INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
INC-205666 · Issue 702934
Database table correctly prevents deletion if there are descendant classes
Resolved in Pega Version 8.6.5
When deleting a concrete class with descendant classes via an activity (Rule-.Delete), the Rule-Obj-Class.ValidateDeleteInternal activity was throwing an error message indicating the class could not be deleted due to descendant classes. However, the corresponding database table rule was deleted anyway. Investigation showed this was caused by ValidateDeleteInternal not reaching the Obj-Save-Cancel step. This can be fixed by modifying step 11, the post when conditions, to jump to END and set the END label at the Obj-Save-Cancel step instead Exit-Activity, but this issues has been resolved by updating all failure states to run end step. In addition, security has been updated to disallow "Allow invocation from browser".
INC-205938 · Issue 721200
Improved handling for heavy use of PushDailyUserData
Resolved in Pega Version 8.6.5
The PushDailyUserData agent was causing utility node performance issues due to the amount of data it was fetching from pr_hourly table. To resolve this, an update has been made which will run the agent once per day and chunk large data.
INC-209158 · Issue 722412
Loop handling updated for Decision Table OR conditions
Resolved in Pega Version 8.6.5
The system was crashing when saving or checking in a decision table with 21 columns and 20 rows where each cell contained 1, 2, or 3 OR conditions. Investigation showed this was caused by an indefinite number of loops when 'or' conditions were used in the test consistency activity, and this has been resolved with an update which ensures only the specified number of loops are performed.
INC-211248 · Issue 713158
Survey navigation type set for use with complex CB refresh
Resolved in Pega Version 8.6.5
After upgrade from Pega 7.1 to Pega 8.5, creating a legacy survey used in pxSurveySection with a complex CB question page that contained a refresh option had collapsed tree navigation, the survey name was blank, and duplicate labels were found in picklist questions. To resolve this, an update has been added which will set the navigation type in parameters after a complex CB refresh and skip page copy while upgrading survey work objects.