SR-D50016 · Issue 515903
Exception stack trace will be included as comments in generated assembly code
Resolved in Pega Version 8.2.5
When there is an exception during assembly time, that original exception message is assembled in the generated code. To improve the process of finding the the root cause by examining the original exception stack, the system has been updated to insert the original exception stack trace into the generated code as comments.
SR-D50161 · Issue 514822
Auto populate disabled during redux page conversion to prevent concurrent modification exception
Resolved in Pega Version 8.2.5
Running a standalone data page sourced from a look up of a class was failing sporadically with a concurrent modification exception. The Data page was backed by redux pages: this meant that when the page fetched from data source was converted to redux page, it was iterating through all properties in the mContent of the page and trying to convert those to redux properties. During this process, when any auto populate property was encountered it was getting triggered and modifying the mContent, resulting in a change in iterator. As a result, when the Iterator was trying to fetch the next element, the concurrent modification exception was thrown. To resolve this issue, auto populate has been disabled during redux page conversion to avoid unnecessary problem during data page load.
SR-D50436 · Issue 513849
Case creation service activity unauthorized response modified
Resolved in Pega Version 8.2.5
When unauthorized users accessed the URL for creating a case, a blank screen appeared instead of the user being routed to a login screen. This was due to the system returning an HTTP 400 error instead of HTTP 401 response, and was traced to the introduction of an anonymous user type in the authentication activity (Authentication service in the service package). Case creation REST service uses pzCreateCase activity to create the cases, but before introducing the anonymous user type it was exiting from the authentication activity and did not call pzCreateCase. This was traced to the error handling relying on a field value to be in English when instead the site had localized the value, causing a mismatch which did not generate the necessary failed status. To avoid this, the system will now use the new pxStatusFlowSecurity process engine status instead of relying on a text match to determine this error.
SR-D50793 · Issue 514258
PegaEmailClient Debug level EmailAccount password issue resolved
Resolved in Pega Version 8.2.5
The SendEmailNotification activity was failing to send email when DEBUG log level was enabled for the com.pega.platform.integrationengine.client.email.PegaEmailClient class. This was traced to the removal of the pyPassword property from the copied object which was done for security reasons, but which is this case led to failed authentication. This has been resolved.
SR-D56079 · Issue 517628
Content type added to Httpclientutils
Resolved in Pega Version 8.2.5
The XML Response received from Connect HTTP Service was being converted to Base64 format automatically. This was traced to there not being a content type in the response header from the service, causing the content to be treated as binary and encoded before being mapped to the clipboard. To correct this, content type has been added to Httpclientutils.
SR-D40662 · Issue 511397
OpenRuleAdvanced updated
Resolved in Pega Version 8.2.5
After upgrade, the Update Page and Append and Map to step in Data transform was generating the error "No Server connection while giving page name to Target and Source". This was traced to the OpenRuleAdvanced_OverLabel control, and investigation showed that a variable was not being resolved when invoking pzEncryptURLActionString. This has been resolved by updating OpenRuleAdvanced and reimplementing two parameters as well as moving the call of these variables to the beginning of the script. Security has also been improved by moving some of the encryption to SafeUrls.
SR-D42566 · Issue 512872
Security improvements for ApplicationInventory and Delete Class
Resolved in Pega Version 8.2.5
It was possible to call the activity "ApplicationInventory of class Rule-" by appending the activity name in the URL. To improve security, the ApplicationInventory activity and HTML rule have been removed from the system. In addition, it was possible to access the "delete class" screen and perform actions on top of it by directly appending the stream to the URL. This has been refactored so the screen will be presented only if the pzSystemOperationsAdministrator privilege is in the current access group.
SR-D43402 · Issue 509972
ValueList/Group correctly appears on clipboard
Resolved in Pega Version 8.2.5
After upgrade the property of type ValueList/Group was missing from the clipboard. This was traced to an extra 'when' rule applied on the visibility of Layout-2 in final section pzProperty (Pega-Desktop:08-02-01), and has been corrected.
SR-D43776 · Issue 510762
Clipboard ExecuteActivity button updated to get classname
Resolved in Pega Version 8.2.5
In Clipboard, clicking the execute activity button did not trigger any action in the backend. Investigation showed that previously the ID attribute for the HTML element used to be same as the property name, and the value of property "pyClassName" was found in the document.getElementById function. Due to work done to provide a feature that generates unique IDs for UI elements (auto generated controls), this must be done through other functions such as document.querySelector to get the value of the property from DOM. The necessary updates have now been made to the javascript function in control pzExecuteActivityButton.
SR-D43783 · Issue 509908
Comments explicitly excluded from generated ruleset under localization
Resolved in Pega Version 8.2.5
A generated URL link from Correspondence Fragment (WorkLink) which was saved in Pega-ProCom_ja was incorrect due to an incomplete URL. The ruleset Pega-ProCom_ja is not provided from the platform, but is generated when using localization. In this case, a comment fragment was included in the rule when it was generated, causing the issue. To resolve this, comment handling has been updated to ensure it's not included when generating the rule.