SR-A8254 · Issue 217223
Path extraction support added for REST connectors to NBAM
Resolved in Pega Version 7.2
If a system used pathinfo (containing "!") rather than requestURL, a null pointer exception was raised when attempting to access a REST service endpoint in Next-Best-Action Marketing (also called PegaMarketing) at the point when the system attempted to tokenize the "resources path". To allow for smooth operation after upgrade, code has been added to extract the necessary path information.
SR-A6089 · Issue 215650
Resolved Class name mismatch in root element in BIX XSD
Resolved in Pega Version 7.2
Running a series of comma separated extract rules to an XML file from the command line resulted in the class elements in the corresponding XSD file all having the same classname. This was caused by an error in the array list processing that caused the values to be overridden by the last extract processed, and has been corrected.
SR-A4158 · Issue 210201
Resolved hang during call for available DBMS connections
Resolved in Pega Version 7.2
The system was hanging after making repeated requests for available DBMS connections to the database. This was caused by an exception thrown by the requestor.getRequestorPage() call , and the thread handling has been revised to resolve this.
SR-A8075 · Issue 217226
Resolved NPE for large cache Factory Report generations
Resolved in Pega Version 7.2
When generating Factory reports from SMA, an exception was generated if it included a very large Property Reference cache. An enhancement has been added to skip null values and speed processing in these cases.
SR-A2695 · Issue 206875
Resolved Property-Ref method conflict for external page properties
Resolved in Pega Version 7.2
A discrepancy was found in the runtime and design time behavior of the Property-Ref method in allowing a property reference to point to a page that it is contained in page-list which in turn is embedded under another top-level page. Because the activity assembler needs valid class definition of property that has been defined on the right side at save time whereas the java was treated as just valid java code at design time and at runtime. Since the clipboard page, exists it assigned the reference. To clear up this conflict, the type resolution logic employed by the expression parser has been updated to ensure consistent property references.
SR-A3011 · Issue 213185
Revised checksum to update imported rules
Resolved in Pega Version 7.2
When exporting updated rules after upgrade, a new rule in Data Transforms, Activities, and When was not being consistently used at runtime until the rule was resaved or the Virtual Rule Table Cache was regenerated. Beginning with Pega 7.1.8, a new property called pxSaveDateTime was added to rules. This new property is used in the checksum calculation to determine if a rule needs to be reassembled. However, when importing rules changed in pre-Pega 7.1.8 environments, the checksum calculation doesn't recognize the rule has changed. A change has been made to use pxUpdateDateTime as an alternative when pxSaveDateTime is not present in the rule.
SR-A2768 · Issue 207926
Security enhancement updates for Apache Struts
Resolved in Pega Version 7.2
Apache Struts 2.0.0 through 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism by predicting the token that is generated to prevent double submits. The system has now been updated to use higher versions to remove this vulnerability: asm-commons (3.3 updated to 5.0.2) xwork-core (2.3.16.3 updated to 2.3.20.1) asm-tree (3.3 updated to 5.0.2) asm (3.3 updated to 5.0.2) commons-lang3 (3.1 updated to 3.2)
SR-A6195 · Issue 213843
Security enhancement updates for Apache Struts
Resolved in Pega Version 7.2
Apache Struts 2.0.0 through 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism by predicting the token that is generated to prevent double submits. The system has now been updated to use higher versions to remove this vulnerability: asm-commons (3.3 updated to 5.0.2) xwork-core (2.3.16.3 updated to 2.3.20.1) asm-tree (3.3 updated to 5.0.2) asm (3.3 updated to 5.0.2) commons-lang3 (3.1 updated to 3.2)
SR-A2768 · Issue 194111
Security enhancement updates for Apache Struts
Resolved in Pega Version 7.2
Apache Struts 2.0.0 through 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism by predicting the token that is generated to prevent double submits. The system has now been updated to use higher versions to remove this vulnerability: asm-commons (3.3 updated to 5.0.2) xwork-core (2.3.16.3 updated to 2.3.20.1) asm-tree (3.3 updated to 5.0.2) asm (3.3 updated to 5.0.2) commons-lang3 (3.1 updated to 3.2)
SR-A7433 · Issue 216781
Updated BIX Manifest pxTotalInsertsCount to handle XML extraction failures
Resolved in Pega Version 7.2
The BIX Manifest pxTotalInsertsCount was incorrect when the extract type was XML and extraction has failed for few work-objects. This was caused by missing decremention, and the code has been updated to ensure the manifest matches the record counts from the ingestion of the XML data.