INC-163292 · Issue 635837
Portlet service deprecated
Resolved in Pega Version 8.4.6
Portlet authentication services have been removed from the standard installation package.
SR-D53176 · Issue 541796
Error when adding function filter will persist
Resolved in Pega Version 8.4.1
When an exception occurred while adding a filter in the report viewer, the error was shown but cleared due to an immediate refresh of the parent section. Analysis found that step2 of pzGetFiltersFromContent was failing, after which the error was shown, the section reload happened, and the error disappeared. To resolve the error being cleared prematurely, the pzOnLoadReloadReport control has been modified so that when there are messages on the top level page (pyReportContentPage), a parameter will be set on HarnessContextMgr to not to clear them during the next refresh call.
SR-D64231 · Issue 539235
Export to Excel cell style control added
Resolved in Pega Version 8.4.1
If a column was formatted with an auto generated numeric control, a new cell style was generated for every row during the export to Excel process. Since there is a limit on the amount of cell styles, once the number of rows in the file was greater than 64000 an error was generated. To resolve this, the system will disable the creation of a new cell style for every instance when an auto-generated numeric control is used.
SR-D65327 · Issue 534572
Backspace keydown handler updated for all textinput modes
Resolved in Pega Version 8.4.1
Attempting to use the Backspace key to remove input from a number cell (either Integer or Decimal) did not work. When the action was performed by a Manager, the Backspace key works as expected. Investigation showed the logic in the keydown handler for the backspace key in pega_report_events.js was only ignoring the e.preventDefault() call when the textinput node type was text, not number or other input types. To correct this, the keydown handler has been updated so the backspace key in pega_report_events.js maintains the default backspace functionality for all textinput modes, not just those of type 'text'.
SR-D69098 · Issue 534043
Export to Excel works for for report definition with duplicate columns
Resolved in Pega Version 8.4.1
After adding a date column to a report definition (2nd column in the report), the data displayed correctly in the UI but Export to Excel failed with the error "Section 'pzRDExportWrapper' execution error on page '' of class 'Rule-Obj-Report-Definition'. : The Reference .pyDateValue(2) is not valid." This was traced to an out of bounds exception thrown if there were two or more columns with the same calculation. When preparing for export, the column with the duplicate calculation would not get added to the map of report UI fields. To resolve this, the system has been updated to allow report definition columns with the same calculation to be properly mapped to a UI field.
SR-D69108 · Issue 543847
Handling added for drag-and-drop with deleted report templates
Resolved in Pega Version 8.4.1
After adding a new report, an error appeared when trying to use drag-and-drop to add a column (Page List) from the Data Explorer in the report browser. This was traced to refactor work done to use the Record API throughout reporting: the ruleset on new reports was not being reset from a Pega- ruleset to an application ruleset, causing columns the referenced properties defined outside the platform to be rejected. This use case was missed because case types define their own report templates on creation, but in this scenario those had been deleted. To resolve this, the system has been updated to call pxChooseBestRuleset from pxShowReport in order to enable the use of properties defined in the application prior to saving the report.
SR-D71408 · Issue 534936
DIrty check flag triggered by adding columns and filters
Resolved in Pega Version 8.4.1
If a report was edited and closed without saving, the dirty check worked as expected. However, if new columns or filters were added and the report closed without saving, the dirty check did not appear. This has been resolved by updating the check logic.
SR-D73777 · Issue 539970
Logic added for client-side Somaria decoding
Resolved in Pega Version 8.4.1
When Somaria (an Advanced Data Visualization control) was used with Predictor Performance, the special characters were displayed as ASCII values instead of the actual values in the label. This was traced to Somaria encoding special characters of the visualization data into HTML entities on the server in order to protect against cross-site scripting attacks, but these entities were not being decoded on the client side. To resolve this, logic has been added to decode HTML entities in Somaria data on the client.
SR-D75097 · Issue 542361
DSS added to allow disabling Excel cell export security
Resolved in Pega Version 8.4.1
In order to avoid calculation injection during Export to Excel, an apostrophe character was added to the cell on export to close a vulnerability. However, sites using an external tool to consume the Excel document needed a workaround for this security feature. The resolution for this issue adds a DSS setting "TurnOffSecurityForExportToExcel" which can now be used to turn on/off the security feature that adds char " ' " in front of the cell value. Further refinements to this work will be included in a future release.
SR-D75097 · Issue 539517
Improved handling against formula injection attacks in Export to Excel
Resolved in Pega Version 8.4.1
Every time a possibly vulnerable cell value was found during Export to Excel, the value on that cell was modified to prevent a formula injection attack. If the value was non numeric, it would still render an apostrophe, although it should be hidden. Previous work on this issue involved the addition of a DSS which allowed this security to be disabled if the Excel was going to be consumed by an external tool, but the security implementation used to protect against calculation injection has reworked the ExcelSecurity utility function to allow the ability to change the cell style of a cell that is potentially vulnerable to formula injection attacks. This change no longer changes the cell value but instead applies a new cell style that has quotePrefix enabled.