INC-125803 · Issue 568661
Cross-site scripting updated on activities
Resolved in Pega Version 8.1.9
Additional Cross-site scripting work has been done on activities.
INC-127981 · Issue 563000
Rulesets removed from direct invocation ability
Resolved in Pega Version 8.1.9
Internal rules have been updated so that they are no longer available to be invoked directly by a client or service.
INC-146837 · Issue 602673
PerformCriteria contains CurUserHasRequiredSkills 'when' rule
Resolved in Pega Version 8.1.9
A customer version of the PerformCriteria data transform was generating a validation error due to a qualified statement that resulted in a null result. This has been resolved by updating the PerformCriteria DT to include the CurUserHasRequiredSkills 'when' rule.
SR-D65866 · Issue 536427
Corrected approval step task message
Resolved in Pega Version 8.1.9
When a case progressed to the approval step, the task name did not properly appear as part of the "Please approve or reject this" message. In another scenario, a portal which supported locale switching was not translating "Please approve or reject this" when the locale was switched, but instead displayed the message in the original language. Investigation traced this to the pzInstructionsForApproval data transform storing the localized field value, causing it to persist inappropriately. This has been resolved.
SR-D84122 · Issue 547965
Added min INT comparison for BrowseByKeys
Resolved in Pega Version 8.3.3
Running the dataset with the Browse option worked as expected, but running it using BrowseByKeys operation and giving a negative value caused results to not be populated. To resolve this, a minimum INT value comparison has been added.
SR-D84099 · Issue 547824
Atmosphere library updated
Resolved in Pega Version 8.3.3
Multiple setAttribute exceptions were logged related to the Atmosphere component, indicating "The request object has been recycled and is no longer associated with this facade." Investigation showed that since the request object was destroyed, an illegalstateexception was thrown. To resolve this, the Atmosphere library has been updated to version 2.4.5.7 which contains the fix for this error.
SR-D64608 · Issue 544386
Corrected filedownload extension header issue
Resolved in Pega Version 8.3.3
Filedownload header contained plain non-ascii characters which caused a security violation issue. This has been resolved by removing the filedownload header from the HTTP response when the sendfile API is used with inputstream to download a file.
SR-D60284 · Issue 550558
Delete Requestor method updated for use with CMT
Resolved in Pega Version 8.3.3
JMS MDB Listeners with Container Managed Transaction (CMT) enabled in Websphere 8.5 had global transactions fail. To initialize a JMS-MDB listener, a requestor of type APP is used. Upon the service being fully initialized, the requestor is removed by executing a delete operation followed by a COMMIT. However, in this scenario, the initialization operation is running within a CMT context and a SQLException was raised indicating that the commit was not allowed. To resolve this, the delete requestor method has been refactored to take into account the CMT context so the commit is not executed if the transaction is managed by the container.
SR-D74921 · Issue 551786
Error condition will close WebSocket connection
Resolved in Pega Version 8.3.3
An async listener has been added that will close the WebSocket connection when an error condition is encountered.
SR-D53835 · Issue 524212
Handling added for custom authentication in embedded mashup
Resolved in Pega Version 8.3.3
After embedding the Mashup gadget in an external application, at browser refresh a Cross-Origin Read Blocking (CORB) warning appeared and the gadget did not load as expected. A second refresh cleared the error. Investigation showed that when custom authentication is configured, 'use SSL' is checked in Authentication service. That meant that when the user was authenticated, the redirection was not considering the query string entered before authentication and the CORB warning was issued due to a change in response. Because there is special handling for the above use case and post-authentication redirection does not happen through the normal flow (HttpAPI), this issue has been resolved by honoring the query string stored in requestor (entered by user) while redirecting.