SR-A12684 · Issue 224534
Extracts count corrected when using XML as output
Resolved in Pega Version 7.2
While running an extract using XML as output, a difference was observed in the number of records being extracted when compared with 'Database Schema' as output. The Pega-BIX logs contained failed records with 'Index out of bounds' exceptions. This was traced to missing handling for the value group property references in this scenario, and has been corrected.
SR-A10974 · Issue 223153
BIX Manifest enhanced to include fully qualified property names
Resolved in Pega Version 7.2
If an page list property with the same name existed under two levels in the extracted data (specified in the extract rule multiple times), there was no way to differentiate them when viewing the BIX Manifest file. To resolve this, an enhancement has been added to ExtractImpl to include the fully qualified name for the property.
SR-A12324 · Issue 226656
XML manifest output support added for nodes with 'px' naming schemes
Resolved in Pega Version 7.2
When the 'pxSkillsRequired' value Group property was part of the properties being extracted, node names starting with px generated an exception while writing to XML manifest output format. Handling has now been added to support node names starting with 'px'.
SR-A14732 · Issue 228331
pxObjClass correctly applied to nodes for extract rule form
Resolved in Pega Version 7.2
If pxObjClass was selected for the top level node in the extract rule form, BIX would use use pxObjClass for all of the embedded nodes irrespective of whether pxObjClass was selected for the embedded node or not. If pxObjClass was not selected in the top level node but then selected for all of the embedded nodes, then the system would not use pxObjClass for any of the nodes. To correct this, changes have been made to ExtractImpl and BIXXMLStream so that pxObjClass will be added to those nodes for which pxObjClass property has been explicitly selected in the extract rule form.
SR-A15173 · Issue 229236
pxObjClass correctly applied to nodes for extract rule form
Resolved in Pega Version 7.2
If pxObjClass was selected for the top level node in the extract rule form, BIX would use use pxObjClass for all of the embedded nodes irrespective of whether pxObjClass was selected for the embedded node or not. If pxObjClass was not selected in the top level node but then selected for all of the embedded nodes, then the system would not use pxObjClass for any of the nodes. To correct this, changes have been made to ExtractImpl and BIXXMLStream so that pxObjClass will be added to those nodes for which pxObjClass property has been explicitly selected in the extract rule form.
SR-A2361 · Issue 214536
XSS fix updated for IAC with CSRF tokens
Resolved in Pega Version 7.2
After updating to address a potential XSS security issue, some problems were found with using IAC with CSRF tokens in the pathinfo. Additional checks have been added to handle this scenario.
SR-A7487 · Issue 221274
Better Japanese font handling in CreatePDF smart shape
Resolved in Pega Version 7.2
The CreatePDF smart shape was not able to properly parse Japanese font characters in section data. This has been corrected by changing the default font to 'MS PGothic' which better supports Japanese.
INC-166995 · Issue 642440
DeleteDocumentPg added to allow list
Resolved in Pega Version 8.7
During performance testing with CSRF settings enabled, a '403 Forbidden' error was seen in the network trace when FinishAssignment called pyActivity=pyDeleteDocument on close action. This has been resolved by adding pyDeleteDocumentPg to the list of allowed activities.
INC-127981 · Issue 562998
Rulesets removed from direct invocation ability
Resolved in Pega Version 8.2.7
The following rules have been updated such that they are no longer available to be invoked directly by a client or service: Clipboard_ExecuteActivity, getClassInstances, getOperatorIDs, and GetXMLRuleData. In addition, pzAutoGenClipboard_ExecuteActivity will now require authentication.
SR-D79831 · Issue 562800
Access Deny working as expected for Offers
Resolved in Pega Version 8.2.7
It was possible to Save-As an offer in PegaMKT-Work-Offer after encountering an access deny rule. The record was not created in Dev Studio, however, and an expected denial of access was not registered at runtime. This was due to Access deny rules not being considered as a part of validation, and has been resolved by adding the necessary permission validation to the new harness that will produce the error message informing the user that they are missing a permission. Additional work has also been done to pass the 'pzKeepPageMessages' parameter as true so that page level error messages are correctly displayed.