INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
INC-178002 · Issue 663768
Restore point handling updated for absent pzpvstream column
Resolved in Pega Version 8.5.6
While executing the “get restore point” action for rollback, a PZPVSTREAMerror error occurred with the message "(util.HistoryCollectorDataModel) WARN|Rest|SystemManagement|v2|restorepoint - History collection for the table will be slow because it does not have all of the required columns". This was a missed use case for Robotics Automation not having a pzpvstream column for one of the tables; this has been corrected with a check to validate for pzpvstream column so the system will not seek history records if the pzpvstream column is not present.
INC-185117 · Issue 680898
Check added to disable offset support for older versions of Oracle
Resolved in Pega Version 8.5.6
An ORA-00933 error was generated after upgrading from Pega 7.1 to Pega 8.5. This was traced to a conflict between Oracle 11g and the Pega 8.5 platform related to an OFFSET statement being added to a query for a version of Oracle that doesn't support it. The preferred solution is to upgrade Oracle to address this, but in order to support backwards compatibility a check has been added which will disable offset support in Oracle if productversion <=11.
INC-189781 · Issue 677815
Database Transaction Log update overflow resolved
Resolved in Pega Version 8.5.6
When automatic.resume=false was encountered uring an update, cleaning up the existing codeset from previous updates ended up filling up the database transaction logs and caused the update to fail. This has been resolved by updating the process of clearing the codeset so it doesn't overflow the transaction log.
INC-190722 · Issue 676400
Ruleset Restoration Utility repaired
Resolved in Pega Version 8.5.6
Attempting to use the standard Ruleset Restoration utility after update was resulting in a "Status:fail Operator:Unauthenticated or not available Node:No ID available" error message. This was a missed use case for the refactoring done around importing rules, and was caused by the utility calling the deprecated Importable.isValidImport() method. This has been resolved by updating the import activity to restore its functionality.