INC-142531 · Issue 598438
Keystore certificate alias updated to support mixed case names
Resolved in Pega Version 8.3.5
The Java Keystore stored aliases only in lower case letters, but it accepted uppercase letters also during retrieval. This was causing the error "No certificate found in truststore : Azure AD SSOIDPCertStore with Alias : CN=Microsoft Azure Federated SSO Certificate" when the names didn't match. To resolve this, the keystore layer has been modified to support upper case letters in the certificate alias.
INC-133450 · Issue 585994
Login button hidden after click
Resolved in Pega Version 8.3.5
When the login button was clicked fast several times, intermittently the login would fail with the blue screen and "Security violation attempting to access requestor" error in the logs. To resolve this, on click of the login button will be hidden to prevent firing multiple login requests.
INC-144591 · Issue 601614
Oauth and beanutils jars upgraded
Resolved in Pega Version 8.3.5
The third party Oauth2 jars and commons-beanutils jar have been updated to the latest versions.
INC-134808 · Issue 590713
Property check handling updated for Ajax requestor
Resolved in Pega Version 8.3.5
SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.
INC-140101 · Issue 597636
System will attempt to decrypt data ending in "+"
Resolved in Pega Version 8.3.5
Encrypting and decrypting one specific email address was not working properly when showing on the UI. It was possible to force a decryption using decryptproperty, but Pega generated an error. This was due to the actual encrypted value ending with '+', which conflicted with a system check that skips decryption if the encrypted property value ends with + . To resolve this, the system will attempt to decrypt the property even when encryptedText ends with + .
INC-137874 · Issue 599130
Cross-site scripting update for Dev Studio
Resolved in Pega Version 8.3.5
Cross Site Scripting (Cross-site scripting) protections have been added to Developer Studio.
INC-139705 · Issue 595169
Documentation update for Security Settings for DX API
Resolved in Pega Version 8.3.5
Information on the pyDXAPIEncodeValues application setting has been added to the Security Settings for DX API article under the Application settings sub-section. The Pega Platform version that supports the pyDXAPIEncodeValues application setting is mentioned in the Supported UI capabilities article.
INC-119669 · Issue 562586
Special character handling added to filters for table sourced with parameterized RD
Resolved in Pega Version 8.2.7
Filters were not working on a table when sourced with a report definition which accepted a parameter value containing special characters (Eg: S&P). This has been resolved by using StringUtils.reversibleCrossScriptingFilter in the pzGetGridColUniqueValues activity to allow filters to contain special characters.
SR-D56590 · Issue 525300
Notification option for change of search nodes removed from Cloud
Resolved in Pega Version 8.2.7
The search landing page for Pega Cloud was displaying a checkbox to enable sending automatic emails if the search node was modified. As the description of the notification 'Notify on change of search host nodes' suggests, this option is to send notifications only when a search host node has been modified(addition/removal) from the search landing page. This is not applicable for the automatic addition/removal of search nodes that happens on starting the node. As the addition/removal of nodes is not allowed from the search landing page on Cloud environments, this option is not applicable for Cloud and the checkbox has now been removed for that environment.
SR-D81496 · Issue 547169
Data Social tag class FTS index query improvements
Resolved in Pega Version 8.2.7
A query intended to select from the link tag table to see if any cases were linked to the tag in question and then index the tag change was causing performance issues. Investigation showed that checking tag associations during FTS indexing fetched all matching rows from the table even though one was sufficient. To resolve this, the query will be created with max result count = 1, fetching up to 2 rows from the table.