SR-D70447 · Issue 533598
SQL injection protection added to Circumstanced Search
Resolved in Pega Version 8.1.8
Parameters used by the PegaAccel-Task-CircumstanceSearch.pzGetCircumstancePropValues activity are now encoded to prevent SQL injection attacks.
SR-D72672 · Issue 536387
Security updated for CreateOperator
Resolved in Pega Version 8.1.8
In order to improve security, CreateOperator in Pega-ProCom will require authentication to run with pxCanManageUsers privilege.
SR-D75469 · Issue 538120
Resolved null-pointer exception in Expression Builder launch from activity rule
Resolved in Pega Version 8.1.8
A NullPointerException occurred in SafeURL when trying to launch the Expression Builder from an activity rule. This was trasced to a failure to get a value property in a target field due to the target element and its parent element containing the same value for name attribute. This caused the parent element to be considered instead of the target element. To resolve this, the search for the target element in parent tag will use '$p' along with 'target element name' in query selector.
SR-D87673 · Issue 548628
PegaCESvcsIntegrator security updated
Resolved in Pega Version 8.1.8
Security updates have been made which now require authentication to consume the services from the PegaCESvcsIntegrator package.
SR-D72141 · Issue 542661
Approved flow rule image unlocked
Resolved in Pega Version 8.3.3
When the Approval Required check box was enabled for rulesets (i.e another person with access to this work queue should approve changes to the rules), a rule which was approved was unlocked and moved back to the original ruleset as expected, but the binary image associated with the flow rule remained locked and any other user other than the one who previously checked in the rule was denied access with a "check out failed" error. This locking error has been resolved by modifying the Rule-Obj-Flow!CleanUp activity to set Param.IgnoreInstanceLockedBy = true.
SR-D90544 · Issue 550371
Corrected row focus for deleting in App Studio case model
Resolved in Pega Version 8.3.3
When attempting to delete a row of properties from the 2nd page of the data model of a case type while using App Studio, clicking on the delete icon brought up a dialog box asking for confirmation for deletion but at the same time the screen went back to the first page of the data model instead of remaining on the second page. Because of this, clicking on the OK button to confirm the deletion caused a random property from the first page to be deleted instead of the targeted row of the second page as expected. This was due to the refresh being triggered immediately within overlay UI actions, and has been resolved by updating the first trash icon action set for the section pzExpressFieldActions to be a modal instead of an overlay when launching local action.
SR-D76492 · Issue 549968
Added check for test case creation when cross-site scripting security enabled
Resolved in Pega Version 8.3.3
Test case creation was failing. Investigation showed that when the "Cross-Site Request Forgery" security setting was enabled, the CSRF token and Browser fingerprint were not included in AJAX calls, and the Ruleinskey was not getting passed. This has been resolved by adding a check to evaluate whether security measures are included or not when making a server call from AJAX, and including the tokens required when appropriate.
SR-D78467 · Issue 542317
Component rule check added to suppress unnecessary guardrail warnings
Resolved in Pega Version 8.3.3
After creating a component application using Configure > Application > Components, guardrail warnings were seen when saving the component. The component application allowed adding rulesets or other applications, but did not have all the tabs found in a normal application, so there was no option for adding the associated classes to define the UI class, Integration class and data class in the component application. As component is mostly a part of (or embedded inside) an application, this function was not given options to justify or suppress guardrail warnings like Rule-Application. To resolve this, a check has been added for component rule before generating guardrail warnings for Empty UI page, Empty Integration class, and Empty Data class.
SR-D85111 · Issue 549196
Paging method updated for Select All in Broken Queue
Resolved in Pega Version 8.3.3
After clicking the 'Select All' box in Broken Queue In Admin Studio, scrolling up and down rapidly caused the checkboxes to be unselected. This was traced to the use of progressing paging in this scenario, and has been resolved by removing progressive paging and replacing it with the out of the box '1 of X' paging method.
SR-D87671 · Issue 547572
PegaCESvcsIntegrator security updated
Resolved in Pega Version 8.3.3
Security updates have been made which now require authentication to consume the services from the PegaCESvcsIntegrator package.