INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
INC-164439 · Issue 657994
Setting added to customize using blank Map values
Resolved in Pega Version 8.5.5
After upgrade to from Pega 6 to Pega 8 some of the Map Value rules were not working. This was due to the handling for blank default values which was changed in Pega 7. In order to support backwards compatibility, a new 'when' rule has been added which allows customizing whether or not blank values are allowed for the Map value default columns. pyAllowBlankValues will default to "false".
INC-165256 · Issue 657036
Improvements for Offer Eligibility rules loading time
Resolved in Pega Version 8.5.5
After opening the Proposition filter/Action rule and clicking on Add Criteria, the pxAnyPicker drop down load was taking an excessive amount of time. Performance improvements have been made by adding a precondition at step 2 to avoid data page refresh for specific scenarios when it is not required.
INC-168914 · Issue 659661
Updates added against Cross-site Scripting
Resolved in Pega Version 8.5.5
Cross-site Scripting (XSS) protections have been updated for the UI.
INC-171257 · Issue 651732
Expanded results for Proposition Filter Relevant Record Properties
Resolved in Pega Version 8.5.5
Previously, a maximum of 500 records were returned from pr_data_tag_relevantrecord when using Edit Parameters for the report definition proposition filter rule. In order to accommodate more complex needs, an update has been made to use the D_pxGetClassDataModel data page to fetch all the records and make them available in the dropdown.