INC-170646 · Issue 658306
Security update for unauthorized URL requests
Resolved in Pega Version 8.5.5
Updates have been made to improve security around unprivileged users and unregistered requests.
INC-170646 · Issue 658308
Security update for unauthorized URL requests
Resolved in Pega Version 8.6.2
Updates have been made to improve security around unprivileged users and unregistered requests.
INC-170646 · Issue 658307
Security update for unauthorized URL requests
Resolved in Pega Version 8.7
Updates have been made to improve security around unprivileged users and unregistered requests.
SR-A24183 · Issue 247604
Added visibility for XML Stream Rule Form fields
Resolved in Pega Version 7.2.1
The configurable fields "Stream Name" and "XML Type" have been made visible when "Mapping Mode" is "Apply Rule" in the XML Stream Rule Form.
INC-215671 · Issue 719074
Support added for special characters in XML stream rules
Resolved in Pega Version 8.8
When using an XML Stream rule, node values were encoded for a broader set of characters than was required to create properly formed XML. Special characters were converted to ASCII characters when setting the XML to a property with Property-Set-XML. When the mode of the element was changed from Standard to Literal XML, the special character was retained but the element tag itself was missing. This has been resolved by adding a new "XML" encoding format in StreamBuilder. In ResponseTag.appendUnformattedValue(), use the XML mode when resolving to "NORMAL" format and the JSP base class is "Rule-Obj-XML". In StreamBuilderTools, the system will not encode '+' symbols when in XML mode.
SR-C21996 · Issue 364597
Error message clarified for unauthorized record deletion
Resolved in Pega Version 8.1
When there was an unauthorized attempt to delete records from a delegated data type, the error message appeared stating “A commit cannot be performed” instead of displaying an authorization error. This has been corrected.
SR-C21996 · Issue 366632
Error message clarified for unauthorized record deletion
Resolved in Pega Version 8.1
When there was an unauthorized attempt to delete records from a delegated data type, the error message appeared stating “A commit cannot be performed” instead of displaying an authorization error. This has been corrected.
SR-D50436 · Issue 513850
Case creation service activity unauthorized response modified
Resolved in Pega Version 8.4
When unauthorized users accessed the URL for creating a case, a blank screen appeared instead of the user being routed to a login screen. This was due to the system returning an HTTP 400 error instead of HTTP 401 response, and was traced to the introduction of an anonymous user type in the authentication activity (Authentication service in the service package). Case creation REST service uses pzCreateCase activity to create the cases, but before introducing the anonymous user type it was exiting from the authentication activity and did not call pzCreateCase. This was traced to the error handling relying on a field value to be in English when instead the site had localized the value, causing a mismatch which did not generate the necessary failed status. To avoid this, the system will now use the new pxStatusFlowSecurity process engine status instead of relying on a text match to determine this error.
SR-D50436 · Issue 513849
Case creation service activity unauthorized response modified
Resolved in Pega Version 8.2.5
When unauthorized users accessed the URL for creating a case, a blank screen appeared instead of the user being routed to a login screen. This was due to the system returning an HTTP 400 error instead of HTTP 401 response, and was traced to the introduction of an anonymous user type in the authentication activity (Authentication service in the service package). Case creation REST service uses pzCreateCase activity to create the cases, but before introducing the anonymous user type it was exiting from the authentication activity and did not call pzCreateCase. This was traced to the error handling relying on a field value to be in English when instead the site had localized the value, causing a mismatch which did not generate the necessary failed status. To avoid this, the system will now use the new pxStatusFlowSecurity process engine status instead of relying on a text match to determine this error.
SR-D50436 · Issue 513848
Case creation service activity unauthorized response modified
Resolved in Pega Version 8.3.1
When unauthorized users accessed the URL for creating a case, a blank screen appeared instead of the user being routed to a login screen. This was due to the system returning an HTTP 400 error instead of HTTP 401 response, and was traced to the introduction of an anonymous user type in the authentication activity (Authentication service in the service package). Case creation REST service uses pzCreateCase activity to create the cases, but before introducing the anonymous user type it was exiting from the authentication activity and did not call pzCreateCase. This was traced to the error handling relying on a field value to be in English when instead the site had localized the value, causing a mismatch which did not generate the necessary failed status. To avoid this, the system will now use the new pxStatusFlowSecurity process engine status instead of relying on a text match to determine this error.