SR-A24598 · Issue 247394
Apache Struts updated for security
Resolved in Pega Version 7.2.1
Apache Struts has been updated to version 2.3.28 to protect against potential security vulnerabilities exposed when Dynamic Method Invocation is enabled, removing the ability for remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
SR-A4613 · Issue 227870
Updated logging for "Obfuscated URL tampering" errors
Resolved in Pega Version 7.2.1
The error "pegarules.util.URLObfuscation) ERROR - Obfuscated URL tampering - unable to derive cleartext data" was being logged when the "cookie/HttpOnly" parameter was set. This was traced to the unobfuscating of data failing at the server end, and the loggers have been updated to print requestor data for better diagnostics.
SR-A4719 · Issue 230767
Fixed improper ID carryover after reset all loggers
Resolved in Pega Version 7.2.1
When a user reset the logs, the same user ID was then being populated in the log entries of master agent and requestor lock exceptions from that point on even when the exceptions were from other users. This was due to the username not being cleared correctly after the reset all loggers operation is done, and to fix this, the reset all loggers functionality has been changed such that no data from main thread is copied onto the child thread(the dispatcher thread).
SR-A8475 · Issue 233560
Fixed Multiselect grid drag and drop
Resolved in Pega Version 7.2.1
When using MultiSelectList Control, if a value was selected and then 'submit' was used to populate the Grid's data, dragging and dropping the Grid's row to some other workbasket did not work. This happened because the clipboard calls the remove property with a symbolic delete when doing a drag and drop. While processing this delete, if the mode of property was unknown the system was unable to look up the property definition in the dictionary, and an exception occurred. To fix this, handling has been added to lookup the definition of the property if it is unknown before removing it.
SR-B45232 · Issue 306137
Serialized passivation exception fixed
Resolved in Pega Version 7.3.1
A passivation exception was being logged due to a temporary page not being properly cleared after use with serialized properties. The ActivityStatusExceptionHandler activity has been changed to remove the temp page at the end.
SR-B64471 · Issue 315890
PegaCALL Null Pointer Exception fixed
Resolved in Pega Version 7.3.1
After a successful PegaCALL login was initiated and events were populated to the desktop, setting the phone status to Ready then caused some sites to experience sporadic errors that resulted in CTI login problems and events not reaching the desktop. When the issue occurred, it affected an entire instance at a time but cleared on its own after several hours. This was due to missing null handling in the code used for event delivery, and has been fixed.
SR-B65837 · Issue 317187
Handling added for blanks when copying parameter pages
Resolved in Pega Version 7.3.1
After Configuring a Call-Asynch-Activity method step on an activity and refreshing the ruleform, the name of the activity being called in the method was no longer shown. To correct this, a 'when' condition has been added to the pzAddAdditionalMethodParameter activity to handle blank pages when copying parameter pages to pyStepsParamUI pages.
SR-B67171 · Issue 317155
Handling added for blanks when copying parameter pages
Resolved in Pega Version 7.3.1
After Configuring a Call-Asynch-Activity method step on an activity and refreshing the ruleform, the name of the activity being called in the method was no longer shown. To correct this, a 'when' condition has been added to the pzAddAdditionalMethodParameter activity to handle blank pages when copying parameter pages to pyStepsParamUI pages.
SR-B41213 · Issue 310710
Ruleset sorting/comparison updated for DB2/zOS EBCIDIC
Resolved in Pega Version 7.3.1
After upgrade to a DB2/zOS split schema, accessing the UI Gallery landing page (DS -> User Interface -> UI Gallery) did not show any results. It was possible to search for rules and open them without issue, and altering the query to use a wildcard for pzRuleSetListHash found the rules as expected. The problem was traced to EBCIDIC character set ordering being different than ASCII & UTF-x based char ordering. UTF-based character encodings hold that A is greater than 9 when being used for comparison, but in an EBCIDIC sort, A's value is less than 0. Due to IBM DB2 on zOS using EBCIDIC ordering for character string comparisons (e.g. greater than, less than), the pzRuleSetVersionMinorPatch column that contains the String for the Minor and Patch versions was not ordering the needed rulesets as expected. To resolve this, the code has been updated to rarely use character string comparisons (greater than) in DB queries for greater compatibility.
SR-B43868 · Issue 310711
Ruleset sorting/comparison updated for DB2/zOS EBCIDIC
Resolved in Pega Version 7.3.1
After upgrade to a DB2/zOS split schema, accessing the UI Gallery landing page (DS -> User Interface -> UI Gallery) did not show any results. It was possible to search for rules and open them without issue, and altering the query to use a wildcard for pzRuleSetListHash found the rules as expected. The problem was traced to EBCIDIC character set ordering being different than ASCII & UTF-x based char ordering. UTF-based character encodings hold that A is greater than 9 when being used for comparison, but in an EBCIDIC sort, A's value is less than 0. Due to IBM DB2 on zOS using EBCIDIC ordering for character string comparisons (e.g. greater than, less than), the pzRuleSetVersionMinorPatch column that contains the String for the Minor and Patch versions was not ordering the needed rulesets as expected. To resolve this, the code has been updated to rarely use character string comparisons (greater than) in DB queries for greater compatibility.