INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
INC-183706 · Issue 685830
Added null check for DynamicAppenders
Resolved in Pega Version 8.7.1
Null pointer exceptions were seen for Pulse. This has been resolved by adding a null check in the DSS save/update process.
INC-185117 · Issue 680899
Check added to disable offset support for older versions of Oracle
Resolved in Pega Version 8.7.1
An ORA-00933 error was generated after upgrading from Pega 7.1 to Pega 8.5. This was traced to a conflict between Oracle 11g and the Pega 8.5 platform related to an OFFSET statement being added to a query for a version of Oracle that doesn't support it. The preferred solution is to upgrade Oracle to address this, but in order to support backwards compatibility a check has been added which will disable offset support in Oracle if productversion <=11.
INC-202677 · Issue 698989
Handling added for missing expose.accessGroup property
Resolved in Pega Version 8.7.1
After exposing an existing page group and page list properties along with single value properties using a declare index, running the Column Populator tool prpcServiceUtils to populate the historical data resulted in the single value properties being updated in the exposed column properly, but the page group and page list properties were not updated in the declare index table. On new case creation the declare index tables were updated. This was traced to the default expose.accessGroup not being set for the user, and has been resolved by adding a check and handling that will add the missing property in prpcserviceutils.properties defining the access group for the Rule-Declare-Index of the classes being exposed if it is not present.
INC-173986 · Issue 668935
Updated survey refresh API for switching radio buttons
Resolved in Pega Version 8.7.1
After configuring a picklist with multiple options in a survey framework, it was not possible to select a radio button when toggling between radio buttons on the UI. Investigation showed the values of the radio buttons were not published to Clipboard, causing pyAnswer to be blank. After detaching the webwb_pzsurvey_ui_userscript.js the value was posted correctly and the visible WHEN was working as expected. This has been resolved by updating pzsurvey_ui_userscript to add a timeout on the refresh API call when switching between radio button options.