INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
INC-215785 · Issue 722554
Corrected logic for parsing imported Excel formula cells
Resolved in Pega Version 8.7.3
Integers specified as cells with formulas in Excel were getting an additional ".0" in them due to them being parsed internally as doubles during the floating point arithmetic of the Apache POI library. This has been resolved by modifying the logic in ExcelUtils.java to apply DataFormatter to get the string value instead of an integer by default for a formula cell.
INC-220770 · Issue 718028
Null check added to getBaseRef
Resolved in Pega Version 8.7.3
When using a customized Cosmos portal that included tabs, some of the Pega APIs were not available in the child frame and javascript errors were generated when calculating the clipboard path for live UI elements. This was traced to invalid references to "pega.api.ui.util.getBaseRef", and has been resolved by adding null checks to the getBaseRef API call to make sure javascript errors are not thrown.