SR-A24598 · Issue 247394
Apache Struts updated for security
Resolved in Pega Version 7.2.1
Apache Struts has been updated to version 2.3.28 to protect against potential security vulnerabilities exposed when Dynamic Method Invocation is enabled, removing the ability for remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
SR-A4613 · Issue 227870
Updated logging for "Obfuscated URL tampering" errors
Resolved in Pega Version 7.2.1
The error "pegarules.util.URLObfuscation) ERROR - Obfuscated URL tampering - unable to derive cleartext data" was being logged when the "cookie/HttpOnly" parameter was set. This was traced to the unobfuscating of data failing at the server end, and the loggers have been updated to print requestor data for better diagnostics.
SR-A4719 · Issue 230767
Fixed improper ID carryover after reset all loggers
Resolved in Pega Version 7.2.1
When a user reset the logs, the same user ID was then being populated in the log entries of master agent and requestor lock exceptions from that point on even when the exceptions were from other users. This was due to the username not being cleared correctly after the reset all loggers operation is done, and to fix this, the reset all loggers functionality has been changed such that no data from main thread is copied onto the child thread(the dispatcher thread).
SR-A8475 · Issue 233560
Fixed Multiselect grid drag and drop
Resolved in Pega Version 7.2.1
When using MultiSelectList Control, if a value was selected and then 'submit' was used to populate the Grid's data, dragging and dropping the Grid's row to some other workbasket did not work. This happened because the clipboard calls the remove property with a symbolic delete when doing a drag and drop. While processing this delete, if the mode of property was unknown the system was unable to look up the property definition in the dictionary, and an exception occurred. To fix this, handling has been added to lookup the definition of the property if it is unknown before removing it.
INC-173986 · Issue 668935
Updated survey refresh API for switching radio buttons
Resolved in Pega Version 8.7.1
After configuring a picklist with multiple options in a survey framework, it was not possible to select a radio button when toggling between radio buttons on the UI. Investigation showed the values of the radio buttons were not published to Clipboard, causing pyAnswer to be blank. After detaching the webwb_pzsurvey_ui_userscript.js the value was posted correctly and the visible WHEN was working as expected. This has been resolved by updating pzsurvey_ui_userscript to add a timeout on the refresh API call when switching between radio button options.
INC-177312 · Issue 692110
Added handling for FieldValue issue during Excel export
Resolved in Pega Version 8.7.1
After upgrade from Pega 7 to Pega 8, the export to Excel function for business-rules kept and maintained via Decision-Tables created a file that Excel could not open. This was traced to a function call in the Results tab and the Return Actions in the decision table which caused an issue with the generated Excel to be used for editing. To resolve this, any allowed values will have quotation marks removed before the vales are passed to the export.
INC-196266 · Issue 694837
Performance improvements for CDH
Resolved in Pega Version 8.7.1
Significant slowness was seen in Customer Decision Hub (CDH) during save-as or check-in/check-out of an offer rule. This has been resolved by passing the current parameter page to the RuleCheckOut activity in pxUpdateRecordInner so that CDH can pass a skipValidate parameter to skip the validation during checkout.
INC-198113 · Issue 693353
Link-Association-Follow updated
Resolved in Pega Version 8.7.1
The report definition 'pyGetAssociations' was generating the error "data.internal.rd.reference.InvalidReferenceException InvalidReferenceException .pxLinkedRefTo Cannot use an unexposed property as there is no BLOB column for the class: 'Link-Association-Channel'". This has been resolved by updating pzUnfollowReview to handle Link-Association-Follow, which will prevent these log errors.
INC-200416 · Issue 699862
Updated AttachmentPreview control for Account Manager Access Group
Resolved in Pega Version 8.7.1
When using the Account Manager Access group as the default and only access group on a profile, attempting to render a PDF on the click of a link did not work as expected. The render-on-click worked as expected when logged in as the Author and the application was switched to Account Manager. This has been resolved by registering the activity pzAppStorageOkToAttachFile in the pzAttachmentPreview control.
INC-203548 · Issue 694853
Performance improvements for CDH
Resolved in Pega Version 8.7.1
Significant slowness was seen in Customer Decision Hub (CDH) during save-as or check-in/check-out of an offer rule. This has been resolved by passing the current parameter page to the RuleCheckOut activity in pxUpdateRecordInner so that CDH can pass a skipValidate parameter to skip the validation during checkout.