INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
INC-144399 · Issue 599715
Custom dropdown controls updated for classnames
Resolved in Pega Version 8.3.5
After upgrade, a customized format for Dropdowns was not picked up. This was due to recent changes made to Class name attributes to ensure they are populated for all controls, and was caused by the CSS selector not picking the necessary DOM element. This has been resolved.
INC-136793 · Issue 585605
Updates made to display busy indicator correctly in Google Chrome 84
Resolved in Pega Version 8.3.5
The Pega busy indicator was not displaying correctly in Google Chrome 84 due to changes in that browser. The needed updates have been made to adjust for these changes.
INC-143795 · Issue 599474
Acdatasource_driver call updated
Resolved in Pega Version 8.3.5
When Acdatasource_driver was invoked directly, an exception was generating indicating "This activity may not be called directly from input". This was related to recent refactoring work done, and has been resolved by modifying the code to call the acdatasource_driver activity through pzRunActionWrapper.
INC-138309 · Issue 591150
Added busy state reset to reenable buttons after custom frame cancel
Resolved in Pega Version 8.3.5
When using a custom iFrame in a section that called a third-party URL, clicking on cancel for the popup "Do you want to stay on this page or leave it?" caused the screen to freeze. This was traced to the cancellation of the dirty page setting a busy state which disabled all the buttons and did not have a path to recovery. This has been resolved by updating the busy state so it will reset when the user chooses to cancel the changes and reenable all the buttons.