SR-116936 · Issue 167898
Discarded threads set to properly clear on refresh or tab close
Resolved in Pega Version 7.1.7
When the browser was refreshed or an inactive recent tab was closed on the client side, the discarded threads were not getting properly cleared at the server end. To remedy this, the JavaScript has been updated to cleanly remove the threads.
SR-116989 · Issue 170784
XSS alert resolved for integer type property in Edit Data Table
Resolved in Pega Version 7.1.7
The presence of an integer type property in Edit Data Table was generating an XSS alert. This was caused by changes in the html- getMessagesAll that rendered the property value directly, and has been updated to an XSS-safe API.
SR-117020 · Issue 167867
Cookies only generated if IAC enabled
Resolved in Pega Version 7.1.7
IAC cookies were being generated in environments where IAC was not deployed, causing the application be flagged in a security audit due to missing Secure attributes. To correct this, the system has been updated to bypass cookie generation if IAC is not in use.
SR-117047 · Issue 173480
Thai characters now working in eform generated PDFs
Resolved in Pega Version 7.1.7
PDFs generated using out-of-the-box Map-eForm rules worked when data was entered in English, but data entered using the Thai keyboard was not reflected in the generated PDF. The root cause of this problem was a third-party product integrated with PRPC. iText is used to convert eForm data into PDF, but it was not honoring the appearances set to the acrofield. To remedy this, the included version of iText has been updated to version 2.1.7, and the NeedAppearance setting for the AcroFields now 'true' by default.
SR-117173 · Issue 168365
Dynamic system settings for address map control updated
Resolved in Pega Version 7.1.7
Due to an error, the dynamic system settings for address map control had a value pre-set instead of a blank default. This has been corrected.
SR-117205 · Issue 171200
Corrected datetime calendar validation on forms with messages
Resolved in Pega Version 7.1.7
When messages were present on a form (validation, etc.) and the date selector was used, the screen blanked after selecting the date. This was caused by an error in the datetime calendar popover and has been resolved.
SR-117216 · Issue 168600
Validation corrected for Case Manager portal types
Resolved in Pega Version 7.1.7
After migration, changing the application header text for the Case Manager portal was throwing the error "pySkinType: ** You must specify a skin to use or select "Default to Application Skin" upon checkout. To correct this, the validation activity step has been updated with a 'when' expression to skip this validation for mobile portals
SR-117255 · Issue 174772
Required fields corrected for repeating grids in accessibility mode
Resolved in Pega Version 7.1.7
When using a repeat grid with required fields in accessibility mode, the field displayed multiple asterisk symbols instead of one. This problem was with workform_accessibility.CSS, and was resolved by changing the background image url to "transparent". The "REQUIRED" text was also not showing with IE8: this was noticed only in IE8 Standards mode, and an accessibility check was added to generate the span containing REQUIRED text in the html stream.
SR-117266 · Issue 173481
Prompt Select modified to properly handle XSS functions
Resolved in Pega Version 7.1.7
A selection made in Prompt Select was not retained after refresh when special characters were present in the selected value. This was caused by XSS filtering functions that compared an encrypted value with the prompt value and negated it when it wasn't equal. To fix this, PromptSelect has been modified to call the crossScriptingFilter API before appending strDefaultValue to the stream.
SR-117307 · Issue 171895
Improved submit flow for better accessibility with JAWS
Resolved in Pega Version 7.1.7
When the Create or Submit button on a flow action is clicked, dismissing the "You are about to change the current window" popup would sometimes cause JAWS to read extraneous messages such as "Create button unavailable" and "Main region end". This behavior was sporadic and depended on how quickly the popup was dismissed. In order to avoid this, the button function calls have been modified.