SR-A24598 · Issue 247394
Apache Struts updated for security
Resolved in Pega Version 7.2.1
Apache Struts has been updated to version 2.3.28 to protect against potential security vulnerabilities exposed when Dynamic Method Invocation is enabled, removing the ability for remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
SR-A4613 · Issue 227870
Updated logging for "Obfuscated URL tampering" errors
Resolved in Pega Version 7.2.1
The error "pegarules.util.URLObfuscation) ERROR - Obfuscated URL tampering - unable to derive cleartext data" was being logged when the "cookie/HttpOnly" parameter was set. This was traced to the unobfuscating of data failing at the server end, and the loggers have been updated to print requestor data for better diagnostics.
SR-A4719 · Issue 230767
Fixed improper ID carryover after reset all loggers
Resolved in Pega Version 7.2.1
When a user reset the logs, the same user ID was then being populated in the log entries of master agent and requestor lock exceptions from that point on even when the exceptions were from other users. This was due to the username not being cleared correctly after the reset all loggers operation is done, and to fix this, the reset all loggers functionality has been changed such that no data from main thread is copied onto the child thread(the dispatcher thread).
SR-A8475 · Issue 233560
Fixed Multiselect grid drag and drop
Resolved in Pega Version 7.2.1
When using MultiSelectList Control, if a value was selected and then 'submit' was used to populate the Grid's data, dragging and dropping the Grid's row to some other workbasket did not work. This happened because the clipboard calls the remove property with a symbolic delete when doing a drag and drop. While processing this delete, if the mode of property was unknown the system was unable to look up the property definition in the dictionary, and an exception occurred. To fix this, handling has been added to lookup the definition of the property if it is unknown before removing it.
INC-162881 · Issue 636992
Decision Table check-in warnings supported for large tables
Resolved in Pega Version 8.6.1
After adding an empty row in the middle of Decision Table rows and checking in, the Decision table rule's CheckIn form shows a functionality warning about a conflict in decision table ("This rule contains 1 logic conflict(s). Click the 'Show Conflicts' button for more details."). However, this behavior did not occur as expected if the decision table had more than 500 cells in it, and has now been resolved.
INC-164002 · Issue 639912
Decision table null input handling updated for backward compatibility
Resolved in Pega Version 8.6.1
After update, any null values as inputs in the decision tables were skipped if "Allow Missing properties" was not checked. This behavior was different from previous versions. In order to improve backward compatibility, the new function pxEvaluateDecisionTable has been added which has an additional parameter to set AllowMissingProperties, and the older function logic has been modified to take the parameter value from the parameter page.
INC-164171 · Issue 644705
Support added for connect-SOAP run in parallel mode
Resolved in Pega Version 8.6.1
When connect-SOAP was configured to use the “run in parallel” mode, application settings derived through a datapage had incorrect values. While running the connect-SOAP through an activity, all the values were derived incorrectly. This has been resolved by adding a synchronization enhancement to support parallel run connect.SOAP.
INC-164439 · Issue 657997
Setting added to customize using blank Map values
Resolved in Pega Version 8.6.1
After update to from Pega 6 to Pega 8 some of the Map Value rules were not working. This was due to the handling for blank default values which was changed in Pega 7. In order to support backwards compatibility, a new 'when' rule has been added which allows customizing whether or not blank values are allowed for the Map value default columns. pyAllowBlankValues will default to "false".
INC-165256 · Issue 657038
Improvements for Offer Eligibility rules loading time
Resolved in Pega Version 8.6.1
After opening the Proposition filter/Action rule and clicking on Add Criteria, the pxAnyPicker drop down load was taking an excessive amount of time. Performance improvements have been made by adding a precondition at step 2 to avoid data page refresh for specific scenarios when it is not required.
INC-168914 · Issue 659660
Updates added against Cross-site Scripting
Resolved in Pega Version 8.6.1
Cross-site Scripting (XSS) protections have been updated for the UI.