INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
INC-120450 · Issue 561743
Configure view finds existing calculations for properties
Resolved in Pega Version 8.4.2
Modifying a property to ‘calculated: Readonly’ by creating declare expression inside a fieldgroup list (which was created in the data model and refers to a datatype) while adding the fieldgroup list property by selecting from the field in the configure view of a step was not reflected when adding the same list type property inside another step of configure view. Declare expressions were created with page context for embedded fields by default in configure view, but Declare expressions have recently been enhanced and no longer expected to use page contexts. Because Configure view continued to use page contexts, this resulted in calculations that existed not being picked up. This has been resolved by configuring view handling for page list fields specifically to not create new calculations with a page context. Detection of calculations has also been updated to not check for page context to match the recent Declare expression enhancements.
INC-120472 · Issue 571437
Corrected date display on export to Excel
Resolved in Pega Version 8.4.2
Reports which have visible date and Date time properties or values displayed correctly when viewed in PEGA, but when the data was exported to Excel the values were converted to GMT time. Due to this the date fields (with no time stamp) were showing the date less by one day in Excel. This has been corrected.
INC-123033 · Issue 561388
Updated logic for delegating when the RARO exists
Resolved in Pega Version 8.4.2
When trying to delegate a Data Type, the validation error "Update Record Failed: This record is non-versioned and already exists and can not be moved to a different ruleset" appeared. Because data type delegation is dependent upon the existence of a RARO for the delegated data type, when delegating the ruleset of the RARO to accessgroups with the same roles the code was attempting to update the RARO. Updating the RARO determines if the Ruleset of the RARO is unlocked. If the ruleset is locked, then the logic attempts to select a new ruleset, but the RARO cannot be moved to a new ruleset. To resolve this, the logic has been updated so that if the RARO exists, the system will not try to create a new instance.
INC-125822 · Issue 566312
Agile Studio correctly embedding attachments
Resolved in Pega Version 8.4.2
Attachments were not being included in Agile Studio documents for backlogs and sprints as expected. This was traced to the third-party jar "jsoup", which was converting the parameter PegaDocumentObject to pegadocumentobject, causing a mismatch. This has been resolved by adding a check that will replace the converted name with the correct one.