INC-164439 · Issue 657997
Setting added to customize using blank Map values
Resolved in Pega Version 8.6.1
After update to from Pega 6 to Pega 8 some of the Map Value rules were not working. This was due to the handling for blank default values which was changed in Pega 7. In order to support backwards compatibility, a new 'when' rule has been added which allows customizing whether or not blank values are allowed for the Map value default columns. pyAllowBlankValues will default to "false".
INC-165256 · Issue 657038
Improvements for Offer Eligibility rules loading time
Resolved in Pega Version 8.6.1
After opening the Proposition filter/Action rule and clicking on Add Criteria, the pxAnyPicker drop down load was taking an excessive amount of time. Performance improvements have been made by adding a precondition at step 2 to avoid data page refresh for specific scenarios when it is not required.
INC-168914 · Issue 659660
Updates added against Cross-site Scripting
Resolved in Pega Version 8.6.1
Cross-site Scripting (XSS) protections have been updated for the UI.
INC-171257 · Issue 651733
Expanded results for Proposition Filter Relevant Record Properties
Resolved in Pega Version 8.6.1
Previously, a maximum of 500 records were returned from pr_data_tag_relevantrecord when using Edit Parameters for the report definition proposition filter rule. In order to accommodate more complex needs, an update has been made to use the D_pxGetClassDataModel data page to fetch all the records and make them available in the dropdown.
INC-174468 · Issue 650943
Delegated rules search considers localized text
Resolved in Pega Version 8.6.1
The search / filter box used to look for particular delegated rules on the configuration tab did not consider localization via field values, where the on screen name and description of the delegated rule was localized. This resulted in the search text being compared against the original text (.pyAdviceText and .pyDescription) used for the name and description at the time the rule was delegated, but not with the localized text that actually appeared on the screen. This has been resolved by updating the pzPopulateDelegations activity to filter by localized values of pyAdviceText and pyDescription.
INC-178070 · Issue 658679
Browser invocation allowed for UnlockOperator
Resolved in Pega Version 8.6.1
Attempting to unlock an operator who was locked out due to security policies was failing. This was an unintended side effect of security work performed earlier, and has been resolved by reenabling 'Allow invocation from browser ' for pzUnlockOperator. This activity requires an authentication check with privilege protection.
INC-180603 · Issue 661738
Added protections for GetSiblings
Resolved in Pega Version 8.6.1
Cross-site scripting protections have been updated for the GetSibling activity.
INC-127981 · Issue 562998
Rulesets removed from direct invocation ability
Resolved in Pega Version 8.2.7
The following rules have been updated such that they are no longer available to be invoked directly by a client or service: Clipboard_ExecuteActivity, getClassInstances, getOperatorIDs, and GetXMLRuleData. In addition, pzAutoGenClipboard_ExecuteActivity will now require authentication.
SR-D79831 · Issue 562800
Access Deny working as expected for Offers
Resolved in Pega Version 8.2.7
It was possible to Save-As an offer in PegaMKT-Work-Offer after encountering an access deny rule. The record was not created in Dev Studio, however, and an expected denial of access was not registered at runtime. This was due to Access deny rules not being considered as a part of validation, and has been resolved by adding the necessary permission validation to the new harness that will produce the error message informing the user that they are missing a permission. Additional work has also been done to pass the 'pzKeepPageMessages' parameter as true so that page level error messages are correctly displayed.
SR-D87673 · Issue 548627
PegaCESvcsIntegrator security updated
Resolved in Pega Version 8.2.7
Security updates have been made which now require authentication to consume the services from the PegaCESvcsIntegrator package.