SR-A24598 · Issue 247394
Apache Struts updated for security
Resolved in Pega Version 7.2.1
Apache Struts has been updated to version 2.3.28 to protect against potential security vulnerabilities exposed when Dynamic Method Invocation is enabled, removing the ability for remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
SR-A4613 · Issue 227870
Updated logging for "Obfuscated URL tampering" errors
Resolved in Pega Version 7.2.1
The error "pegarules.util.URLObfuscation) ERROR - Obfuscated URL tampering - unable to derive cleartext data" was being logged when the "cookie/HttpOnly" parameter was set. This was traced to the unobfuscating of data failing at the server end, and the loggers have been updated to print requestor data for better diagnostics.
SR-A4719 · Issue 230767
Fixed improper ID carryover after reset all loggers
Resolved in Pega Version 7.2.1
When a user reset the logs, the same user ID was then being populated in the log entries of master agent and requestor lock exceptions from that point on even when the exceptions were from other users. This was due to the username not being cleared correctly after the reset all loggers operation is done, and to fix this, the reset all loggers functionality has been changed such that no data from main thread is copied onto the child thread(the dispatcher thread).
SR-A8475 · Issue 233560
Fixed Multiselect grid drag and drop
Resolved in Pega Version 7.2.1
When using MultiSelectList Control, if a value was selected and then 'submit' was used to populate the Grid's data, dragging and dropping the Grid's row to some other workbasket did not work. This happened because the clipboard calls the remove property with a symbolic delete when doing a drag and drop. While processing this delete, if the mode of property was unknown the system was unable to look up the property definition in the dictionary, and an exception occurred. To fix this, handling has been added to lookup the definition of the property if it is unknown before removing it.
SR-B80438 · Issue 343243
Unauthenticated requestor timeout customizable
Resolved in Pega Version 7.4
An enhancement has been added to provide a new customizable configuration switch for the unauthenticated requestors timeout value, i.e. the short lived requestor timeout value. Previously, this defaulted to one minute.
SR-B91029 · Issue 342265
hbase config enhancement
Resolved in Pega Version 7.4
In order to support a customization, the hbase configuration has been enhanced to not only accept values from the UI, but also from various levels of Pega setup including prconfig.xml, hbase-site.xml, and dynamic system settings.
SR-B91029 · Issue 342841
hbase config enhancement
Resolved in Pega Version 7.4
In order to support a customization, the hbase configuration has been enhanced to not only accept values from the UI, but also from various levels of Pega setup including prconfig.xml, hbase-site.xml, and dynamic system settings.
SR-B92192 · Issue 342143
Unauthenticated requestor timeout customizable
Resolved in Pega Version 7.4
An enhancement has been added to provide a new customizable configuration switch for the unauthenticated requestors timeout value, i.e. the short lived requestor timeout value. Previously, this defaulted to one minute.
SR-C8717 · Issue 350603
hbase config enhancement
Resolved in Pega Version 7.4
In order to support a customization, the hbase configuration has been enhanced to not only accept values from the UI, but also from various levels of Pega setup including prconfig.xml, hbase-site.xml, and dynamic system settings.
SR-B81856 · Issue 335124
Cursor behavior fixed in search text field
Resolved in Pega Version 7.4
The cursor was moving ahead when typing search text in a filter grid, causing typos. This was an unintended side effect of a fix to the method used when focusDomElement is called in settimeout, and has been fixed.