SR-B96909 · Issue 357163
Enhanced features for SecureAll settings
Resolved in Pega Version 8.1
Previously, the option existed to support secureAll (i.e. securing all streams and activities) or to list the streams or activities which needed to be secured against CSRF attack. An enhancement has now been added to support the list of allowed activities or streams for which CSRF attack is skipped so that secureAll can be set to True with a provided exemption list of activities or streams. 1) A new DSS setting security/csrf/AllowSameDomainReferrer which allows either True or False has been added. 2) When DSS security/csrf/AllowSameDomainReferrer is set True then the current behavior is retained, i.e. if the referrer is in the allowed referrer list or the request is from same domain of the Pega app then the request is considered as valid even if the token validation fails. 3) When DSS security/csrf/AllowSameDomainReferrer is set False and if the token validation fails. it will be considered a CSRF attack. If the token validation passes then that success is returned. 4) New DSS settings security/csrf/allowedActivities and security/csrf/allowedStreams have been introduced to take the list of activities and streams for which CSRF validation is skipped when security/csrf/secureall is set True. 5) The new DSS settings security/csrf/allowedActivities and security/csrf/allowedStreams will take precedence over the existing DSS settings security/csrf/securedActivities and security/csrf/securedStreams
SR-C10058 · Issue 352947
Validation error persists for focus out
Resolved in Pega Version 8.1
The Field Validation Error massage was lost when the error field was clicked and then any other area was clicked. This has been fixed.
SR-C10071 · Issue 354506
SignatureMethod Algorithm attribute in Authentication Activity now obtained from certificate
Resolved in Pega Version 8.1
When creating an authentication request in pySAMLWebSSOAuthenticationActivity (step 6), the system was generating the wrong SignatureMethod Algorithm if the site was using certificates with RSA - SHA256 encryption. This was due to the signature algorithms being hardcoded in SAML code, and has been resolved by getting the signature algorithm from the certificate.
SR-C10215 · Issue 356670
Invalid editable field correctly hidden
Resolved in Pega Version 8.1
When a 508 Accessibility user logged in to any harness, an editable field was added after the main layout and sections. This was shown visually with the web accessibility toolbar, and accessibility users were able to navigate to this field via Tab navigation. This field was added intentionally to address an issue, but recent updates to the accessibility tools made it visible. The code has now been updated to correctly hide it.
SR-C10216 · Issue 359979
Removed extraneous tabIndex in Microsoft Internet Explorer
Resolved in Pega Version 8.1
An extra tabIndex on <th> in Microsoft Internet Explorer which was not required and causing additional issues has been removed.
SR-C10229 · Issue 360442
pxAssignDateTime updated during GetNextWork
Resolved in Pega Version 8.1
The property pxAssignDateTime of an assignment was not getting updated using GetNextWork to fetch a case from the workbasket and assign it to a worklist. This has been corrected.
SR-C10270 · Issue 355775
Added client side validation for manually entered date
Resolved in Pega Version 8.1
In a Date Time control defined on date type property, if the date was entered in yyyy/MM/dd format manually, a client validation error was thrown on the screen stating the format was invalid. Clicking on the submit button even after this the client side validation error submitted the form. This did not happen if the property type was Date Time. To correct this, code changes have been made to get the client side validation for an invalid date format.
SR-C10277 · Issue 352040
Declare Expression rule with "\" in the name opens correctly"
Resolved in Pega Version 8.1
A declare expression rule with "\" in the name was not opening in the ruleform. This has been resolved by escaping the string properly while passing for parsing."
SR-C10396 · Issue 353405
Optimistic locking fixed for adding work parties
Resolved in Pega Version 8.1
With optimistic locking enabled, attempting to submit the assignment after adding work parties from the out-of-the-box case screens resulted in the error message:"You have lost the ability to make this change because a change elsewhere has taken precedence over the change you made here. " This has been fixed by reworking the order of operations in the optimistic locking.
SR-C10430 · Issue 353177
Null check added for offline rendering of declarativeTarget
Resolved in Pega Version 8.1
When rendering a section offline that has declaratives, the platform tried to evaluate a pyWorkPage which had no parent, resulting in a JS error and breaking the subsequent JS functions. This has been handled by putting a null check in the failing JS function.