SR-B38578 · Issue 295917
Fixed null-pointer exception in external DB extract
Resolved in Pega Version 7.3
When using a class which maps to a table in an external database, running an extract caused a database permission error when trying to access the pr_log table in the PegaRULES database. This exception was caught and logged but then processing continued, resulting in a NullPointerException being thrown. To correct this, the sequence number generator has been modified to use the pr_log table instead of the class on which extract is defined.
SR-B38578 · Issue 272419
Fixed null-pointer exception in external DB extract
Resolved in Pega Version 7.3
When using a class which maps to a table in an external database, running an extract caused a database permission error when trying to access the pr_log table in the PegaRULES database. This exception was caught and logged but then processing continued, resulting in a NullPointerException being thrown. To correct this, the sequence number generator has been modified to use the pr_log table instead of the class on which extract is defined.
SR-B38602 · Issue 296751
Login error message modified for increased security
Resolved in Pega Version 7.3
When an operator was configured to use External authentication and then attempted to login through other servlets, the error message included the operator ID. This could be used maliciously to discover valid IDs on the system, so in order to improve security, the process has been modified to remove the ID from the failure message. If authentication fails, the message "The information you entered was not recognized." will be displayed and the system will log an error message in the PegaRULES log file with the actual message "Error authenticating , : This user must use external authentication."
SR-B38602 · Issue 297290
Login error message modified for increased security
Resolved in Pega Version 7.3
When an operator was configured to use External authentication and then attempted to login through other servlets, the error message included the operator ID. This could be used maliciously to discover valid IDs on the system, so in order to improve security, the process has been modified to remove the ID from the failure message. If authentication fails, the message "The information you entered was not recognized." will be displayed and the system will log an error message in the PegaRULES log file with the actual message "Error authenticating , : This user must use external authentication."
SR-B38647 · Issue 297399
ServiceExport folder access restricted for guest users
Resolved in Pega Version 7.3
In order to increase data security, access to the 'ServiceExport' folder has been blocked for Guest users (Un-Authenticated users who have pre-atn cookie) on single-tenant sites. Once the user is logged in with valid credentials, the folder contents will be available. For backward compatibility the PRConfig setting 'serviceexportcontent/allowtoguestusers' has been added; if set to true then guest users will have access. The default is false.
SR-B39476 · Issue 297525
addCalendar() RUF logic updated
Resolved in Pega Version 7.3
The addCalendar() RUF logic has been modified to correctly set the operator time zone and correctly add the given years, months, days etc. This fix will be active based on a DASS setting as addCalendar() cannot be directly changed due to backward compatibility with DateTime issues.
SR-B39489 · Issue 290738
KeyStoreType of PKCS12 passes validation
Resolved in Pega Version 7.3
Keystore has an allowed file type of PKCS12, but an invalid type error was generated when trying to create a keystore file of this type. This has been corrected.
SR-B39528 · Issue 303927
Node startup modified to support very large clusters
Resolved in Pega Version 7.3
Node startup was failing if the cluster had more than 50 nodes. This issue was caused by the query to the "pr_sys_statusnodes" table only returning 50 records; this limitation has been removed.
SR-B40059 · Issue 296152
IACAuthentication security improved
Resolved in Pega Version 7.3
The IACAuthentication activity assumed third party authentication and did not check for a password. In order to improve security, default password validation has been added to the shipped IACAuthentication activity.
SR-B40706 · Issue 297501
Unmapped columns from an external table skipped in DDL query generation.
Resolved in Pega Version 7.3
The OBJ-SAVE method was generating a query in which unmapped columns were also getting updated. As these columns were not mapped, DB columns were being updated with the value NULL. This was due to the Obj-Save function always saving the entire object, causing an issue when only part of a table is mapped to a class. To correct this, new prconfig and DASS settings have been added to exclude unmapped columns of an external table as part of DDL query generation.