INC-149728 · Issue 608107
Application wizard security updated
Resolved in Pega Version 8.4.4
A user having PegaRULES:User1 role only was able to run the Create Application wizard until an authorization block was reached, yet some rules were created. No operator records were created as part of this process. This was traced to code left in place after the creation of pxAppConfig and pzAppConfig portals, and has been resolved. The New Application wizard UI will display a message to a user when they lack access to build a new application, and an error will be displayed for any attempt to create a new application directly via pzCreateNewApplication to address a scenario where a user might be trying to call the activity without the front end.
INC-150039 · Issue 608044
Adjusted validation of literal value of a parameter
Resolved in Pega Version 8.4.4
When mapping a parameterized when rule to the proposition filter, parameters passed from the proposition filter page were not getting flown to the when rule. This was caused by special character validation for a literal value of a parameter which necessitated putting the parameter value within quotes and which resulted in a parameter value mismatch at run time. To support this use, this validation has been disabled as parameter values would not get included within quotes. This change does not have any impact on when rule or proposition filter rules java generation.
INC-150845 · Issue 606354
OpenRule logic updated for GetRuleInfo
Resolved in Pega Version 8.4.4
The exception "InsufficientPrivileges:RuleExecutionDenied RULE-OBJ-ACTIVITY @BASECLASS PZGETRULEINFO" was thrown for some access groups when attempting to view a section from the end-user perspective on the Opportunity screen. Investigation showed this happened when a section had a table in which "Optimize code" was unchecked. If "Optimize code" was checked, then the exception was not thrown. This was traced to recent security changes in pzGetRuleInfo which affected the BAC registration process, and has been resolved by updating the way the openRule action registration logic invokes the activity.
INC-151669 · Issue 618042
Formulas corrected for GenerateExcelFile
Resolved in Pega Version 8.4.4
After upgrade, using pxGenerateExcelFile to generate an Excel file resulted in some formulas and values not displaying. This scenario used an Excel template with two tabs - one showing direct page values and the second displaying the calculated values of first sheet. In the exported file, the formula was not getting evaluated unless and until the cell was activated with the enter key. This is a known limitation, and a temporary solution has been made here to add parameters that force the formula evaluations on the saved Excel document when editing is turned on. A more complete solution will be included in the next patch release.
INC-128923 · Issue 594161
Cross site scripting security update
Resolved in Pega Version 8.6
Cross site scripting protections have been added to OpenNoteDetails.
INC-132590 · Issue 590493
Exported Excel from Decision Table wraps correctly
Resolved in Pega Version 8.6
After upgrade, entries were displayed in a single line on exporting a decision table to Excel despite WrapText cell formatting being set. This was traced to the WrapText cell formatting set under the UpdateGridCells() function being overridden inside an addDataFormat() function callas part of DecisionTableWorkBookConverter.java. This has been resolved by adding the new function "setWorkAreaCellStyles" and calling it after generateWorkbook() function call of super class (AbstractWorkBookConverter.java).
INC-132930 · Issue 600294
Updated UpdateDateTime handling for branch merge SaveAs
Resolved in Pega Version 8.6
After Pega API's standard branch/merge service was consumed, the service was not returning response as expected due to the system encountering listing conflicts on the branch merge. The error "a rule in lower version has been updated more recently than when the checkout was created" was generated. This has been resolved by updating the Record API (pxUpdateRecord / pxCheckIfStale) to handle setting pxMergedSynchronized property to the pxUpdateDateTime of the base rule instance when doing a Save As into a branch ruleset from a non-branch ruleset / non personal ruleset. Please note - this fix is only applicable to Record API SaveAs, and will not work if customized logic is used to perform the SaveAs.
INC-136186 · Issue 592969
JAWS reads the name of the field/instructions
Resolved in Pega Version 8.6
JAWS was not reading the name of the field/instructions in a work group. This has been corrected.
INC-136187 · Issue 596093
Mask hidden as expected in small window/tablet view with Dragon
Resolved in Pega Version 8.6
When using Dragon in a small window/tablet view, the mask was not getting removed as expected. Performing a mouse click on the tab was successful for hiding it. To resolve this, Data-portal!pzProfileMenu has been modified to run the script removeScreenLayoutMask after clicking Profile, Preferences, Operator, Access Group, and My Favorites > Edit .
INC-139300 · Issue 590272
Additional security for encrypted passwords
Resolved in Pega Version 8.6
Handling and cleanup has been updated for encrypted values to enhance security.