SR-C14523 · Issue 354591
Tomcat/PostgreSQL guide updated for rulebase installation
Resolved in Pega Version 8.1
Documentation for rulebase installation has been clarified in the Tomcat/PostgreSQL guide to correct pathname errors.
SR-C14630 · Issue 357156
73
Resolved in Pega Version 8.1
If a Radio Buttons control was used to display read-only values with "Display Text of selected option" using the presentation type "True/False", the value shown was always False if localization was in place, even when the property value was true. This was a logic error and has been corrected.
SR-C14639 · Issue 368138
German language pack updates
Resolved in Pega Version 8.1
The German Language Pack (_de) has been updated to properly display the German text for rich text editors text like (Bold, Italic,) and the 'Check Spelling' tooltip.
SR-C14688 · Issue 358198
Added handling for scheduled reports with spaces in the shortcut name
Resolved in Pega Version 8.1
If a report was scheduled which had spaces in the shortcut title, the emails were not sent and the error "Opening the definition of the report failed for class name: Work-& report name: Open Case timeliness" was generated. To resolve this, the activity Pega-ScheduledTask-Reporting!pyExecuteTask has been updated to set the pyClassName and pyStreamName according to the report insname found on the shortcut when using a Report Definition.
SR-C14893 · Issue 360684
Repaired Refresh Section triggered by activity
Resolved in Pega Version 8.1
Refresh Section was showing incorrect information after modifying the PageList last record details and triggering an activity. This has been corrected.
SR-C14922 · Issue 357161
Improved CSRF features support whitelist
Resolved in Pega Version 8.1
Previously, the system had an option to support secureAll (i.e. securing all streams and activities) or the ability to list the streams or activities which needed to be secured against CSRF attack (blacklist). This has now been enhanced to support the list of allowed activities or streams for which CSRF protection is skipped so that customer can set secureAll to True and can provide the exemption list of activities or streams (whitelist).The DSS setting security/csrf/AllowSameDomainReferrer allows either True or False. When DSS security/csrf/AllowSameDomainReferrer is set True then the current behavior is retained, i.e. if the referrer is in the allowed referrer list or the request is from same domain of the pega app then request is considered as valid even if the token validation fails. When DSS security/csrf/AllowSameDomainReferrer is set False and if the token validation fails then it will be considered a CSRF attack. If the token validation passes then it's returned as success. The DSS settings security/csrf/allowedActivities and security/csrf/allowedStreams will take the list of activities and streams for which CSRF validation is skipped when security/csrf/secureall is set True. The DSS settings security/csrf/allowedActivities and security/csrf/allowedStreams will take precedence over the existing DSS settings security/csrf/securedActivities and security/csrf/securedStreams .
SR-C15039 · Issue 360857
improved security for static content requests
Resolved in Pega Version 8.1
In order to improve security, the logic used for extracting a file extension from a static content request has been updated to use relative references that avoid needing a PRThread if it doesn't exist.
SR-C15346 · Issue 357008
Label error CSS appended to drop down field
Resolved in Pega Version 8.1
When configuring a Repeat Grid layout with inline always editable mode and a section include containing drop down fields associated with required input fields like DateTime and Text Input fields, exiting out of the drop down did not append the input field label to the CSS class as expected. This was due to incomplete generation of the repeatindex for the ID, and has been fixed.
SR-C15461 · Issue 357308
Corrected locking message
Resolved in Pega Version 8.1
If a case was locked, attempting to open the case elsewhere displayed the incorrect error message "The case type does not yet have any fields defined" instead of indicating the case was locked. This has been corrected by updating the harness locking.
SR-C15546 · Issue 362398
'Close' button hidden when browser doesn't support it
Resolved in Pega Version 8.1
Attempting to access an external NPS survey assignment a second time generates an Access Denied / Logon Denied window; the resulting window was not closeable by using the 'close' button in Google Chrome and Firefox. This was traced to browser security restrictions imposed by Firefox and Google Chrome that disable Window.close()for URLs launched directly by hitting the URL. To avoid confusion, the DenyExternal HTML rule has been modified to avoid showing the 'close' button for browsers that do not support it in this case.