SR-C35967 · Issue 404321
Updated parameter handling for SECU0001 alert for accuracy
Resolved in Pega Version 8.2
In the SECU0001 alert, some fields contained incorrect values pertaining to a previous HTTP request, not the one that caused the alert, causing misleading information to be logged and sent to PDC. This was found to be an issue where when unexpected properties were found, the alert was being thrown from an early stage of processing, i.e, during inputProcessing where the current activity had not yet been set to the requestor state and therefore the current activity was not there in the stack frame. This has been addressed by getting the activity name from the HTTP request parameters and updating the diagnostic information with it so the alerts will be accurate.
SR-C57879 · Issue 406004
Updated parameter handling for SECU0001 alert for accuracy
Resolved in Pega Version 8.2
In the SECU0001 alert, some fields contained incorrect values pertaining to a previous HTTP request, not the one that caused the alert, causing misleading information to be logged and sent to PDC. This was found to be an issue where when unexpected properties were found, the alert was being thrown from an early stage of processing, i.e, during inputProcessing where the current activity had not yet been set to the requestor state and therefore the currentactivity was not there in the stack frame. This has been addressed by getting the activity name from the HTTP request parameters and updating the diagnostic information with it so the alerts will be accurate.
SR-C57879 · Issue 406005
Updated parameter handling for SECU0001 alert for accuracy
Resolved in Pega Version 8.1.2
In the SECU0001 alert, some fields contained incorrect values pertaining to a previous HTTP request, not the one that caused the alert, causing misleading information to be logged and sent to PDC. This was found to be an issue where when unexpected properties were found, the alert was being thrown from an early stage of processing, i.e., during inputProcessing where the current activity had not yet been set to the requestor state and therefore the currentactivity was not there in the stack frame. This has been addressed by getting the activity name from the HTTP request parameters and updating the diagnostic information with it so the alerts will be accurate.
INC-202122 · Issue 691804
Logging extended for unexpected properties received in HTTP request
Resolved in Pega Version 8.5.6
Additional logging has been added to assist with tracing SECU0001 alerts seen when submitting a case in the interaction portal.
INC-182803 · Issue 679725
SearchKeyword assed to HandleInput allow list
Resolved in Pega Version 8.6.3
After creating a section and placing a template grid with a button to refresh the section on click, clicking the button generated a SECU0001 alert. This was traced to gridMetadata_(uniqueID).pySearchKeyword not being registered when the property is part of a form data post request, and this has been resolved by adding pySearchKeyword to the allow list in HandleInput.java.
INC-182803 · Issue 679724
SearchKeyword assed to HandleInput allow list
Resolved in Pega Version 8.7.1
After creating a section and placing a template grid with a button to refresh the section on click, clicking the button generated a SECU0001 alert. This was traced to gridMetadata_(uniqueID).pySearchKeyword not being registered when the property is part of a form data post request, and this has been resolved by adding pySearchKeyword to the allow list in HandleInput.java.
INC-182803 · Issue 679723
SearchKeyword assed to HandleInput allow list
Resolved in Pega Version 8.5.6
After creating a section and placing a template grid with a button to refresh the section on click, clicking the button generated a SECU0001 alert. This was traced to gridMetadata_(uniqueID).pySearchKeyword not being registered when the property is part of a form data post request, and this has been resolved by adding pySearchKeyword to the allow list in HandleInput.java.
SR-C96786 · Issue 445619
Controls updated to handle hidden values in finishassignment submission
Resolved in Pega Version 8.3
A SECU0001 alert was thrown from the out-of-the-box function finishassignment upon the submit of assignments. This was traced to an alert generated while attempting to post the feed even though there was no Pulse gadget used in the work object, and was due to the handling of hidden fields as read-only. Since the read-only values were not editable, they should not be submitted with the request body; this has been corrected by modifying the hidden control entry handle such that hidden property is considered as editable-filled. Controls have also been added to pxHidden to prevent potential misuse.
SR-C96786 · Issue 438851
Controls updated to handle hidden values in finishassignment submission
Resolved in Pega Version 8.1.5
A SECU0001 alert was thrown from the out-of-the-box function finishassignment upon the submit of assignments. This was traced to an alert generated while attempting to post the feed even though there was no Pulse gadget used in the work object, and was due to the handling of hidden fields as read-only. Since the read-only values were not editable, they should not be submitted with the request body; this has been corrected by modifying the hidden control entry handle such that hidden property is considered as editable-filled. Controls have also been added to pxHidden to prevent potential misuse.
SR-C96786 · Issue 438850
Controls updated to handle hidden values in finishassignment submission
Resolved in Pega Version 8.2.2
A SECU0001 alert was thrown from the out-of-the-box function finishassignment upon the submit of assignments. This was traced to an alert generated while attempting to post the feed even though there was no Pulse gadget used in the work object, and was due to the handling of hidden fields as read-only. Since the read-only values were not editable, they should not be submitted with the request body; this has been corrected by modifying the hidden control entry handle such that hidden property is considered as editable-filled. Controls have also been added to pxHidden to prevent potential misuse.