Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Go to download resolved issues by patch release.

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please update your bookmarks. This site will be discontinued in Dec 2024.

Pega Platform Resolved Issues for 8.1 and newer are now available on the Support Center.

SR-D75097 · Issue 542359

DSS added to allow disabling Excel cell export security

Resolved in Pega Version 8.3.2

In order to avoid calculation injection during Export to Excel, an apostrophe character was added to the cell on export to close a vulnerability. However, sites using an external tool to consume the Excel document needed a workaround for this security feature. The resolution for this issue adds a DSS setting "TurnOffSecurityForExportToExcel" which can now be used to turn on/off the security feature that adds char " ' " in front of the cell value. Further refinements to this work will be included in a future release.

SR-D75757 · Issue 540638

ReportBrowser script updated to ensure older version refreshes on creation

Resolved in Pega Version 8.3.2

When using the old version of the Report Browser, the count at the report category did not update after being saved into a category until logout and login back to the portal. This was a missed use case for the old browser during updates to the UIKit and has been resolved by including the reportbrowser script in the header section pyCMReportBrowserHeader to ensure a refresh.

SR-D31734 · Issue 515655

Cross-site scripting protection added for parameter page properties

Resolved in Pega Version 8.3.2

An cross-site scripting vulnerability was seen with the Edge browser when run on visibility on client check was enabled with dynamic layouts and some properties were accessed from parameter page. Because run on visibility on client check is not required in this scenario, is has been removed and the values will be accessed from the server instead.

SR-D33214 · Issue 514022

Added safeURL encoding for Japanese characters in attached filenames

Resolved in Pega Version 8.3.2

It was not possible to preview a Japanese-titled PDF file attached on a work object. Investigation showed that in case of Japanese characters, file names were not being correctly encoded during the fetch request when JBoss was used. The retrieval worked correctly under Tomcat. In order to ensure consistent encoding, the safeURL API will be used for constructing the URL and for the activities DisplayAttachFile and pzDownloadFromRepository which add the ContentDisposition header.

SR-D67321 · Issue 532627

ShowXML activity deprecated

Resolved in Pega Version 8.3.2

The activity @baseclass.ShowXML has been blocked for security reasons. If the functionality is needed, a a single line step of "Show-Applet-Data" may be used.

SR-C93602 · Issue 485517

White list filter added for X-Forward-Host value security

Resolved in Pega Version 8.3.2

In order to improve security, a validation for X-Forward-Host value has been added which will be read from a local configuration. This is in the form of a white list regex filter for the host/XFHost header to ensure the URL's actions cannot be redirected.

SR-D37894 · Issue 505974

Query parameters will be cleared after redirection from authentication

Resolved in Pega Version 8.3.2

When using the /PRAuth Servlet, running a snapstart URL generated from a secondary application correctly executed SAML Authentication and Pega processing, but a second URL generated with different parameters ran with the parameters from the first request. The third and subsequent requests processed as expected with the parameters sent in with the request. Investigation showed that the previous parameters were picked due to the query string parameters not being cleared after redirection, and this issue has been resolved by updating the system so it will clear the parameters after issuing a redirect from the authentication policy engine.

SR-D41454 · Issue 506535

Updated HotFix Manager for use in older versions

Resolved in Pega Version 8.3.2

The DL logic in Hotfix Manager was changed in 8.3 to include the catalog of all framework changes. This had the unintended side effect of preventing DLs from being installed in Pega 7.3.1 and lower versions as the versions included in the catalog are not present on those systems and the validation failed. This has been resolved by revising the DL update so the system will only add all apps to the catalog for platform 7.4+ DLs.

SR-D46133 · Issue 534649

Colon in folder or file name will be replaced with underscore during unzip

Resolved in Pega Version 8.3.2

After creating a product file (zip), attempting to import the same file into an updated system resulted in an exception. Investigation showed that in this case the zip file was a Product rule form which had applications packaged with a colon(:) in the name of the application, a format that was allowed in 6.x versions. Because Windows machines restrict creating creating any folder or file with : in its name, the zip file could not be inflated as part of the import process. To resolve this, the system has been updated so that a colon(:) will be replaced by underscore(_) during inflate operations.

SR-D46536 · Issue 515792

Custom agent next run time will be rescheduled if the run failed

Resolved in Pega Version 8.3.2

If a customized agent that was set to run every day encountered an exception and failed to run, restarting the agent did not update it to the next run time; it still returned the passed trigger time as its next execution time. This has been resolved with an update that will reschedule the run if the next run time is in the past.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us