INC-137709 · Issue 584297
New security role added to restrict access to development-specific classes
Resolved in Pega Version 8.5.1
A new security role and related RAROs have been implemented to allow better security for end users on non-BAC systems. This restricts access to Rules and execution of activities on classes that are development-specific.
INC-128811 · Issue 587213
Operator created with save-as has correct application access
Resolved in Pega Version 8.5.1
Creating an operator using Save As retained access to the applications of the original operator even if they were removed in the creation process. This was due to the saveAs operation of the Operator not retaining consistency between the records in the ValueList pyAccessGroupsAdditional and the page list pyaccessgroups_opid. To resolve this, the PreSaveAs of the Operator ID has been updated to maintain consistency in the records.
INC-132517 · Issue 578985
Correct manager name retained for skill-based routing updates
Resolved in Pega Version 8.5.1
In App Studio, having a manager update a team member's skills changed that team member's reporting Manager name (.pyReportTo) upon save. This was a use case where multiple operator IDs were required for the same person (name and email), so that using the report definition parameter 'BestOperatorValue' for the pzUpdateOperatorInfo activity caused an incorrect manager name to be set to the team member's operator ID. This has been resolved.
INC-127392 · Issue 574286
Delegated Decision table rule grid loads in iFrame with SSO
Resolved in Pega Version 8.5.1
The delegated decision table rule grid and checkout options were not displayed when launched from iFrame using SSO sign in. Without SSO, the delegated decision table grids were loading properly for the same Access group. The heart of this issue was that decision tables were using an older style of Designer Studio javascript which was not designed to be embedded in an iFrame due to issues related to Cross-Origin Resource Sharing (CORS). In order to support the usecase of the Pega end user portal/application being integrated to an external domain application using an iFrame, enhancements have been made to the necessary delegated rule function definitions.
INC-135095 · Issue 581849
Tracer toolbar shows correctly in IE
Resolved in Pega Version 8.5.1
After upgrade, the developer toolbar for the tracer pop up was not visible in Internet Explorer. Investigation showed that Microsoft Internet Explorer was loading the correct elements, but they were not displaying due to recent updates made to prevent Cross-site scripting vulnerabilities for the tracer. This has been resolved.
INC-129275 · Issue 577016
Resolved errors when refreshing test case
Resolved in Pega Version 8.5.1
On refreshing any test case for decision tables, a "rule no longer exists" error appeared on screen and a pzRuleNotFound exception was generated for all testcases in tracer. This was traced to Rule-Utility-Function lookup parameter handling in the pzGetFreshLabelForRUT decision table: because the Rule-Utility-Function was not able to fetch the label and the caller step in an activity, it was ending with a fail status and generating the errors. This has been resolved by correcting the Rule-Utility-Function calls in the decision table pzGetFreshLabelForRUT to ensure it has the correct parameters.
INC-135266 · Issue 584590
Cross-site scripting protections updated
Resolved in Pega Version 8.5.1
Cross-site scripting filtering has been added to IDs related to login.
SR-108009 · Issue 154664
Execution plan reuse on SQL Server 2008 R2
Resolved in Pega Version 7.1.7
Due to the way a SQL server treats execution plans, each decimal bind value with a different scale is treated as a different type. To optimize the execution, the scale value for the execution plans will now be set the same as the table definition for obj- methods.
SR-110773 · Issue 160105
WorkPage now properly deleted after rule checkin
Resolved in Pega Version 7.1.7
There was an issue with rule check-in where it created the WorkPage with the obj-class Work-ProjectManagement-CheckIn, but it did not delete WorkPage when the check-in was complete. To address this, protective code has been added that checks the class of WorkPage for the existence of expected properties in order to properly handle the related clipboard pages.
SR-111606 · Issue 163137
Improved consistency with multiple class inheritance rules
Resolved in Pega Version 7.1.7
A gap in the handing of multiple class inheritance was causing an issue with the consistency in picking the correct rule from a cache. If the entry was placed in a class where the applies-to class of the rule could not see it, that entry was missed from invalidation later on during the save. This could be temporarily remedied by clearing the cache, but the rule handling has been updated to consistently choose the correct rule from the cache under multiple inheritance.