SR-A24598 · Issue 247394
Apache Struts updated for security
Resolved in Pega Version 7.2.1
Apache Struts has been updated to version 2.3.28 to protect against potential security vulnerabilities exposed when Dynamic Method Invocation is enabled, removing the ability for remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
SR-A4613 · Issue 227870
Updated logging for "Obfuscated URL tampering" errors
Resolved in Pega Version 7.2.1
The error "pegarules.util.URLObfuscation) ERROR - Obfuscated URL tampering - unable to derive cleartext data" was being logged when the "cookie/HttpOnly" parameter was set. This was traced to the unobfuscating of data failing at the server end, and the loggers have been updated to print requestor data for better diagnostics.
SR-A4719 · Issue 230767
Fixed improper ID carryover after reset all loggers
Resolved in Pega Version 7.2.1
When a user reset the logs, the same user ID was then being populated in the log entries of master agent and requestor lock exceptions from that point on even when the exceptions were from other users. This was due to the username not being cleared correctly after the reset all loggers operation is done, and to fix this, the reset all loggers functionality has been changed such that no data from main thread is copied onto the child thread(the dispatcher thread).
SR-A8475 · Issue 233560
Fixed Multiselect grid drag and drop
Resolved in Pega Version 7.2.1
When using MultiSelectList Control, if a value was selected and then 'submit' was used to populate the Grid's data, dragging and dropping the Grid's row to some other workbasket did not work. This happened because the clipboard calls the remove property with a symbolic delete when doing a drag and drop. While processing this delete, if the mode of property was unknown the system was unable to look up the property definition in the dictionary, and an exception occurred. To fix this, handling has been added to lookup the definition of the property if it is unknown before removing it.
SR-A103203 · Issue 276928
SQL alias function getLastDayofYear repaired
Resolved in Pega Version 7.3
After upgrade, the SQL alias function getLastDayofYear generated an error. This was due to missing format conversion for the date value parameter, and has been corrected.
SR-A86522 · Issue 272062
Event Late triggers expanded
Resolved in Pega Version 7.3
If "Limit passed deadline events" was not set to any value and the enqueue item was still in defer-save and not committed to DB, 'Event Late' was not triggered. Code has been added to properly check and trigger the late notice based on this scenario.
SR-A86522 · Issue 272065
Event Late triggers expanded
Resolved in Pega Version 7.3
If "Limit passed deadline events" was not set to any value and the enqueue item was still in defer-save and not committed to DB, 'Event Late' was not triggered. Code has been added to properly check and trigger the late notice based on this scenario.
SR-A91979 · Issue 261380
referencePropertyLink will be directly copied if autopopulate disabled
Resolved in Pega Version 7.3
A run-time failure occurred due to a reference to an AP property failing to copy properly during objOpenByHandle. This was because autopopulation is disabled in objOpenByHandle, causing the source property to be returned as null when page-copy lost the reference information. To resolve this, when autopopulation is disabled the referencePropertyLink will be directly copied from the source page to the target page without trying to resolve the reference property's source.
SR-B10051 · Issue 279714
Agent management detail corrected to show all nodes
Resolved in Pega Version 7.3
Drilling down to the agent detail from the Agent management page was showing only the current node when agents from the other nodes should have been displayed as well. This was caused by an error in the DataAgentIndex function, and has been corrected.
SR-B10051 · Issue 279523
Agent Management updated for long NodeNames
Resolved in Pega Version 7.3
Drill down to the agent detail from the Agent management page was only showing the current node. This was traced to a failed join when a very long "pyNodeName" DB line was encountered in pr_index_data_agents, and has been fixed.