Version 8.7.2
When deleting a concrete class with descendant classes via an activity (Rule-.Delete), the Rule-Obj-Class.ValidateDeleteInternal activity was throwing an error message indicating the class could not be deleted due to descendant classes. However, the corresponding database table rule was deleted anyway. Investigation showed this was caused by ValidateDeleteInternal not reaching the Obj-Save-Cancel step. This can be fixed by modifying step 11, the post when conditions, to jump to END and set the END label at the Obj-Save-Cancel step instead Exit-Activity, but this issues has been resolved by updating all failure states to run end step. In addition, security has been updated to disallow "Allow invocation from browser".