INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
INC-202004 · Issue 692353
Hotfix documentation updated to point to Hotfix Manager page
Resolved in Pega Version 8.8
The readme file attached to hotfix downloads contained an outdated reference to use "PRPC Hotfix Installer on the Update Manager landing page." This has been updated to point to the Hotfix Manager landing page.
INC-205453 · Issue 706569
Pega Keystore supported for hotfix signature verification
Resolved in Pega Version 8.8
In order to support custom trust managers which require an alternate method for supplying the root certificate via a platform trust store, an enhancement has been added to allow Pega Keystore to be used as a hotfix verification source. Detailed information on this can be found in https://docs.pega.com/keeping-current-pega/87/verifying-hotfix-authenticity-using-pega-keystore
INC-208516 · Issue 705098
Patchdate values made unique
Resolved in Pega Version 8.8
The hotfix manager was incorrectly indicating that a previous hotfix was not installed or was partially installed and should be reinstated. This scenario was created during security updates where the missing/incomplete hotfix had been deliberately deleted from the database, and has been resolved by adding an update which will force patchdate to be unique when adding duplicate code resources during tests.
INC-209435 · Issue 707374
Column population error downgraded to warning
Resolved in Pega Version 8.8
A Column Population job run after deployment for some classes was logging the error "Class does not exist", but no property was identified and no impact to the system was seen. This error has been downgraded to a warning.