SR-D42566 · Issue 512874
Security improvements for ApplicationInventory and Delete Class
Resolved in Pega Version 8.1.7
It was possible to call the activity "ApplicationInventory of class Rule-" by appending the activity name in the URL. To improve security, the ApplicationInventory activity and HTML rule have been removed from the system. In addition, it was possible to access the "delete class" screen and perform actions on top of it by directly appending the stream to the URL. This has been refactored so the screen will be presented only if the pzSystemOperationsAdministrator privilege is in the current access group.