INC-125803 · Issue 568661
Cross-site scripting updated on activities
Resolved in Pega Version 8.1.9
Additional Cross-site scripting work has been done on activities.
INC-127981 · Issue 563000
Rulesets removed from direct invocation ability
Resolved in Pega Version 8.1.9
Internal rules have been updated so that they are no longer available to be invoked directly by a client or service.
INC-146837 · Issue 602673
PerformCriteria contains CurUserHasRequiredSkills 'when' rule
Resolved in Pega Version 8.1.9
A customer version of the PerformCriteria data transform was generating a validation error due to a qualified statement that resulted in a null result. This has been resolved by updating the PerformCriteria DT to include the CurUserHasRequiredSkills 'when' rule.
SR-D65866 · Issue 536427
Corrected approval step task message
Resolved in Pega Version 8.1.9
When a case progressed to the approval step, the task name did not properly appear as part of the "Please approve or reject this" message. In another scenario, a portal which supported locale switching was not translating "Please approve or reject this" when the locale was switched, but instead displayed the message in the original language. Investigation traced this to the pzInstructionsForApproval data transform storing the localized field value, causing it to persist inappropriately. This has been resolved.
INC-119669 · Issue 562588
Special character handling added to filters for table sourced with parameterized RD
Resolved in Pega Version 8.1.9
Filters were not working on a table when sourced with a report definition which accepted a parameter value containing special characters (Eg: S&P). This has been resolved by using StringUtils.reversibleCrossScriptingFilter in the pzGetGridColUniqueValues activity to allow filters to contain special characters.
INC-145810 · Issue 599463
BIX log shows correct corrupted BLOB pzInskey
Resolved in Pega Version 8.1.9
An update has ben made to ensure the correct inskey is shown in the BIX logs for a corrupted BLOB.
SR-D90400 · Issue 563187
Explicit parent added for descendants in subreport to correct summary
Resolved in Pega Version 8.1.9
When using a Report Definition with a Summarize column and a subreport with join class, it was not considering implementation class work objects. As a result, the prepared values were only partially computed. This was traced to the SubReport in SetQuery not having reference to a parent for the descendants classes, and has been resolved by explicitly setting the parent value.
SR-D40662 · Issue 511397
OpenRuleAdvanced updated
Resolved in Pega Version 8.2.5
After upgrade, the Update Page and Append and Map to step in Data transform was generating the error "No Server connection while giving page name to Target and Source". This was traced to the OpenRuleAdvanced_OverLabel control, and investigation showed that a variable was not being resolved when invoking pzEncryptURLActionString. This has been resolved by updating OpenRuleAdvanced and reimplementing two parameters as well as moving the call of these variables to the beginning of the script. Security has also been improved by moving some of the encryption to SafeUrls.
SR-D42566 · Issue 512872
Security improvements for ApplicationInventory and Delete Class
Resolved in Pega Version 8.2.5
It was possible to call the activity "ApplicationInventory of class Rule-" by appending the activity name in the URL. To improve security, the ApplicationInventory activity and HTML rule have been removed from the system. In addition, it was possible to access the "delete class" screen and perform actions on top of it by directly appending the stream to the URL. This has been refactored so the screen will be presented only if the pzSystemOperationsAdministrator privilege is in the current access group.
SR-D43402 · Issue 509972
ValueList/Group correctly appears on clipboard
Resolved in Pega Version 8.2.5
After upgrade the property of type ValueList/Group was missing from the clipboard. This was traced to an extra 'when' rule applied on the visibility of Layout-2 in final section pzProperty (Pega-Desktop:08-02-01), and has been corrected.