INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
INC-176542 · Issue 668477
Removed unused function to improve Class rule save performance
Resolved in Pega Version 8.6.2
Clicking save on the Policy Class rule was not working correctly or was taking an excessive amount of time to respond. Adding property mapping in the External Mapping tab of the Class rule exhibited the same behavior. Investigation showed there was an infinite loop being invoked in the class ruleform, which was traced to the disableKeyEntries() function. As this function is no longer used, this has been resolved by updating the RF_RuleObjClassScript.js to remove disableKeyEntries and any function calls to it.
INC-179111 · Issue 666017
Toolbar delete handling modified
Resolved in Pega Version 8.6.2
After upgrade from Pega 7.4 to 8.5, the toolbar delete button behavior was different. Previously, the pzRuleFormToolbarDeleteRule section rule invoked RuleFormMain on refresh, but the updated version was calling RuleFormHeader, preventing the deletion of the assignment from the class instance. This was an unanticipated edge case and has been resolved by updating the action in the button to refresh the section RuleformMain instead of header.
INC-180468 · Issue 659923
JAWS correctly reads work group header
Resolved in Pega Version 8.6.2
While creating the groups within the organizational unit, JAWS was reading the name of the frame as "Process Work Area" instead of "Create Work Group" and "enter data" instead of the name of the edit field with edit instructions. This has been resolved by adding a property to the short description label so it contains the instance type that is being created.
INC-182150 · Issue 669852
DSS added to control Pega Version Banner
Resolved in Pega Version 8.6.2
Nuisance errors were being logged related to the application trying to connect to Pega to confirm available versions. This has been resolved by adding the 'when' rule pyShowVersionBanner to pzStudioHomeWrapper which allows disabling/enabling the Version Banner based on the setting used in the DSS ShowVersionBanner. pyShowVersionBanner defaults to true when DSS ShowVersionBanner does not exist.