SR-C17147 · Issue 364317
Check in comments displayed when CSRF enabled
Resolved in Pega Version 8.1
After upgrade, using the Check-In modal window did not display the comments field. This was traced to a condition where an enabled CSRF token caused the data to not be rendered in the UI when a modal dialog flow is configured on the button, and has been fixed.
SR-C17153 · Issue 358471
Fixed Cross-origin OPTIONS header mismatch
Resolved in Pega Version 8.1
Attempting to get a Cross Origin (CORS) OPTIONS request to respond with Access-Control-Allow-Origin was not working, resulting in a response that had no Access-Control-Allow-Origin header (with the value of the host address of the machine the request was made on), even though there was a Endpoint-CORS policy mapping for api/v1/cases of 'AllowAllOrigins', This was traced to a mismatch between policy headers and incoming http request headers; the incoming http headers were a comma separated string instead of a list at the HTTP layer, and the wrong data type was chosen (list instead of simple String). To resolve this, logic has been added to split the comma separated headers coming in the HTTPRequest.
SR-C17153 · Issue 360254
Fixed Cross-origin OPTIONS header mismatch
Resolved in Pega Version 8.1
Attempting to get a Cross Origin (CORS) OPTIONS request to respond with Access-Control-Allow-Origin was not working, resulting in a response that had no Access-Control-Allow-Origin header (with the value of the host address of the machine the request was made on), even though there was a Endpoint-CORS policy mapping for api/v1/cases of 'AllowAllOrigins', This was traced to a mismatch between policy headers and incoming http request headers; the incoming http headers were a comma separated string instead of a list at the HTTP layer, and the wrong data type was chosen (list instead of simple String). To resolve this, logic has been added to split the comma separated headers coming in the HTTPRequest.
SR-C17653 · Issue 367019
Error logging improved for ParseXML assembler failures
Resolved in Pega Version 8.1
A Rule-Connect-REST call to get user data from an external application during authentication did receive data back from the service, but the ParseXML didn't parse the response and there was no response_GET page or errors logged to indicate the issue. To correct this, the code has been updated to ensure that an error is logged if the ParseXML assembler is unable assemble the rule.
SR-C17653 · Issue 368364
Error logging improved for ParseXML assembler failures
Resolved in Pega Version 8.1
A Rule-Connect-REST call to get user data from an external application during authentication did receive data back from the service, but the ParseXML didn't parse the response and there was no response_GET page or errors logged to indicate the issue. To correct this, the code has been updated to ensure that an error is logged if the ParseXML assembler is unable assemble the rule.
SR-C17679 · Issue 358529
Enhancement to support international currencies in SmartDispute
Resolved in Pega Version 8.1
An enhancement has been added to the Smart Dispute application to support using international currencies. The currency control 'pxCurrencyInternational' is available in the base Pega Platform, similar to the existing control 'pxCurrency' but with format type as 'Text'. The control also has a script that removes any text other than non- numeric, comma, decimal, or negative sign values and supports both comma and dot as decimal separators.
SR-C17971 · Issue 358707
Mobile requestors properly closed at logoff
Resolved in Pega Version 8.1
On mobile, the requestor for synchronization was not released after logoff. Investigation showed that two requestors were started for every mobile login but only one was removed when the session was closed. This has been fixed.
SR-C17998 · Issue 358393
Collapsible headers read one with JAWS / Microsoft Internet Explorer 11
Resolved in Pega Version 8.1
JAWS was reading collapsible headers twice when using Microsoft Internet Explorer 11. A check has been added to resolve this.
SR-C18047 · Issue 362402
Added flag for property messages on a passivated page
Resolved in Pega Version 8.1
A page with messages on a property was submitted twice after passivation has occurred. On investigation it was found that @hasMessages() is returning false after passivation even though a property on the page did have messages. Because the messages were not getting cleared, the application returned the same page to the user, and the page ended up being submitted twice. To correct this, when a page that undergoes passivation has messages, the information that the page has messages will be stored in the encoded page put into the passivation store. During decoding/activation of page, the system will use this flag to determine that page has messages and process them correctly.
SR-C18124 · Issue 362384
Configuration change to avoid Apache Poi zip bomb errors
Resolved in Pega Version 8.1
While importing an Excel sheet to create a workbook instance in Pega on a system that uses Apache Poi, Apache's built-in validations were triggered by what the software interpreted as an attempt to violate system integrity. In this case, a "java.io.IOException: Zip bomb detected!" error was generated when Apache detected a huge amount of data being uploaded to a server; in some scenarios this might be an attempt to eat up all of the server memory and impact server performance significantly, hence the warning. When there are many redundant data values present in an Excel file, the file will be compressed by a very high scale when saving. When the same file is used to retrieve data (during import in Pega) it will expand with the same scale to prepare the actual file. The "Zip bomb detected" exception will occur if the expanded file crosses the default MinInflateRatio set in the Apache jar. Apache includes a setting called MinInflateRatio which is configurable via ZipSecureFile.setMinInflateRatio() ; this will now be set to 0.0 by default to allow large files.