SR-A24598 · Issue 247394
Apache Struts updated for security
Resolved in Pega Version 7.2.1
Apache Struts has been updated to version 2.3.28 to protect against potential security vulnerabilities exposed when Dynamic Method Invocation is enabled, removing the ability for remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
SR-A4613 · Issue 227870
Updated logging for "Obfuscated URL tampering" errors
Resolved in Pega Version 7.2.1
The error "pegarules.util.URLObfuscation) ERROR - Obfuscated URL tampering - unable to derive cleartext data" was being logged when the "cookie/HttpOnly" parameter was set. This was traced to the unobfuscating of data failing at the server end, and the loggers have been updated to print requestor data for better diagnostics.
SR-A4719 · Issue 230767
Fixed improper ID carryover after reset all loggers
Resolved in Pega Version 7.2.1
When a user reset the logs, the same user ID was then being populated in the log entries of master agent and requestor lock exceptions from that point on even when the exceptions were from other users. This was due to the username not being cleared correctly after the reset all loggers operation is done, and to fix this, the reset all loggers functionality has been changed such that no data from main thread is copied onto the child thread(the dispatcher thread).
SR-A8475 · Issue 233560
Fixed Multiselect grid drag and drop
Resolved in Pega Version 7.2.1
When using MultiSelectList Control, if a value was selected and then 'submit' was used to populate the Grid's data, dragging and dropping the Grid's row to some other workbasket did not work. This happened because the clipboard calls the remove property with a symbolic delete when doing a drag and drop. While processing this delete, if the mode of property was unknown the system was unable to look up the property definition in the dictionary, and an exception occurred. To fix this, handling has been added to lookup the definition of the property if it is unknown before removing it.
SR-D24750 · Issue 501745
Resolved importing PublicFormat file using RuleFromFile Wizard
Resolved in Pega Version 8.3.1
When attempting to create a flow from a Public Format XML file using the Rule From File Wizard, the following error was seen: "Problem invoking function: pega_procom_harvest.performXSLT--(String,String,boolean,HashStringMap)". This was caused by a mapping failure related to the pyComments property in baseclass pega social functionality, and has been resolved with the addition of a new page group property pyComments of type "Data-MO-Annotation-Comment" which applies to "Embed-Rule-Obj-Flow-ProcessModel".
SR-D35734 · Issue 504479
Escalation updated to ensure assignee is notified of missed deadline
Resolved in Pega Version 8.3.1
The Passed Deadline SLA Actions to send email to the owner were not triggered as configured in SLA rule form. To correct that, pzMapEasyEscalationParams steps 3.4.10 and 3.4.11 have been modified to support "NotifyAssignee" for the passed deadline.
SR-D26785 · Issue 495893
Corrected error when persisting temporary work object
Resolved in Pega Version 8.3.1
When persisting a temporary work object using the Persist case shape, the internal assignment handle was not updated to include the work object's ID. Subsequent attempts to access the internal assignment (such as the "Edit" button on the Review Harness) resulted in errors. Investigation showed that when a temporary case was persisted, pyInternalAssignmentHandle was not getting recalculated after pzInsKey was updated. To resolve this, the configuration on the edit button has been modified to use .pxFlow(pzInternalCaseFlow).pxAssignmentKey which is what pyInternalAssignmentHandle declare expression was also returning.
SR-D37415 · Issue 508966
Parameter page update added to improve backwards compatibility for ShowTestLibraryTab
Resolved in Pega Version 8.3.1
An error was observed on the first attempt to modify the 'when' rule "ShowTestLibraryTab" located in PegaProjectMgmt:08-01-01. Analysis showed the when rule (Always, Never) which was called from this rule was not found, which was an issue traced to the Rule-Obj-When function alias parameter name being changed from "strWhen" to "blockName" in the 8.1 release. Subsequent attempts to save the modified rule succeeded due to step#7 in the Embed-UserFunction.pzPopulateDropdownFBUIParameters activity upgrading the pyParameters page with the latest data. To resolve this backwards compatibility issue, the activity step#6 has been modified to upgrade the parameter name for the Rule-Obj-When function alias.
SR-D43783 · Issue 509907
Comments explicitly excluded from generated ruleset under localization
Resolved in Pega Version 8.3.1
A generated URL link from Correspondence Fragment (WorkLink) which was saved in Pega-ProCom_ja was incorrect due to an incomplete URL. The ruleset Pega-ProCom_ja is not provided from the platform, but is generated when using localization. In this case, a comment fragment was included in the rule when it was generated, causing the issue. To resolve this, comment handling has been updated to ensure it's not included when generating the rule.
SR-D38053 · Issue 508224
Upcase case shape will fall back to pyWorkCover if multiple pages are present
Resolved in Pega Version 8.3.1
In the Update a Case shape, selecting "A Single Case" and providing .pxCoveredInsKeys(1) for the With ID field worked as expected, but using the same data transform and selecting either "All child cases and descendants" or a specific child case resulted in no update on the children. This was traced to the findPageByHandle API not returning the most appropriate page, which created an issue whenever multiple pages were present in the clipboard. To correct this, the system has been updated to use pyWorkCover if present.