INC-125803 · Issue 568661
Cross-site scripting updated on activities
Resolved in Pega Version 8.1.9
Additional Cross-site scripting work has been done on activities.
INC-127981 · Issue 563000
Rulesets removed from direct invocation ability
Resolved in Pega Version 8.1.9
Internal rules have been updated so that they are no longer available to be invoked directly by a client or service.
INC-146837 · Issue 602673
PerformCriteria contains CurUserHasRequiredSkills 'when' rule
Resolved in Pega Version 8.1.9
A customer version of the PerformCriteria data transform was generating a validation error due to a qualified statement that resulted in a null result. This has been resolved by updating the PerformCriteria DT to include the CurUserHasRequiredSkills 'when' rule.
SR-D65866 · Issue 536427
Corrected approval step task message
Resolved in Pega Version 8.1.9
When a case progressed to the approval step, the task name did not properly appear as part of the "Please approve or reject this" message. In another scenario, a portal which supported locale switching was not translating "Please approve or reject this" when the locale was switched, but instead displayed the message in the original language. Investigation traced this to the pzInstructionsForApproval data transform storing the localized field value, causing it to persist inappropriately. This has been resolved.
INC-127981 · Issue 562998
Rulesets removed from direct invocation ability
Resolved in Pega Version 8.2.7
The following rules have been updated such that they are no longer available to be invoked directly by a client or service: Clipboard_ExecuteActivity, getClassInstances, getOperatorIDs, and GetXMLRuleData. In addition, pzAutoGenClipboard_ExecuteActivity will now require authentication.
SR-D79831 · Issue 562800
Access Deny working as expected for Offers
Resolved in Pega Version 8.2.7
It was possible to Save-As an offer in PegaMKT-Work-Offer after encountering an access deny rule. The record was not created in Dev Studio, however, and an expected denial of access was not registered at runtime. This was due to Access deny rules not being considered as a part of validation, and has been resolved by adding the necessary permission validation to the new harness that will produce the error message informing the user that they are missing a permission. Additional work has also been done to pass the 'pzKeepPageMessages' parameter as true so that page level error messages are correctly displayed.
SR-D87673 · Issue 548627
PegaCESvcsIntegrator security updated
Resolved in Pega Version 8.2.7
Security updates have been made which now require authentication to consume the services from the PegaCESvcsIntegrator package.
SR-D88451 · Issue 550848
Testcases are not available for 'access when' rules
Resolved in Pega Version 8.2.7
Attempting to create test cases for access when rules resulted in guardrail warnings about the need to create a test case. Because Test Cases are not available for the Access When rule type as per Pega expected behavior, the guardrail warnings are not valid and have been removed.
SR-D91834 · Issue 554424
Related cases of different types properly linked in Case Worker Portal
Resolved in Pega Version 8.2.7
After creating a case of type1 in the Case Worker portal, creating a case of type2 from the first case showed the case ID of the second case in the Related Work section as expected. However, after clicking on the link of the case ID of the second case from the related work section, the second case opened but the case ID of the first case was not shown in the Related work. The cases were correctly associated when the Case Manager portal was used instead. This was traced to the Case Worker clipboard continuing to hold the previous case ID thread, and has been resolved.
INC-176542 · Issue 668477
Removed unused function to improve Class rule save performance
Resolved in Pega Version 8.6.2
Clicking save on the Policy Class rule was not working correctly or was taking an excessive amount of time to respond. Adding property mapping in the External Mapping tab of the Class rule exhibited the same behavior. Investigation showed there was an infinite loop being invoked in the class ruleform, which was traced to the disableKeyEntries() function. As this function is no longer used, this has been resolved by updating the RF_RuleObjClassScript.js to remove disableKeyEntries and any function calls to it.