SR-D79113 · Issue 543721
Updated DisplayAttachment to handle SIngleClick download from Case Worker portal
Resolved in Pega Version 8.3.2
On using the script "pega.ui.HarnessActions.doAttachmentSingleClick" in the Worker portal to download attachments displayed within a screen flow, the entire application was hanging and no action was invoked even on clicking the Continue or Finish buttons of the screen flow. Whenever an attachment is downloaded using the script function pega.ui.HarnessActions.doAttachmentSingleClick() , an iframe is used and changetracker is called to communicate data between different iframes. However, the case worker portal is a single thread model while the manager and admin portals are multi threaded, which resulted in changetracker freezing on the worker portal. To resolve this, the DisplayAttachment HTML rule has been updated to build the necessary changeTrackerMap for the worker portal.
SR-D80120 · Issue 544213
Custom attachment category parameter passed to dropdown
Resolved in Pega Version 8.3.2
Attempting to use the out-of-the-box “Attachments control” which was configured at design time to use a custom category where both the custom category and the section class were in the same work class resulted in the attachment category dropdown defaulting to “File” instead of the custom category. Investigation showed that the custom attachment category name configured on the control was missing in one of the pre-processing activities sequence. To resolve this, the activity Work-.pzInitAttachContent and the initAttachmentPage activity have been updated to pass the custom attachment category parameter.
SR-D31734 · Issue 515655
Cross-site scripting protection added for parameter page properties
Resolved in Pega Version 8.3.2
An cross-site scripting vulnerability was seen with the Edge browser when run on visibility on client check was enabled with dynamic layouts and some properties were accessed from parameter page. Because run on visibility on client check is not required in this scenario, is has been removed and the values will be accessed from the server instead.
SR-D33214 · Issue 514022
Added safeURL encoding for Japanese characters in attached filenames
Resolved in Pega Version 8.3.2
It was not possible to preview a Japanese-titled PDF file attached on a work object. Investigation showed that in case of Japanese characters, file names were not being correctly encoded during the fetch request when JBoss was used. The retrieval worked correctly under Tomcat. In order to ensure consistent encoding, the safeURL API will be used for constructing the URL and for the activities DisplayAttachFile and pzDownloadFromRepository which add the ContentDisposition header.
SR-D67321 · Issue 532627
ShowXML activity deprecated
Resolved in Pega Version 8.3.2
The activity @baseclass.ShowXML has been blocked for security reasons. If the functionality is needed, a a single line step of "Show-Applet-Data" may be used.