SR-B42009 · Issue 304044
Authentication timeout smoothed for re-login
Resolved in Pega Version 7.3
If custom authentication was used with a stream specified to enter credentials upon authentication timeout, re-login failed after the timeout. This was traced to two issues: first, the custom configuration defaulted to using the out-of-the-box stream "Web-TimeOut", which expects the password to be in base64 encoded format and so attempts to base64 decode it. This caused an authentication failure. Second, when restarting with authentication instead of a timed-out request, the starting activity of operator was being executed and the portal was rendered unexpectedly. To resolve this, the object references needed for the successful resumption will be cloned when there is authentication timeout and used for redirection upon successful authentication.
SR-B43182 · Issue 301518
pzSUS Param properly URLEncoded
Resolved in Pega Version 7.3
The Tomcat 8+ server was rejecting DWA URLs due to characters such as {,} that it considered to be unsafe. These characters were introduced by pzSus key in the URL, and these values will now be encoded for the browser to resolve these issues.
SR-B44199 · Issue 300058
Fixed Access Control Policy in Assign- classes
Resolved in Pega Version 7.3
An error was generated when attempting to create an Access Control Policy in Assign- classes. This was due to a missing use-case, and has been corrected.
SR-B44199 · Issue 299984
Fixed Access Control Policy in Assign- classes
Resolved in Pega Version 7.3
An error was generated when attempting to create an Access Control Policy in Assign- classes. This was due to a missing use-case, and has been corrected.
SR-B44199 · Issue 297134
Fixed Access Control Policy in Assign- classes
Resolved in Pega Version 7.3
An error was generated when attempting to create an Access Control Policy in Assign- classes. This was due to a missing use-case, and has been corrected.
SR-B6669 · Issue 279329
XSS filters added to UI rulesets
Resolved in Pega Version 7.3
XSS filters have been added to pyCaseActionArea and pyAssignmentsLabel in Pega-EndUserUI and UIKit rulesets.
SR-D31734 · Issue 515656
Cross-site scripting protection added for parameter page properties
Resolved in Pega Version 8.2.6
An Cross-site scripting vulnerability was seen with the Edge browser when run on visibility on client check was enabled with dynamic layouts and some properties were accessed from parameter page. Because run on visibility on client check is not required in this scenario, is has been removed and the values will be accessed from the server instead.