SR-A3011 · Issue 213185
Revised checksum to update imported rules
Resolved in Pega Version 7.2
When exporting updated rules after upgrade, a new rule in Data Transforms, Activities, and When was not being consistently used at runtime until the rule was resaved or the Virtual Rule Table Cache was regenerated. Beginning with Pega 7.1.8, a new property called pxSaveDateTime was added to rules. This new property is used in the checksum calculation to determine if a rule needs to be reassembled. However, when importing rules changed in pre-Pega 7.1.8 environments, the checksum calculation doesn't recognize the rule has changed. A change has been made to use pxUpdateDateTime as an alternative when pxSaveDateTime is not present in the rule.
SR-A2768 · Issue 207926
Security enhancement updates for Apache Struts
Resolved in Pega Version 7.2
Apache Struts 2.0.0 through 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism by predicting the token that is generated to prevent double submits. The system has now been updated to use higher versions to remove this vulnerability: asm-commons (3.3 updated to 5.0.2) xwork-core (2.3.16.3 updated to 2.3.20.1) asm-tree (3.3 updated to 5.0.2) asm (3.3 updated to 5.0.2) commons-lang3 (3.1 updated to 3.2)
SR-A6195 · Issue 213843
Security enhancement updates for Apache Struts
Resolved in Pega Version 7.2
Apache Struts 2.0.0 through 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism by predicting the token that is generated to prevent double submits. The system has now been updated to use higher versions to remove this vulnerability: asm-commons (3.3 updated to 5.0.2) xwork-core (2.3.16.3 updated to 2.3.20.1) asm-tree (3.3 updated to 5.0.2) asm (3.3 updated to 5.0.2) commons-lang3 (3.1 updated to 3.2)
SR-A2768 · Issue 194111
Security enhancement updates for Apache Struts
Resolved in Pega Version 7.2
Apache Struts 2.0.0 through 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism by predicting the token that is generated to prevent double submits. The system has now been updated to use higher versions to remove this vulnerability: asm-commons (3.3 updated to 5.0.2) xwork-core (2.3.16.3 updated to 2.3.20.1) asm-tree (3.3 updated to 5.0.2) asm (3.3 updated to 5.0.2) commons-lang3 (3.1 updated to 3.2)
SR-A7433 · Issue 216781
Updated BIX Manifest pxTotalInsertsCount to handle XML extraction failures
Resolved in Pega Version 7.2
The BIX Manifest pxTotalInsertsCount was incorrect when the extract type was XML and extraction has failed for few work-objects. This was caused by missing decremention, and the code has been updated to ensure the manifest matches the record counts from the ingestion of the XML data.
SR-A4883 · Issue 216593
Updating caching to ensure proper rule resolution
Resolved in Pega Version 7.2
For performance reasons, a Requestor level is used to hold data page definitions. However, two data pages with the same name but in different rulesets caused Rule Resolution to not pick the datapage from correct RS Version consistently. This has been corrected by appending a personal ruleset hash name with data page name before putting the definition in cache.
SR-A5183 · Issue 213803
Added check to ensure all invalidated shortcuts are processed correctly
Resolved in Pega Version 7.2
When running SQL server version 2012 with a particular JDBC driver, executing a DML statement without setting the pyMaxResultCount caused the number of records returned to be limited by the default record size, and the system was not picking up the latest versions of all of the rules after shortcuts were invalidated. To resolve this, the method invalidateShortcuts(RACacheAppCentricImpl) has been modified to set pyMaxRecords to zero when calling executeRDB so that all the impacted rows are processed.
SR-A5233 · Issue 212884
Added external DB support for DB2 v.8
Resolved in Pega Version 7.2
After upgrade, trying to connect to DB2 ver 8 as an external database generated the error "SQLCODE: -4700 SQLSTATE: 56038 Cannot connect to DB2". This was due to Method getSchemaName(SQLGeneratorDB2) firing a query which is valid only on a higher/supported version of DB2. To accommodate other versions of the database, the system will fallback to the V8 syntax if the higher-level query fails.
SR-133085 · Issue 210184
DATE support added for SQL
Resolved in Pega Version 7.2
Support has been added for using the Date column type with SQL servers in cases where the DB supports the DATE type.
SR-A7048 · Issue 215222
DATE support added for SQL
Resolved in Pega Version 7.2
Support has been added for using the Date column type with SQL servers in cases where the DB supports the DATE type.