SR-A2768 · Issue 207926
Security enhancement updates for Apache Struts
Resolved in Pega Version 7.2
Apache Struts 2.0.0 through 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism by predicting the token that is generated to prevent double submits. The system has now been updated to use higher versions to remove this vulnerability: asm-commons (3.3 updated to 5.0.2) xwork-core (2.3.16.3 updated to 2.3.20.1) asm-tree (3.3 updated to 5.0.2) asm (3.3 updated to 5.0.2) commons-lang3 (3.1 updated to 3.2)
SR-A6195 · Issue 213843
Security enhancement updates for Apache Struts
Resolved in Pega Version 7.2
Apache Struts 2.0.0 through 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism by predicting the token that is generated to prevent double submits. The system has now been updated to use higher versions to remove this vulnerability: asm-commons (3.3 updated to 5.0.2) xwork-core (2.3.16.3 updated to 2.3.20.1) asm-tree (3.3 updated to 5.0.2) asm (3.3 updated to 5.0.2) commons-lang3 (3.1 updated to 3.2)
SR-A2768 · Issue 194111
Security enhancement updates for Apache Struts
Resolved in Pega Version 7.2
Apache Struts 2.0.0 through 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism by predicting the token that is generated to prevent double submits. The system has now been updated to use higher versions to remove this vulnerability: asm-commons (3.3 updated to 5.0.2) xwork-core (2.3.16.3 updated to 2.3.20.1) asm-tree (3.3 updated to 5.0.2) asm (3.3 updated to 5.0.2) commons-lang3 (3.1 updated to 3.2)
SR-A7433 · Issue 216781
Updated BIX Manifest pxTotalInsertsCount to handle XML extraction failures
Resolved in Pega Version 7.2
The BIX Manifest pxTotalInsertsCount was incorrect when the extract type was XML and extraction has failed for few work-objects. This was caused by missing decremention, and the code has been updated to ensure the manifest matches the record counts from the ingestion of the XML data.
SR-A4883 · Issue 216593
Updating caching to ensure proper rule resolution
Resolved in Pega Version 7.2
For performance reasons, a Requestor level is used to hold data page definitions. However, two data pages with the same name but in different rulesets caused Rule Resolution to not pick the datapage from correct RS Version consistently. This has been corrected by appending a personal ruleset hash name with data page name before putting the definition in cache.
SR-A5183 · Issue 213803
Added check to ensure all invalidated shortcuts are processed correctly
Resolved in Pega Version 7.2
When running SQL server version 2012 with a particular JDBC driver, executing a DML statement without setting the pyMaxResultCount caused the number of records returned to be limited by the default record size, and the system was not picking up the latest versions of all of the rules after shortcuts were invalidated. To resolve this, the method invalidateShortcuts(RACacheAppCentricImpl) has been modified to set pyMaxRecords to zero when calling executeRDB so that all the impacted rows are processed.
SR-A5233 · Issue 212884
Added external DB support for DB2 v.8
Resolved in Pega Version 7.2
After upgrade, trying to connect to DB2 ver 8 as an external database generated the error "SQLCODE: -4700 SQLSTATE: 56038 Cannot connect to DB2". This was due to Method getSchemaName(SQLGeneratorDB2) firing a query which is valid only on a higher/supported version of DB2. To accommodate other versions of the database, the system will fallback to the V8 syntax if the higher-level query fails.
SR-133085 · Issue 210184
DATE support added for SQL
Resolved in Pega Version 7.2
Support has been added for using the Date column type with SQL servers in cases where the DB supports the DATE type.
SR-A7048 · Issue 215222
DATE support added for SQL
Resolved in Pega Version 7.2
Support has been added for using the Date column type with SQL servers in cases where the DB supports the DATE type.
SR-A3331 · Issue 208297
Enhanced added for non-logging config settings
Resolved in Pega Version 7.2
Both the upgrade process and Pega7 run-time make use of non-logged operations for major performance improvements. However, High Availability Disaster Recovery (HADR) database environments use database logs to replicate data from the primary database to the standby database. This caused a conflict that resulted in the unexpected termination of upgrade scripts. An enhancement has been added to make the logging function configurable (the default is No Logging = true), and tuning was done to make logged SQL generation faster to improve system performance when logging is enabled.