SR-A24598 · Issue 247394
Apache Struts updated for security
Resolved in Pega Version 7.2.1
Apache Struts has been updated to version 2.3.28 to protect against potential security vulnerabilities exposed when Dynamic Method Invocation is enabled, removing the ability for remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
SR-A4613 · Issue 227870
Updated logging for "Obfuscated URL tampering" errors
Resolved in Pega Version 7.2.1
The error "pegarules.util.URLObfuscation) ERROR - Obfuscated URL tampering - unable to derive cleartext data" was being logged when the "cookie/HttpOnly" parameter was set. This was traced to the unobfuscating of data failing at the server end, and the loggers have been updated to print requestor data for better diagnostics.
SR-A4719 · Issue 230767
Fixed improper ID carryover after reset all loggers
Resolved in Pega Version 7.2.1
When a user reset the logs, the same user ID was then being populated in the log entries of master agent and requestor lock exceptions from that point on even when the exceptions were from other users. This was due to the username not being cleared correctly after the reset all loggers operation is done, and to fix this, the reset all loggers functionality has been changed such that no data from main thread is copied onto the child thread(the dispatcher thread).
SR-A8475 · Issue 233560
Fixed Multiselect grid drag and drop
Resolved in Pega Version 7.2.1
When using MultiSelectList Control, if a value was selected and then 'submit' was used to populate the Grid's data, dragging and dropping the Grid's row to some other workbasket did not work. This happened because the clipboard calls the remove property with a symbolic delete when doing a drag and drop. While processing this delete, if the mode of property was unknown the system was unable to look up the property definition in the dictionary, and an exception occurred. To fix this, handling has been added to lookup the definition of the property if it is unknown before removing it.
INC-146098 · Issue 633722
Keyboard shortcuts work in Decision Trees
Resolved in Pega Version 8.3.6
Keyboard short cuts in Decision Trees used to copy/paste by holding ctrl button in Decision Trees were not working. This was an unintended side effect related to changing non-auto grid to an auto-generated hierarchical table to make the Decision tree rule form multi-browser compatible, and has been resolved by adding cut/copy/paste/insert-after/insert-before functionality to the decision tree context menu.
INC-151662 · Issue 626576
Handling added for application which includes production ruleset
Resolved in Pega Version 8.3.6
When creating the Email channel or Webchat channel, the Text Analyzer and its respective class (Data-Decision-Request-MCP-WebChat-xxxxx) was being saved in the ruleset of the built-on application while there were rulesets open in the top application. This was a missed use case, and has been resolved byupdating the logic to account for the scenario where an application includes a production ruleset.
INC-164944 · Issue 636290
Logic updated to handle decision trees over 64k
Resolved in Pega Version 8.3.6
An exception was thrown when decision trees reached the 64K size limit. This has been resolved by modifying the logic in the DecisiontableMethodBody Rule-Utility-Function where the split size PropRowLimit is based on the number of columns.
INC-169112 · Issue 647080
Decision Trees refresh after updating a new row
Resolved in Pega Version 8.3.6
Updating a decision tree row did not display the updated data until after save and refresh. This was traced to the first row not meeting the condition for refresh on change because the first row was created as part of the decision tree creation, so the data was not persisted and the update was not registered as a change. This has been resolved by adding explicit handling for the first row to persist its expression string and show the data as entered.
SR-D37415 · Issue 508969
Parameter page update added to improve backwards compatibility for ShowTestLibraryTab
Resolved in Pega Version 8.1.7
An error was observed on the first attempt to modify the 'when' rule "ShowTestLibraryTab" located in PegaProjectMgmt:08-01-01. Analysis showed the when rule (Always, Never) which was called from this rule was not found, which was an issue traced to the Rule-Obj-When function alias parameter name being changed from "strWhen" to "blockName" in the 8.1 release. Subsequent attempts to save the modified rule succeeded due to step#7 in the Embed-UserFunction.pzPopulateDropdownFBUIParameters activity upgrading the pyParameters page with the latest data. To resolve this backwards compatibility issue, the activity step#6 has been modified to upgrade the parameter name for the Rule-Obj-When function alias.
SR-D35734 · Issue 504477
Escalation updated to ensure assignee is notified of missed deadline
Resolved in Pega Version 8.1.7
The Passed Deadline SLA Actions to send email to the owner were not triggered as configured in SLA rule form. To correct that, pzMapEasyEscalationParams steps 3.4.10 and 3.4.11 have been modified to support "NotifyAssignee" for the passed deadline.