SR-D69108 · Issue 543847
Handling added for drag-and-drop with deleted report templates
Resolved in Pega Version 8.4.1
After adding a new report, an error appeared when trying to use drag-and-drop to add a column (Page List) from the Data Explorer in the report browser. This was traced to refactor work done to use the Record API throughout reporting: the ruleset on new reports was not being reset from a Pega- ruleset to an application ruleset, causing columns the referenced properties defined outside the platform to be rejected. This use case was missed because case types define their own report templates on creation, but in this scenario those had been deleted. To resolve this, the system has been updated to call pxChooseBestRuleset from pxShowReport in order to enable the use of properties defined in the application prior to saving the report.
SR-D71408 · Issue 534936
DIrty check flag triggered by adding columns and filters
Resolved in Pega Version 8.4.1
If a report was edited and closed without saving, the dirty check worked as expected. However, if new columns or filters were added and the report closed without saving, the dirty check did not appear. This has been resolved by updating the check logic.
SR-D73777 · Issue 539970
Logic added for client-side Somaria decoding
Resolved in Pega Version 8.4.1
When Somaria (an Advanced Data Visualization control) was used with Predictor Performance, the special characters were displayed as ASCII values instead of the actual values in the label. This was traced to Somaria encoding special characters of the visualization data into HTML entities on the server in order to protect against cross-site scripting attacks, but these entities were not being decoded on the client side. To resolve this, logic has been added to decode HTML entities in Somaria data on the client.
SR-D75097 · Issue 542361
DSS added to allow disabling Excel cell export security
Resolved in Pega Version 8.4.1
In order to avoid calculation injection during Export to Excel, an apostrophe character was added to the cell on export to close a vulnerability. However, sites using an external tool to consume the Excel document needed a workaround for this security feature. The resolution for this issue adds a DSS setting "TurnOffSecurityForExportToExcel" which can now be used to turn on/off the security feature that adds char " ' " in front of the cell value. Further refinements to this work will be included in a future release.
SR-D75097 · Issue 539517
Improved handling against formula injection attacks in Export to Excel
Resolved in Pega Version 8.4.1
Every time a possibly vulnerable cell value was found during Export to Excel, the value on that cell was modified to prevent a formula injection attack. If the value was non numeric, it would still render an apostrophe, although it should be hidden. Previous work on this issue involved the addition of a DSS which allowed this security to be disabled if the Excel was going to be consumed by an external tool, but the security implementation used to protect against calculation injection has reworked the ExcelSecurity utility function to allow the ability to change the cell style of a cell that is potentially vulnerable to formula injection attacks. This change no longer changes the cell value but instead applies a new cell style that has quotePrefix enabled.
SR-D75757 · Issue 540640
ReportBrowser script updated to ensure older version refreshes on creation
Resolved in Pega Version 8.4.1
When using the old version of the Report Browser, the count at the report category did not update after being saved into a category until logout and login back to the portal. This was a missed use case for the old browser during updates to the UIKit and has been resolved by including the reportbrowser script in the header section pyCMReportBrowserHeader to ensure a refresh.
SR-D80589 · Issue 544842
Check added before clearing Report definition custom filter section page
Resolved in Pega Version 8.4.1
When using a Custom Section in the Report Viewer, the Page referred to at the Prefix was getting reset while running the report. Investigation showed the page was being reinitialized in pzCreateCustomFilterPage step 2, and this has been resolved by adding a 'when' rule for clearing the custom filter page.
SR-D83060 · Issue 547920
Repaired History class report column sorting
Resolved in Pega Version 8.4.1
Attempting to sort any of the columns in a report using the History class did not render the results and the error "Cannot render the section" appeared. Tracer showed a Fail status for some out-of-the-box activities with the message "java.lang.StringIndexOutOfBoundsException". Investigation showed the logic in pzMergeAutoGenForProp activity was failing because the pyIsFunction property was not set on the UIField pages for function columns. To resolve this, the logic for pzMergeAutoGenForProp has been modified to get pyIsFunction from the field name.
SR-D83373 · Issue 545752
Stage Label name displayed in chart
Resolved in Pega Version 8.4.1
When pyCaseStatusControl was used, the cases label was displayed as $label instead of the Case Name. This was related to the version of Fusion Charts included, and has been resolved for this release by modifying library code in fusioncharts.js to fix the issue in datasetrollover listener code. Fusion Charts will be upgraded in v8.5 for a more complete solution to this issue.
SR-D86864 · Issue 548094
Very long auto-generated index trimmed for use in Report Browser
Resolved in Pega Version 8.4.1
The creation of a new report via the user report browser failed if there was an index with a long name (over 30 characters). The out-of-the-box method automatically generated the prefix, but the Report editor could not handle the very long declare index name and as a result did not consider properties from the embedded pages. To resolve this, pzUpdateAssociation and pzInsertNewReportColumn have been updated to trim the prefix for the declare index to 30 characters and allow for adding a new column to the report. This work does not cover adding a new filter to the report, as that fix would require substantial changes to reporting logic.