SR-A23178 · Issue 248200
Checkout to branch ruleset handling improved
Resolved in Pega Version 7.2.1
The Checkout to branch option was not able to find a list of branches in Pega Marketing after a minor ruleset migration. To resolve this, the system will make use of a non versioned ruleset name for showing branches if an application is referring a ruleset whose major or minor version is different from the Ruleset of the Rule that is being checked out.
SR-A23282 · Issue 245229
Checkout to branch ruleset handling improved
Resolved in Pega Version 7.2.1
The Checkout to branch option was not able to find a list of branches in Pega Marketing after a minor ruleset migration. To resolve this, the system will make use of a non versioned ruleset name for showing branches if an application is referring a ruleset whose major or minor version is different from the Ruleset of the Rule that is being checked out.
SR-A23862 · Issue 246796
VPD Data Page passes custom properties
Resolved in Pega Version 7.2.1
When trying to set up Oracle VPD custom properties as instructed in a PDN article, an exception was generated due to missing handling for custom class/property definitions. The new pyCustomProperties if PageList has been added to Code-Pega-DBApplicationContext .
SR-A23915 · Issue 247392
Apache Struts updated for security
Resolved in Pega Version 7.2.1
Apache Struts has been updated to version 2.3.28 to protect against potential security vulnerabilities exposed when Dynamic Method Invocation is enabled, removing the ability for remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
SR-A24402 · Issue 246696
Tuned scheduled reports start calculations
Resolved in Pega Version 7.2.1
In recurring schedule - daily pattern, if the start date was more than one day in the future, either the next scheduled run time was wrongly calculated as tomorrow with the right hour or if the start date was tomorrow, the next scheduled run time was wrongly calculated as today with the right hour. To fix this, the Next execution time calculation in DailyPattern.java now considers the mStartDateTime value.
SR-A24439 · Issue 247958
Operator ID always clickable link
Resolved in Pega Version 7.2.1
When the operator profile was opened from Operator menu drop down at the top right corner of Designer Studio or from the Case Manager portal, the ID link in the ?Operator Profile? popup was clickable in Microsoft Internet Explorer but not clickable in Google Chrome. The system will now present these as links regardless of browser.
SR-A24508 · Issue 247393
Apache Struts updated for security
Resolved in Pega Version 7.2.1
Apache Struts has been updated to version 2.3.28 to protect against potential security vulnerabilities exposed when Dynamic Method Invocation is enabled, removing the ability for remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
SR-A24598 · Issue 247394
Apache Struts updated for security
Resolved in Pega Version 7.2.1
Apache Struts has been updated to version 2.3.28 to protect against potential security vulnerabilities exposed when Dynamic Method Invocation is enabled, removing the ability for remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
SR-A4613 · Issue 227870
Updated logging for "Obfuscated URL tampering" errors
Resolved in Pega Version 7.2.1
The error "pegarules.util.URLObfuscation) ERROR - Obfuscated URL tampering - unable to derive cleartext data" was being logged when the "cookie/HttpOnly" parameter was set. This was traced to the unobfuscating of data failing at the server end, and the loggers have been updated to print requestor data for better diagnostics.
SR-A4719 · Issue 230767
Fixed improper ID carryover after reset all loggers
Resolved in Pega Version 7.2.1
When a user reset the logs, the same user ID was then being populated in the log entries of master agent and requestor lock exceptions from that point on even when the exceptions were from other users. This was due to the username not being cleared correctly after the reset all loggers operation is done, and to fix this, the reset all loggers functionality has been changed such that no data from main thread is copied onto the child thread(the dispatcher thread).