INC-134808 · Issue 590713
Property check handling updated for Ajax requestor
Resolved in Pega Version 8.3.5
SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.
INC-140101 · Issue 597636
System will attempt to decrypt data ending in "+"
Resolved in Pega Version 8.3.5
Encrypting and decrypting one specific email address was not working properly when showing on the UI. It was possible to force a decryption using decryptproperty, but Pega generated an error. This was due to the actual encrypted value ending with '+', which conflicted with a system check that skips decryption if the encrypted property value ends with + . To resolve this, the system will attempt to decrypt the property even when encryptedText ends with + .
INC-137874 · Issue 599130
Cross-site scripting update for Dev Studio
Resolved in Pega Version 8.3.5
Cross Site Scripting (Cross-site scripting) protections have been added to Developer Studio.
INC-139705 · Issue 595169
Documentation update for Security Settings for DX API
Resolved in Pega Version 8.3.5
Information on the pyDXAPIEncodeValues application setting has been added to the Security Settings for DX API article under the Application settings sub-section. The Pega Platform version that supports the pyDXAPIEncodeValues application setting is mentioned in the Supported UI capabilities article.
INC-194932 · Issue 686277
Handling updated for offlineWorkIDs map
Resolved in Pega Version 8.8
Intermittent failures were seen when deleting attachments on Mobile. These were traced to pega.ui.DCUtils being undefined, and has been resolved by populating the offlineWorkIDs map for attachment-related actions.
INC-183485 · Issue 699787
ClientCache performance optimization
Resolved in Pega Version 8.8
In order to improve performance for the mobile app, updates have been made to optimize the ClientCache list interations.
INC-190053 · Issue 680232
Mobile attachment count corrected
Resolved in Pega Version 8.8
Parametrized data pages were not being populated as expected, causing an incorrect attachment count when opening a case in Mobile. This has been corrected.
INC-192649 · Issue 706132
Basereference context available for attach content control
Resolved in Pega Version 8.8
An "undefined" error occurred when attaching a file using the attach content control in the mobile harness. To resolve this, support has been added to run attachcontent in basereference context. This can be enabled by setting pega.attachToCtxPage to true.
INC-198193 · Issue 723626
Error correctly shows for each attempt to upload an oversize file
Resolved in Pega Version 8.8
The error message indicating an uploaded file exceeded the permitted file size was only shown on the first try on Android. Subsequent attempts to upload the same oversize file did not generate any error. This was due to a persisting value, and has been resolved by explicitly clearing the input value for the mobile browser upload.
INC-198249 · Issue 705091
Security updates for packaging mobile app
Resolved in Pega Version 8.8
Unsafe properties such as password and userId are now explicitly filtered from the Operator object during the mobile app packaging process.