SR-C54001 · Issue 393883
Extension to control flow action behavior added to pzDisplayQuestionPage
Resolved in Pega Version 8.2
Flow Action pzDisplayQuestionPage Pega-Survey:07-10-33 had a final post activity that did not have extention point to control flow action behaviour. In order to support using configurations such as "Back-to-back processing" and "If an assignment is not being performed", the new activity "pyDisplayQuestionPagePostExt" has been added as an extension activity for pzDisplayQuestionPagePostAct.
SR-C54436 · Issue 394199
Resolved Data Type not showing records if Access When rule is mentioned in ARO of the class
Resolved in Pega Version 8.2
Selecting the Records tab in Data Type rule resulted in an error when an "Access when" was defined in an ARO for the same class. This was traced to an issue in the Records tab where the system checks if the user has access to read/write the data records and shows/hides the "Import" link accordingly. The access permissions are checked with the pzHaveAccess API, which internally expects to be executed on a step page which is of type Data-. Here, the conditions were directly used to show the import link on the section "pzRecordsEditorWrapper" of type "PegaAccel-Task-DataTableEditor". The "WHEN" conditions in ARO are defined on Data- class but they are being executed on "PegaAccel-Task-DataTableEditor" during runtime: this works fine when an integer value is provided in ARO instead of Access when rules. To fix the issue, the pzHaveAccess check on the "Import" link has been removed so that it appears irrespective of the user privileges.
SR-C81419 · Issue 418006
XXE security improvements
Resolved in Pega Version 8.2
Several updates have been made to improve security against External Entity Injection, including to the following areas: ProcessXSLT, performXSLT, DCOdocumentToBytes, DCOgetStringFromDocument, getTaskStatusXML, pzPMMLTransform, getTaskStatusXML, and validateAgainstXSD.
SR-C81115 · Issue 417684
XXE security improvements
Resolved in Pega Version 8.2
Several updates have been made to improve security against External Entity Injection, including to the following areas: ProcessXSLT, performXSLT, DCOdocumentToBytes, DCOgetStringFromDocument, getTaskStatusXML, pzPMMLTransform, getTaskStatusXML, and validateAgainstXSD.
SR-C81112 · Issue 417682
XXE security improvements
Resolved in Pega Version 8.2
Several updates have been made to improve security against External Entity Injection, including to the following areas: ProcessXSLT, performXSLT, DCOdocumentToBytes, DCOgetStringFromDocument, getTaskStatusXML, pzPMMLTransform, getTaskStatusXML, and validateAgainstXSD.
SR-C72572 · Issue 414584
XXE security improvements
Resolved in Pega Version 8.2
Several updates have been made to improve security against External Entity Injection, including to the following areas: ProcessXSLT, performXSLT, DCOdocumentToBytes, DCOgetStringFromDocument, getTaskStatusXML, pzPMMLTransform, getTaskStatusXML, and validateAgainstXSD.
SR-C72571 · Issue 413004
XXE security improvements
Resolved in Pega Version 8.2
Several updates have been made to improve security against External Entity Injection, including to the following areas: ProcessXSLT, performXSLT, DCOdocumentToBytes, DCOgetStringFromDocument, getTaskStatusXML, pzPMMLTransform, getTaskStatusXML, and validateAgainstXSD.
SR-C71673 · Issue 410561
XXE security improvements
Resolved in Pega Version 8.2
Several updates have been made to improve security against External Entity Injection, including to the following areas: ProcessXSLT, performXSLT, DCOdocumentToBytes, DCOgetStringFromDocument, getTaskStatusXML, pzPMMLTransform, getTaskStatusXML, and validateAgainstXSD.
SR-C72570 · Issue 413020
XXE security improvements
Resolved in Pega Version 8.2
Several updates have been made to improve security against External Entity Injection, including to the following areas: ProcessXSLT, performXSLT, DCOdocumentToBytes, DCOgetStringFromDocument, getTaskStatusXML, pzPMMLTransform, getTaskStatusXML, and validateAgainstXSD.
SR-C68713 · Issue 407255
Moment udated to latest version
Resolved in Pega Version 8.2
Moment.js has been updated to version 2.22.2 .