SR-C8662 · Issue 351473
Corrected Boolean option documentation for BIX
Resolved in Pega Version 7.4
In the user Guide for BIX, the "Optional command-line BIX parameters" section states the -B option affects how Boolean values are published, giving '01' as a valid option. However, attempting to use it generated a runtime exception stating that it was an unsupported value. This issue was caused a documentation error, and the files have now been updated to correctly indicate the option is "10".
SR-C8899 · Issue 333268
ABAC exception handling added
Resolved in Pega Version 7.4
After creating an access control policy and access control policy condition on a data class that shows in the Data Explorer, defining the condition such that it was always false and then clicking on the class on which the policy was just defined generated an error. If the policy was withdrawn and then clicked on again, it appeared as expected. This was reproducible only when ABAC was enabled, and handling for an exception generated in this scenario has been added.
SR-C9767 · Issue 350619
Object contention resolved to improve getPOJO performance
Resolved in Pega Version 7.4
Object pool contention issues were seen related to getPOJO and getDelegate. This was traced to the legacy class GenericObjectFactoryPool, where a hashmap was being guarded with a synchronized block for multi-thread access. This process has now been replaced with a concurrenthashmap to do the same but with thread contention.
SR-B45056 · Issue 328736
XSS filtering added to getClassOfPageReference
Resolved in Pega Version 7.4
XSS filtering has been added to the URL produced when using getClassOfPageReference.
SR-B45056 · Issue 330368
XSS filtering added to getClassOfPageReference
Resolved in Pega Version 7.4
XSS filtering has been added to the URL produced when using getClassOfPageReference.
SR-B74553 · Issue 326255
Refined accessgrouplist checks
Resolved in Pega Version 7.4
Following a system modification that changed the property used to populate the access groups list to match that on clipboard (correct value), a previously unseen issue was uncovered where all the division and organization AGs were being added to the list. This has been addressed by updating the code to add the applications on division and organization only when there is no default selected at the operator. If there is some application selected as default at the operator, then the division or organization applications will not be added. If there is nothing selected at operator, then a check for division will be made, and if there is nothing selected at division then organization will be checked.
SR-B78496 · Issue 327358
Refined accessgrouplist checks
Resolved in Pega Version 7.4
Following a system modification that changed the property used to populate the accessgroups list to match that on clipboard (correct value), a previously unseen issue was uncovered where all the division and organization AGs were being added to the list. This has been addressed by updating the code to add the applications on division and organization only when there is no default selected at the operator. If there is some application selected as default at the operator, then the division or organization applications will not be added. If there is nothing selected at operator, then a check for division will be made, and if there is nothing selected at division then organization will be checked.
SR-B81365 · Issue 332518
Enhanced security for IAC gadget
Resolved in Pega Version 7.4
The code for the IAC gadget has been reworked to replace eval functions in order to enhance security.
SR-B81365 · Issue 331996
Enhanced security for IAC gadget
Resolved in Pega Version 7.4
The code for the IAC gadget has been reworked to replace eval functions in order to enhance security.
SR-B82500 · Issue 331560
Enhancement to support external delegated authentication via custom authentication
Resolved in Pega Version 7.4
OAuth 2.0 configuration has been embedded into the HC mobile app to provide an infrastructure for REST services to be authenticated by an external token which has been issued by third party identity provider. When Pega receives a token, it then contacts the identity provider's token introspection and userinfo endpoint to validate the token and subsequently establish an identity. The new authentication activity has been shipped with the name 'pyPerformDelegatedAuthentication' that can be attached to any Authentication service data instance.