SR-B37780 · Issue 293899
Security upgrade for Struts2
Resolved in Pega Version 7.3
To improve security, Apache Struts2 has been upgraded to version 2.3.32 .
SR-B37780 · Issue 294148
Security upgrade for Struts2
Resolved in Pega Version 7.3
To improve security, Apache Struts2 has been upgraded to version 2.3.32 .
SR-B37915 · Issue 294722
Security upgrade for Struts2
Resolved in Pega Version 7.3
To improve security, Apache Struts2 has been upgraded to version 2.3.32 .
SR-B37957 · Issue 303574
XSS security added for date property error message
Resolved in Pega Version 7.3
A cross site scripting filter has been added for pyErrorMessage in order to improve security.
SR-B37957 · Issue 278510
XSS security added for date property error message
Resolved in Pega Version 7.3
A cross site scripting filter has been added for pyErrorMessage in order to improve security.
SR-B38034 · Issue 297014
Improved error handling for Usage Daemon
Resolved in Pega Version 7.3
The Usage daemon was exiting due to DB error and did not recover, leading to PALSnapshotImpl multiplying and causing an OOM. This was traced to missing error handling, and UsageDaemon has now been updated to handle a DB error without exiting.
SR-B38157 · Issue 301486
Added post-upgrade compatibility for agent tracing
Resolved in Pega Version 7.3
After upgrade, tracing agents was not working due to a change between versions in the method of tracing rules in rulesets of a remote requestor. Previously, rules were traced in the rulesets of the current requestor who initiated the trace; in newer versions, rulesets are fetched for batch requestors so all rules in rulesets accessible to browser requestor are not traced. In order to resolve this, a traceAllRulesets flag has been added for agent tracing so that all rulesets are traced and a note has been added to the settings window stating that in case of agents, all rulesets are traced.
SR-B38248 · Issue 293250
Rule search works after indexer cancel
Resolved in Pega Version 7.3
If the indexer was canceled from within the engine, the rule search function would not work until node restart. This was an error in the method used to call the cancel API, and has been corrected.
SR-B38317 · Issue 295056
Password expiry logic updated to use start of day
Resolved in Pega Version 7.3
Previously, the password expiry logic was based on a tight format of number of days+ timeStamp. This caused scenarios such as not prompting for a password reset when user logs in, but rather at the exact time stamp of the previous change even if that comes in the middle of work and throws the user out of the session. To avoid this behavior, the password expiry logic is now based on number of days logic with timeStamp defaulted to start of day (00.00) taking care of locale and getting difference in number of days.
SR-B38330 · Issue 297411
Added code to ensure cursor closes on null-pointer exception
Resolved in Pega Version 7.3
Open cursor issues were occurring with out-of-the-box queries.SPPR_SYS_RESERVEQUEUEITEM_B Stored Proc when an exception was raised. Code has been added to ensure the cursor is closed in this situation.