INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
SR-D37415 · Issue 508969
Parameter page update added to improve backwards compatibility for ShowTestLibraryTab
Resolved in Pega Version 8.1.7
An error was observed on the first attempt to modify the 'when' rule "ShowTestLibraryTab" located in PegaProjectMgmt:08-01-01. Analysis showed the when rule (Always, Never) which was called from this rule was not found, which was an issue traced to the Rule-Obj-When function alias parameter name being changed from "strWhen" to "blockName" in the 8.1 release. Subsequent attempts to save the modified rule succeeded due to step#7 in the Embed-UserFunction.pzPopulateDropdownFBUIParameters activity upgrading the pyParameters page with the latest data. To resolve this backwards compatibility issue, the activity step#6 has been modified to upgrade the parameter name for the Rule-Obj-When function alias.
SR-D35734 · Issue 504477
Escalation updated to ensure assignee is notified of missed deadline
Resolved in Pega Version 8.1.7
The Passed Deadline SLA Actions to send email to the owner were not triggered as configured in SLA rule form. To correct that, pzMapEasyEscalationParams steps 3.4.10 and 3.4.11 have been modified to support "NotifyAssignee" for the passed deadline.
SR-D39547 · Issue 505859
Check added for backwards compatibility with Case Type when rules
Resolved in Pega Version 8.1.7
After upgrade, the When rules present on case type rules (used for skipping stages or showing/hiding stage-wide or case-wide actions) were not executing at run time. This was traced to the introduction of the pySkipOrAllowType property in recent versions, and was only reproducible when the ApplicationRuleset was locked and after upgrade irrespective of whether the condition for when was true or false. To resolve this and enhance backwards capability, a check has been added for the SkipOrAllowType property being empty.
SR-D42566 · Issue 512874
Security improvements for ApplicationInventory and Delete Class
Resolved in Pega Version 8.1.7
It was possible to call the activity "ApplicationInventory of class Rule-" by appending the activity name in the URL. To improve security, the ApplicationInventory activity and HTML rule have been removed from the system. In addition, it was possible to access the "delete class" screen and perform actions on top of it by directly appending the stream to the URL. This has been refactored so the screen will be presented only if the pzSystemOperationsAdministrator privilege is in the current access group.