SR-D40662 · Issue 511397
OpenRuleAdvanced updated
Resolved in Pega Version 8.2.5
After upgrade, the Update Page and Append and Map to step in Data transform was generating the error "No Server connection while giving page name to Target and Source". This was traced to the OpenRuleAdvanced_OverLabel control, and investigation showed that a variable was not being resolved when invoking pzEncryptURLActionString. This has been resolved by updating OpenRuleAdvanced and reimplementing two parameters as well as moving the call of these variables to the beginning of the script. Security has also been improved by moving some of the encryption to SafeUrls.
SR-D42566 · Issue 512872
Security improvements for ApplicationInventory and Delete Class
Resolved in Pega Version 8.2.5
It was possible to call the activity "ApplicationInventory of class Rule-" by appending the activity name in the URL. To improve security, the ApplicationInventory activity and HTML rule have been removed from the system. In addition, it was possible to access the "delete class" screen and perform actions on top of it by directly appending the stream to the URL. This has been refactored so the screen will be presented only if the pzSystemOperationsAdministrator privilege is in the current access group.
SR-D43402 · Issue 509972
ValueList/Group correctly appears on clipboard
Resolved in Pega Version 8.2.5
After upgrade the property of type ValueList/Group was missing from the clipboard. This was traced to an extra 'when' rule applied on the visibility of Layout-2 in final section pzProperty (Pega-Desktop:08-02-01), and has been corrected.
SR-D43776 · Issue 510762
Clipboard ExecuteActivity button updated to get classname
Resolved in Pega Version 8.2.5
In Clipboard, clicking the execute activity button did not trigger any action in the backend. Investigation showed that previously the ID attribute for the HTML element used to be same as the property name, and the value of property "pyClassName" was found in the document.getElementById function. Due to work done to provide a feature that generates unique IDs for UI elements (auto generated controls), this must be done through other functions such as document.querySelector to get the value of the property from DOM. The necessary updates have now been made to the javascript function in control pzExecuteActivityButton.
SR-D43783 · Issue 509908
Comments explicitly excluded from generated ruleset under localization
Resolved in Pega Version 8.2.5
A generated URL link from Correspondence Fragment (WorkLink) which was saved in Pega-ProCom_ja was incorrect due to an incomplete URL. The ruleset Pega-ProCom_ja is not provided from the platform, but is generated when using localization. In this case, a comment fragment was included in the rule when it was generated, causing the issue. To resolve this, comment handling has been updated to ensure it's not included when generating the rule.
SR-D49792 · Issue 515982
Corrected property mismatch in Create Eligibility condition builder
Resolved in Pega Version 8.2.5
A parameter mismatch in Create Eligibility condition builder was resulting in properties not being offered in the dropdowns as expected when the top level page was not CaseTypeStages or this page did not exist on clipboard. This has been resolved by changing CaseTypeStages.pyClassName to ConditionsParamterPage.pyClassName in the pzSelectValues_FieldType section.
SR-D72141 · Issue 542661
Approved flow rule image unlocked
Resolved in Pega Version 8.3.3
When the Approval Required check box was enabled for rulesets (i.e another person with access to this work queue should approve changes to the rules), a rule which was approved was unlocked and moved back to the original ruleset as expected, but the binary image associated with the flow rule remained locked and any other user other than the one who previously checked in the rule was denied access with a "check out failed" error. This locking error has been resolved by modifying the Rule-Obj-Flow!CleanUp activity to set Param.IgnoreInstanceLockedBy = true.
SR-D90544 · Issue 550371
Corrected row focus for deleting in App Studio case model
Resolved in Pega Version 8.3.3
When attempting to delete a row of properties from the 2nd page of the data model of a case type while using App Studio, clicking on the delete icon brought up a dialog box asking for confirmation for deletion but at the same time the screen went back to the first page of the data model instead of remaining on the second page. Because of this, clicking on the OK button to confirm the deletion caused a random property from the first page to be deleted instead of the targeted row of the second page as expected. This was due to the refresh being triggered immediately within overlay UI actions, and has been resolved by updating the first trash icon action set for the section pzExpressFieldActions to be a modal instead of an overlay when launching local action.
SR-D76492 · Issue 549968
Added check for test case creation when cross-site scripting security enabled
Resolved in Pega Version 8.3.3
Test case creation was failing. Investigation showed that when the "Cross-Site Request Forgery" security setting was enabled, the CSRF token and Browser fingerprint were not included in AJAX calls, and the Ruleinskey was not getting passed. This has been resolved by adding a check to evaluate whether security measures are included or not when making a server call from AJAX, and including the tokens required when appropriate.
SR-D78467 · Issue 542317
Component rule check added to suppress unnecessary guardrail warnings
Resolved in Pega Version 8.3.3
After creating a component application using Configure > Application > Components, guardrail warnings were seen when saving the component. The component application allowed adding rulesets or other applications, but did not have all the tabs found in a normal application, so there was no option for adding the associated classes to define the UI class, Integration class and data class in the component application. As component is mostly a part of (or embedded inside) an application, this function was not given options to justify or suppress guardrail warnings like Rule-Application. To resolve this, a check has been added for component rule before generating guardrail warnings for Empty UI page, Empty Integration class, and Empty Data class.