INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
INC-184040 · Issue 688255
Improved accessibility for Disclosable Documents/attach files/auto selection dropdowns
Resolved in Pega Version 8.6.4
When using Dragon for accessibility, issues were seen when trying to select different options in the dropdowns related to attaching multiple files. This was caused by the legacy grids being used not supporting this type of accessibility functionality, and has been resolved by updating pzAttachFileDDFileList to use an optimized table instead.
INC-187350 · Issue 703198
UUID added to iOS direct photo upload to differentiate filename
Resolved in Pega Version 8.6.4
When "Content Storage" with the option "Store in repository" was enabled on the "Integration" tab in the Application definition, it was not possible to add more that two attachments to a case with an iPhone when directly capturing a photo through the camera app instead of uploading the photo as an attachment using the gallery. When using the default "Store in Pega database", the additional photos could be uploaded directly from an iOS camera without any errors. Investigation showed that when "Store in repository" was enabled, a file name conflict check was done in the repository. Because the iOS camera app saves/uploads every image as "image.jpg", this caused the error when checking for a filename conflict in the repository. This has been resolved by adding code to append a UUID to the attachname when the device is mobile and browser is Apple Safari.
INC-192673 · Issue 689554
Tab highlighting updated
Resolved in Pega Version 8.6.4
Not all elements were indicated with yellow highlighting when tabbing through the screen. This has been resolved.
INC-194180 · Issue 704638
GetChildcases handling updated for large numbers of cases
Resolved in Pega Version 8.6.4
When a very high number of child cases being processed contained a wait shape that was dependent on the movement of a parent case, some of the cases were moved to the next step of the flow automatically while others required a manual command to ResumeFlow. In extreme cases where many child cases were waiting, a node crash could occur. This was traced to the pzGetChildcases report having a maximum value of 500 lines, and has been resolved by increasing the maximum number of rows to retrieve to 9999 in the Data Access Tab of the pzGetChildCases report definition. In addition, the pxCheckFlowDependencies activity has been modified to perform with a higher number of cases, and DSS(MaxRecords) logic has been added to split the child cases into multiple queue items for each access group to decrease load on each thread process.