Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Go to download resolved issues by patch release.

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please note: beginning with the Pega Platform 8.7.4 Patch, the Resolved Issues have moved to the Support Center.

SR-B40059 · Issue 296152

IACAuthentication security improved

Resolved in Pega Version 7.3

The IACAuthentication activity assumed third party authentication and did not check for a password. In order to improve security, default password validation has been added to the shipped IACAuthentication activity.

SR-B42009 · Issue 304044

Authentication timeout smoothed for re-login

Resolved in Pega Version 7.3

If custom authentication was used with a stream specified to enter credentials upon authentication timeout, re-login failed after the timeout. This was traced to two issues: first, the custom configuration defaulted to using the out-of-the-box stream "Web-TimeOut", which expects the password to be in base64 encoded format and so attempts to base64 decode it. This caused an authentication failure. Second, when restarting with authentication instead of a timed-out request, the starting activity of operator was being executed and the portal was rendered unexpectedly. To resolve this, the object references needed for the successful resumption will be cloned when there is authentication timeout and used for redirection upon successful authentication.

SR-B43182 · Issue 301518

pzSUS Param properly URLEncoded

Resolved in Pega Version 7.3

The Tomcat 8+ server was rejecting DWA URLs due to characters such as {,} that it considered to be unsafe. These characters were introduced by pzSus key in the URL, and these values will now be encoded for the browser to resolve these issues.

SR-B44199 · Issue 300058

Fixed Access Control Policy in Assign- classes

Resolved in Pega Version 7.3

An error was generated when attempting to create an Access Control Policy in Assign- classes. This was due to a missing use-case, and has been corrected.

SR-B44199 · Issue 299984

Fixed Access Control Policy in Assign- classes

Resolved in Pega Version 7.3

An error was generated when attempting to create an Access Control Policy in Assign- classes. This was due to a missing use-case, and has been corrected.

SR-B44199 · Issue 297134

Fixed Access Control Policy in Assign- classes

Resolved in Pega Version 7.3

An error was generated when attempting to create an Access Control Policy in Assign- classes. This was due to a missing use-case, and has been corrected.

SR-B6669 · Issue 279329

XSS filters added to UI rulesets

Resolved in Pega Version 7.3

XSS filters have been added to pyCaseActionArea and pyAssignmentsLabel in Pega-EndUserUI and UIKit rulesets.

SR-B66996 · Issue 312205

Access control policy logic added for non-work/data/assign classes

Resolved in Pega Version 7.3.1

As part of ABAC (Attribute-based access control) restrictions, if a class property was of type PageList, security had to be created in the PageList property class type. However, if the pagelist was of type "Embed-" class then it was not possible to create security policy due to the inability to apply property masking for page list properties of that class. To resolve this, property masking implementation logic has been added to support page list properties of non-work/data/assign classes for access control policies.

SR-B66996 · Issue 315524

Access control policy logic added for non-work/data/assign classes

Resolved in Pega Version 7.3.1

As part of ABAC (Attribute-based access control) restrictions, if a class property was of type PageList, security had to be created in the PageList property class type. However, if the pagelist was of type "Embed-" class then it was not possible to create security policy due to the inability to apply property masking for page list properties of that class. To resolve this, property masking implementation logic has been added to support page list properties of non-work/data/assign classes for access control policies.

SR-B55119 · Issue 312817

Handling added for absent property in Access When

Resolved in Pega Version 7.3.1

Configuring Access Control Policy to automatically restrict access to certain records by including an Access When rule to compare a custom property (.Consultant) on the OperatorID (Data-Admin-Operator-ID) page generated an exception if that property did not actually exist on the current operator. This has been resolved by revising the security policy engine to handle the exception.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us