INC-139300 · Issue 590273
Additional security for encrypted passwords
Resolved in Pega Version 8.3.5
Handling and cleanup has been updated for encrypted values to enhance security.
INC-141296 · Issue 592474
Log-access security updated
Resolved in Pega Version 8.3.5
Access control has been updated for Log-Usage class.
INC-139337 · Issue 595222
RefreshRequestors security update
Resolved in Pega Version 8.3.5
Security improvements have been added for RefreshRequestors.
INC-135349 · Issue 583004
Unit Test Ruleset rules do not count against Guardrails
Resolved in Pega Version 8.3.5
Although the documentation indicates that rules in a Unit Testing ruleset should not count against the guardrail score or unit test coverage, when branching a unit test ruleset, the branch did not carry the same unit test flag value as the source ruleset and the rulesets were counted as a result. This has been resolved with an update to ignore testrulesets in guardrail and pegaunit calculations.
INC-128923 · Issue 594162
Cross-site scripting security update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been added to OpenNoteDetails.
INC-143136 · Issue 604016
Cross-site scripting update
Resolved in Pega Version 8.3.5
Cross-site scripting protections have been updated in Designer Studio.
SR-A10345 · Issue 221893
Removed unexpected validation from Page-Change-Class
Resolved in Pega Version 7.2.1
Validation errors appeared on the review screen when tracer was enabled if there was non-conforming data in the non-expanded elements. PDN help for the activity method Page-Change-Class specifies that the method does not validate property values, but the generated java ends up calling DictionaryImpl.validate() and validates the step page without expanding it. Any invalid data in the non-expanded properties would be ignored. However, activating the tracer expands the page and as a result Page-Change-Class attempts to validate all the properties in the page, resulting in errors appearing when appropriate. In order to handle this scenario, validation has been removed from Page-Change-Class method in order to bring the results into line with the help documentation, and if validation is needed it must be added explicitly.
SR-A11437 · Issue 225251
Improve page sync and locking to avoid ConcurrentModifiedException
Resolved in Pega Version 7.2.1
There was a possibility that data page could be modified simultaneously and generate a ConcurrentModificationException, for example where a background thread is expanding a page to check messages at the same time a user thread is expanding the page to fire declaratives on read-only data page before marking it read only. This has been resolved by synchronizing access to a data page instance whenever there is an attempt to expand it from boundaries of data pages code.
SR-A12319 · Issue 226251
Repaired code generation for Single Page property reference
Resolved in Pega Version 7.2.1
Referencing a Single Page property in a Rule-Utility-Function parameter of type ClipboardPage generated Java that created a Clipboard Property at runtime, resulting in a ClassCastException. The code generation process for this was incorrect, and has been repaired.
SR-A12464 · Issue 225916
Property Reference cache handing modified
Resolved in Pega Version 7.2.1
An issue with the property reference cache growing irrespective of the Cache Pruning threshold was traced to the omission of logic to handle references accessed via entry handles. This logic has been added. In addition, PropertyReferencePoolImpl has been modified with a new prconfig setting "cache/propertyreferencepool/enable" which defaults to true. This can be explicitly set to false to disable the pool.