SR-D70447 · Issue 533598
SQL injection protection added to Circumstanced Search
Resolved in Pega Version 8.1.8
Parameters used by the PegaAccel-Task-CircumstanceSearch.pzGetCircumstancePropValues activity are now encoded to prevent SQL injection attacks.
SR-D72672 · Issue 536387
Security updated for CreateOperator
Resolved in Pega Version 8.1.8
In order to improve security, CreateOperator in Pega-ProCom will require authentication to run with pxCanManageUsers privilege.
SR-D75469 · Issue 538120
Resolved null-pointer exception in Expression Builder launch from activity rule
Resolved in Pega Version 8.1.8
A NullPointerException occurred in SafeURL when trying to launch the Expression Builder from an activity rule. This was trasced to a failure to get a value property in a target field due to the target element and its parent element containing the same value for name attribute. This caused the parent element to be considered instead of the target element. To resolve this, the search for the target element in parent tag will use '$p' along with 'target element name' in query selector.
SR-D87673 · Issue 548628
PegaCESvcsIntegrator security updated
Resolved in Pega Version 8.1.8
Security updates have been made which now require authentication to consume the services from the PegaCESvcsIntegrator package.