SR-D75097 · Issue 539515
Improved handling against formula injection attacks in Export to ExcelJJ
Resolved in Pega Version 8.3.3
Every time a possibly vulnerable cell value was found during Export to Excel, the value on that cell was modified to prevent a formula injection attack. If the value was non numeric, it would still render an apostrophe, although it should be hidden. Previous work on this issue involved the addition of a DSS which allowed this security to be disabled if the Excel was going to be consumed by an external tool, but the security implementation used to protect against calculation injection has reworked the ExcelSecurity utility function to allow the ability to change the cell style of a cell that is potentially vulnerable to formula injection attacks. This change no longer changes the cell value but instead applies a new cell style that has quotePrefix enabled.
SR-D83060 · Issue 547918
Repaired History class report column sorting
Resolved in Pega Version 8.3.3
Attempting to sort any of the columns in a report using the History class did not render the results and the error "Cannot render the section" appeared. Tracer showed a Fail status for some out-of-the-box activities with the message "java.lang.StringIndexOutOfBoundsException". Investigation showed the logic in pzMergeAutoGenForProp activity was failing because the pyIsFunction property was not set on the UIField pages for function columns. To resolve this, the logic for pzMergeAutoGenForProp has been modified to get pyIsFunction from the field name.
SR-D83373 · Issue 545750
Stage Label name displayed in chart
Resolved in Pega Version 8.3.3
When pyCaseStatusControl was used, the cases label was displayed as $label instead of the Case Name. This was related to the version of Fusion Charts included, and has been resolved for this release by modifying library code in fusioncharts.js to fix the issue in datasetrollover listener code. Fusion Charts will be upgraded in v8.5 for a more complete solution to this issue.
SR-D79796 · Issue 544947
Updates made for deprecated Fusion chart styles
Resolved in Pega Version 8.3.3
Trying to change the background colors or font sizes for the values on the x-axis and y-axis in a report was not working. This was traced to Fusion deprecating the use of `<styles>` definitions with the introduction of JavaScript charts, and has been resolved by updating the code to compensate for this change.
SR-D86864 · Issue 548092
Very long auto-generated index trimmed for use in Report Browser
Resolved in Pega Version 8.3.3
The creation of a new report via the user report browser failed if there was an index with a long name (over 30 characters). The out-of-the-box method automatically generated the prefix, but the Report editor could not handle the very long declare index name and as a result did not consider properties from the embedded pages. To resolve this, pzUpdateAssociation and pzInsertNewReportColumn have been updated to trim the prefix for the declare index to 30 characters and allow for adding a new column to the report. This work does not cover adding a new filter to the report, as that fix would require substantial changes to reporting logic.
INC-198725 · Issue 707484
Elasticsearch will split queries to avoid URL length limits
Resolved in Pega Version 8.7.2
Elastic Search Functionality was not working and showed the status as Offline. Investigation showed that when an external Elasticsearch setup had an index prefix length = 200 and a large number of dedicated indexes, the error "too_long_frame_exception, reason: An HTTP line is larger than 4096 bytes" was generated. In this case, the system was working with approximately 87 dedicated indexes and the name for each of them was sent over the URL, resulting in this error message. This has been resolved by updating the system to split queries so as to not exceed the HTTP line limit in Elasticsearch.
INC-201625 · Issue 698654
Updated variable handling for filter logic to avoid reuse
Resolved in Pega Version 8.7.2
When adding the property "ItemStatus" as a filter for a report, the validation message: "This property does not exist or has no column mapping" appeared. This was traced to an empty caption for a class join property used in the filter due to RRFilters_Logic reusing the strFieldName variable, and has been resolved by updating the variable handling to use a unique name, strPropName.
INC-202480 · Issue 711699
Resolved report filter section freeze
Resolved in Pega Version 8.7.2
When opening a report with a count column, changing the order of one of the report columns resulted in the report freezing and requiring the report to be closed and re-run. This was traced to a double filter popup appearing that did not close after the column sorting, which happened if the report definition was configured as a summary with an aggregated column such as "Count” combined with a "Do not display group headings" setting on the Report Viewer tab. To resolve this, a new step has been added in the Activity pzPopulateSortOrder to call the pzCancelFilterLogicChanges activity.
INC-209399 · Issue 708571
Handling added for indexing items exceeding Kibana max size
Resolved in Pega Version 8.7.2
Indexing cases was generating errors from Kibana indicating "Failed to index document: java.lang.IllegalArgumentException: Document contains at least one immense term in field="_m_MailBody" (whose UTF8 encoding is longer than the max length 32766), all of which were skipped." To resolve this, if an embedded property exceeds the max length defined by Kibana, it will be truncated at 32k bytes in order to allow indexing to proceed.
INC-211184 · Issue 708499
Removed ORDER BY clause duplication when using MSSQL
Resolved in Pega Version 8.7.2
After updating from Pega 8.4 to Pega 8.7, executing the query for the report definition generated the error "SQLServerException: Incorrect syntax near the keyword 'ORDER'." Investigation showed the ORDER BY clause was added to the Native SQL query from the standard dataflow background task and from the native SQL API as well when using an MSSQL database. This has been resolved by adding changes to restrict the order by clause if the SQL query has order by clause already for MSSQL.