SR-D78659 · Issue 545758
Resolved CSV validation overflow in Google Chrome
Resolved in Pega Version 8.3.3
When using Google Chrome, validation of records was getting stuck in the UI at 32000+ while importing a CSV file with many invalid records when using the import option in Data type’s local data storage. Investigation showed the Call Stack size limit was exceeded in the Google Chrome dev tools due to the ":first" selector being passed to the Jquery find() method to find the element from the first element child of the XML doc. This selector causes maximum callstack exception when the document is large, and this is a deprecated selector in later versions of Jquery. To resolve this issue, the XML function in pzpega_tools_asyncprocess has been updated to replace the ":first" selector.
SR-D75097 · Issue 539517
Improved handling against formula injection attacks in Export to Excel
Resolved in Pega Version 8.4.1
Every time a possibly vulnerable cell value was found during Export to Excel, the value on that cell was modified to prevent a formula injection attack. If the value was non numeric, it would still render an apostrophe, although it should be hidden. Previous work on this issue involved the addition of a DSS which allowed this security to be disabled if the Excel was going to be consumed by an external tool, but the security implementation used to protect against calculation injection has reworked the ExcelSecurity utility function to allow the ability to change the cell style of a cell that is potentially vulnerable to formula injection attacks. This change no longer changes the cell value but instead applies a new cell style that has quotePrefix enabled.
SR-D78467 · Issue 542319
Component rule check added to suppress unnecessary guardrail warnings
Resolved in Pega Version 8.4.1
After creating a component application using Configure > Application > Components, guardrail warnings were seen when saving the component. The component application allowed adding rulesets or other applications, but did not have all the tabs found in a normal application, so there was no option for adding the associated classes to define the UI class, Integration class and data class in the component application. As component is mostly a part of (or embedded inside) an application, this function was not given options to justify or suppress guardrail warnings like Rule-Application. To resolve this, a check has been added for component rule before generating guardrail warnings for Empty UI page, Empty Integration class, and Empty Data class.
SR-D78659 · Issue 545761
Resolved CSV validation overflow in Google Chrome
Resolved in Pega Version 8.4.1
When using Google Chrome, validation of records was getting stuck in the UI at 32000+ while importing a CSV file with many invalid records when using the import option in Data type’s local data storage. Investigation showed the Call Stack size limit was exceeded in the Google Chrome dev tools due to the ":first" selector being passed to the Jquery find() method to find the element from the first element child of the XML doc. This selector causes maximum callstack exception when the document is large, and this is a deprecated selector in later versions of Jquery. To resolve this issue, the XML function in pzpega_tools_asyncprocess has been updated to replace the ":first" selector.
INC-118926 · Issue 563806
ArtifactoryStorage URL construction with port updated
Resolved in Pega Version 8.2.7
After configuring a repository as a JFROG artifactory with a ruleform that provided a URL / port number and repository name, test connectivity worked as expected, but deploying the codeset using pipeline or importing the codeset using the import functionality generated the error "Unable to construct artifactory url due to invalid file path". The root cause of the issue was traced to the ArtifactoryStorage java class, which did not accept the port number in the format provided due to changes in the API. If there was no portNumber in the URL, the issue did not occur. To resolve this, the constructor has been changed to properly build the URI per https://docs.oracle.com/javase/8/docs/api/java/net/URI.html.
SR-D78659 · Issue 545759
Resolved CSV validation overflow in Google Chrome
Resolved in Pega Version 8.2.7
When using Google Chrome, validation of records was getting stuck in the UI at 32000+ while importing a CSV file with many invalid records when using the import option in Data type’s local data storage. Investigation showed the Call Stack size limit was exceeded in the Chrome dev tools due to the ":first" selector being passed to the Jquery find() method to find the element from the first element child of the XML doc. This selector causes maximum callstack exception when the document is large, and this is a deprecated selector in later versions of Jquery. To resolve this issue, the XML function in pzpega_tools_asyncprocess has been updated to replace the ":first" selector.
INC-168254 · Issue 659299
Documentation updated for accents and special characters used in search
Resolved in Pega Version 8.5.5
The "Pega search API" article has been updated to reflect that the search functionality in Pega Platform does not match accented words with unaccented. For example, searching for santé and sante will retrieve different results. In addition, Domain Specific Language (DSL) includes special characters for use when searching, for example '-', '_', '!', '@'. However, the system retrieves various results depending on the way the special characters are used in the search query. If the query contains special characters that are not escaped, the system may retrieve incorrect results. For example, not escaping the slash mark in the 25/02 query may cause the system to ignore the special character.
INC-176952 · Issue 660482
DateTime format check added for REST response
Resolved in Pega Version 8.6.2
While retrieving case details using the standard GetCases API, a datetime field defined on a work object was returned in JSON date format i.e. "QuoteExpiryDate": "2021-06-09T14:00:00.000Z". However when the same field was mapped to a flow action's section, the value was retrieved by the GetAssignmentAction API which returned the value in Pega's date format, "value": "20210609T140000.000 GMT". This was traced to a missed datetime format check in the REST response, and has been resolved by using the Rule-Utility-Function pzAPICreateJsonForField to handle the conversion of the time stamp to JSON format.
INC-168254 · Issue 659298
Documentation updated for accents and special characters used in search
Resolved in Pega Version 8.6.2
The "Pega search API" article has been updated to reflect that the search functionality in Pega Platform does not match accented words with unaccented. For example, searching for santé and sante will retrieve different results. In addition, Domain Specific Language (DSL) includes special characters for use when searching, for example '-', '_', '!', '@'. However, the system retrieves various results depending on the way the special characters are used in the search query. If the query contains special characters that are not escaped, the system may retrieve incorrect results. For example, not escaping the slash mark in the 25/02 query may cause the system to ignore the special character.
INC-168254 · Issue 659297
Documentation updated for accents and special characters used in search
Resolved in Pega Version 8.7
The "Pega search API" article has been updated to reflect that the search functionality in Pega Platform does not match accented words with unaccented. For example, searching for santé and sante will retrieve different results. In addition, Domain Specific Language (DSL) includes special characters for use when searching, for example '-', '_', '!', '@'. However, the system retrieves various results depending on the way the special characters are used in the search query. If the query contains special characters that are not escaped, the system may retrieve incorrect results. For example, not escaping the slash mark in the 25/02 query may cause the system to ignore the special character.