SR-D59504 · Issue 524642
Attachment drag drop searches only current Ajax context
Resolved in Pega Version 8.2.6
When the Interaction for customer service was open and more than 1 task from the sidebar was open, the drag and drop zone was missing on any subsequent Task/Cases past the first. In an Ajax container scenario, getElementByID js was searching in all the containers because they were present in DOM, and it was losing context. To resolve this, the code has been updated to only search in the current context when using an Ajax container.
SR-D63976 · Issue 524221
Double decompression of Attachment BLOBs corrected
Resolved in Pega Version 8.2.6
Attachment streams were being double-decompressed on download. This was traced to the GetAttachmentReference activity in which the file was opened then performing a show-html of DisplayAttachment HTML. This internally called the DisplayAttachFile activity which attempted to open the file again, resulting in a double de-compression of the attachment BLOB. This has been corrected.
SR-D64506 · Issue 529335
Improved accessibility around page landmarks
Resolved in Pega Version 8.2.6
Accessibility testing revealed an issue with pages where the main landmark was contained in another landmark. This has been resolved by removing the main role in the FlowActionHTML rule.
SR-D65513 · Issue 530182
URL encryption modified for ShowAllOperators
Resolved in Pega Version 8.2.6
In the control ShowAllOperators the call to pzEncryptURLActionString was introduced to encrypt URLs to avoid hijacking. The content of the URL relied on the pxRequestor.pxWorkGroup property which was resolved using pega:reference tags. This approach worked in versions below 8.x, but in higher versions the tags were not resolved at runtime and results were not displayed. To resolve this, the requestorWorkGroup will be treated as string and passed as parameter instead of using pega:reference tags.
SR-D72886 · Issue 543754
Check added for Repositories before saving attachment
Resolved in Pega Version 8.2.6
When creating or updating a case through email listener, the Link-Attachment defaulted the pxStorageType to 'WebStorage'. This caused an issue when using PegaS3, which needs pxStorageType 'Repository'. To resolve this, a check has been added to see if Repositories are enabled, and if they are the storageType will be set accordingly.
SR-D80120 · Issue 544214
Custom attachment category parameter passed to dropdown
Resolved in Pega Version 8.2.6
Attempting to use the out-of-the-box “Attachments control” which was configured at design time to use a custom category where both the custom category and the section class were in the same work class resulted in the attachment category dropdown defaulting to “File” instead of the custom category. Investigation showed that the custom attachment category name configured on the control was missing in one of the pre-processing activities sequence. To resolve this, the activity Work-.pzInitAttachContent and the initAttachmentPage activity have been updated to pass the custom attachment category parameter.
INC-173068 · Issue 654064
HTML tags escaped in Audit History field values
Resolved in Pega Version 8.4.6
The case narrative section was showing case statuses with encoded special characters such as % or ( ), resulting in entries such as "Status changed to Complete &# 40;approved& #41; !@#$ %^& amp;*&# 40;&# 41;_&# 43;.". This has been resolved by updating the PyMemo field from type Text Input to DisplayAsLiteral for case narrative, which matches the setting for case history.
INC-175882 · Issue 658642
Updated bulk action audit history logic and security
Resolved in Pega Version 8.4.6
After update, using the standard bulk action feature did not record an audit history entry for the SLA action on a case. This was traced to changes made around authorization for opening worklists when using pzBulkProcessItem that limited the audit history to reassign, transfer or transfer assignment, and has been resolved by updating the login the Work-pzBulkProcessItem activity. In addition, the Require authentication to run checkbox has been enabled on the Security tab of the activity, and the Allow invocation from browser checkbox has been disabled.
INC-177183 · Issue 660537
Refresh assignment checks updated
Resolved in Pega Version 8.4.6
Additional privilege checks have been added to refresh assignment.
INC-178650 · Issue 673550
Cross-site scripting protections updated
Resolved in Pega Version 8.4.6
Cross-site scripting protections have been updated around the DisplayAttachment function.