INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
INC-174435 · Issue 659479
Survey Complex Question Definition properly displayed
Resolved in Pega Version 8.4.6
Selecting any Complex Question to look at the definition displayed a blank screen. This was traced to an issue with the ruleformtabs properties for the layout group used by complex questions, and has been resolved by changing the Layout Group display type from "Default" to "Tab".
INC-175533 · Issue 678911
Improved Page compare for page groups
Resolved in Pega Version 8.4.6
Field level auditing on embedded properties sporadically did not report the "old" value when a property was modified even though the page was listed as "Modified". This has been resolved by adding logic to the pxComparePages algorithm to treat Lists and Groups differently. Now Page and Value Groups will use pxSubscript as the primary way to detect add and deletes.
INC-180603 · Issue 661739
Added protections for GetSiblings
Resolved in Pega Version 8.4.6
Cross-site scripting protections have been updated for the GetSibling activity.
INC-182248 · Issue 665782
Added logic to handle manual validate rule creation
Resolved in Pega Version 8.4.6
Manually creating a Validate rule with conditions and then opening the configure view with conditions caused the validation rule to be removed from the flow action rule along with the validation conditions in the validation rule referred in flowAction rule. This has been resolved by updating the logic in the Condition Builder to handle this use case.