SR-C53659 · Issue 414799
Location paramter passing corrected to resolve portal switch/refresh error
Resolved in Pega Version 8.2
Switching the portal and refreshing the browser was generating a system administrator error due to the location parameter not being passed correctly. This has been fixed by passing location parameter from pxCaseMgrHeader.js instead of forming it in the activity.
SR-C53719 · Issue 402222
DateTime date format inherited from locale to present in expected format
Resolved in Pega Version 8.2
Section pxStatusQueueItems from System Operations > Queue Management landing page were defaulting to the USA month-day-year order instead of using the format for the assigned locale (or windows locale if empty) of day-month-year. This was caused by the DateTime controls on the Admin Studio using the specific format to display the DateTime properties: this has now been modified to use 'control inherited from property' to display as per locale.
SR-C53820 · Issue 401241
DateTime control updated to handle invalid date entry when validation is turned off
Resolved in Pega Version 8.2
After turning off client side validation, trying to update a date in a date time control using the wrong format resulted in that day's date being used. If the client side validation is turned on, entering the date in the wrong format results in a validation message. This was caused by a missed use case for an invalid date entry not being validated, and has been corrected.
SR-C54001 · Issue 393883
Extension to control flow action behavior added to pzDisplayQuestionPage
Resolved in Pega Version 8.2
Flow Action pzDisplayQuestionPage Pega-Survey:07-10-33 had a final post activity that did not have extention point to control flow action behaviour. In order to support using configurations such as "Back-to-back processing" and "If an assignment is not being performed", the new activity "pyDisplayQuestionPagePostExt" has been added as an extension activity for pzDisplayQuestionPagePostAct.
SR-C54436 · Issue 394199
Resolved Data Type not showing records if Access When rule is mentioned in ARO of the class
Resolved in Pega Version 8.2
Selecting the Records tab in Data Type rule resulted in an error when an "Access when" was defined in an ARO for the same class. This was traced to an issue in the Records tab where the system checks if the user has access to read/write the data records and shows/hides the "Import" link accordingly. The access permissions are checked with the pzHaveAccess API, which internally expects to be executed on a step page which is of type Data-. Here, the conditions were directly used to show the import link on the section "pzRecordsEditorWrapper" of type "PegaAccel-Task-DataTableEditor". The "WHEN" conditions in ARO are defined on Data- class but they are being executed on "PegaAccel-Task-DataTableEditor" during runtime: this works fine when an integer value is provided in ARO instead of Access when rules. To fix the issue, the pzHaveAccess check on the "Import" link has been removed so that it appears irrespective of the user privileges.
SR-C81419 · Issue 418006
XXE security improvements
Resolved in Pega Version 8.2
Several updates have been made to improve security against External Entity Injection, including to the following areas: ProcessXSLT, performXSLT, DCOdocumentToBytes, DCOgetStringFromDocument, getTaskStatusXML, pzPMMLTransform, getTaskStatusXML, and validateAgainstXSD.
SR-C81115 · Issue 417684
XXE security improvements
Resolved in Pega Version 8.2
Several updates have been made to improve security against External Entity Injection, including to the following areas: ProcessXSLT, performXSLT, DCOdocumentToBytes, DCOgetStringFromDocument, getTaskStatusXML, pzPMMLTransform, getTaskStatusXML, and validateAgainstXSD.
SR-C81112 · Issue 417682
XXE security improvements
Resolved in Pega Version 8.2
Several updates have been made to improve security against External Entity Injection, including to the following areas: ProcessXSLT, performXSLT, DCOdocumentToBytes, DCOgetStringFromDocument, getTaskStatusXML, pzPMMLTransform, getTaskStatusXML, and validateAgainstXSD.
SR-C72572 · Issue 414584
XXE security improvements
Resolved in Pega Version 8.2
Several updates have been made to improve security against External Entity Injection, including to the following areas: ProcessXSLT, performXSLT, DCOdocumentToBytes, DCOgetStringFromDocument, getTaskStatusXML, pzPMMLTransform, getTaskStatusXML, and validateAgainstXSD.
SR-C72571 · Issue 413004
XXE security improvements
Resolved in Pega Version 8.2
Several updates have been made to improve security against External Entity Injection, including to the following areas: ProcessXSLT, performXSLT, DCOdocumentToBytes, DCOgetStringFromDocument, getTaskStatusXML, pzPMMLTransform, getTaskStatusXML, and validateAgainstXSD.