SR-A24598 · Issue 247394
Apache Struts updated for security
Resolved in Pega Version 7.2.1
Apache Struts has been updated to version 2.3.28 to protect against potential security vulnerabilities exposed when Dynamic Method Invocation is enabled, removing the ability for remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
SR-A4613 · Issue 227870
Updated logging for "Obfuscated URL tampering" errors
Resolved in Pega Version 7.2.1
The error "pegarules.util.URLObfuscation) ERROR - Obfuscated URL tampering - unable to derive cleartext data" was being logged when the "cookie/HttpOnly" parameter was set. This was traced to the unobfuscating of data failing at the server end, and the loggers have been updated to print requestor data for better diagnostics.
SR-A4719 · Issue 230767
Fixed improper ID carryover after reset all loggers
Resolved in Pega Version 7.2.1
When a user reset the logs, the same user ID was then being populated in the log entries of master agent and requestor lock exceptions from that point on even when the exceptions were from other users. This was due to the username not being cleared correctly after the reset all loggers operation is done, and to fix this, the reset all loggers functionality has been changed such that no data from main thread is copied onto the child thread(the dispatcher thread).
SR-A8475 · Issue 233560
Fixed Multiselect grid drag and drop
Resolved in Pega Version 7.2.1
When using MultiSelectList Control, if a value was selected and then 'submit' was used to populate the Grid's data, dragging and dropping the Grid's row to some other workbasket did not work. This happened because the clipboard calls the remove property with a symbolic delete when doing a drag and drop. While processing this delete, if the mode of property was unknown the system was unable to look up the property definition in the dictionary, and an exception occurred. To fix this, handling has been added to lookup the definition of the property if it is unknown before removing it.
SR-A19119 · Issue 241157
Improved error handling for XML-executed BIX extract failures
Resolved in Pega Version 7.2.2
When BIX extracts configured through an XML script encountered a target table that did not exist, the script itself did not visibly fail even though the error "Table doesn't exist in target database" was logged, and any extracts that were executed after that error did not generate any output. This has been corrected to set the correct error flags to ensure expected behavior.
SR-A76706 · Issue 252781
Modified pyLoadDataTypes data transform to match expected type
Resolved in Pega Version 7.2.2
Activities configured with "Double" as the data type were converted to "String" datatype in the activity after upgrade. This was due to the Data Transform pyLoadDataTypes rule using the pyLabel "DOUBLE" for double parameter type instead of "Double", and has been corrected.
SR-A77495 · Issue 254777
Corrected delete error with first row of Decision Table
Resolved in Pega Version 7.2.2
After clicking 'delete row' on the first row of a decision table the first row was not visible, but it was observed that when saving the first row it remained as it was and instead the second row was deleted. This was an error in highlighting and positioning, and has been fixed.
SR-A67932 · Issue 251208
Blank query field in Bulk Actions defaults to none instead of all
Resolved in Pega Version 7.2.2
Due to the MyCheckedOutRulesBulk Listview not adding a default 'when' condition in the query when the query value was blank, using Bulk Actions -> Select All would return a list of all non-resolved rules in the system rather than the expected value of 'none' for the list of checked rules for the bulk processing tool. This has been resolved.
SR-A19246 · Issue 254062
Customized ordering ability for delegated rules added
Resolved in Pega Version 7.2.2
Previously, the order that delegated rules were displayed in was always the reverse of the order they were added to the System-User-MyRules form, showing the most recently delegated items at the top regardless of the order they have on that page. An enhancement has now been added to allow customization of the order through a provided extension point using 'post load processing' of the data page D_pzFilteredDelegation.
SR-A19246 · Issue 254058
Customized ordering ability for delegated rules added
Resolved in Pega Version 7.2.2
Previously, the order that delegated rules were displayed in was always the reverse of the order they were added to the System-User-MyRules form, showing the most recently delegated items at the top regardless of the order they have on that page. An enhancement has now been added to allow customization of the order through a provided extension point using 'post load processing' of the data page D_pzFilteredDelegation.