SR-A6089 · Issue 215650
Resolved Class name mismatch in root element in BIX XSD
Resolved in Pega Version 7.2
Running a series of comma separated extract rules to an XML file from the command line resulted in the class elements in the corresponding XSD file all having the same classname. This was caused by an error in the array list processing that caused the values to be overridden by the last extract processed, and has been corrected.
SR-A4158 · Issue 210201
Resolved hang during call for available DBMS connections
Resolved in Pega Version 7.2
The system was hanging after making repeated requests for available DBMS connections to the database. This was caused by an exception thrown by the requestor.getRequestorPage() call , and the thread handling has been revised to resolve this.
SR-A8075 · Issue 217226
Resolved NPE for large cache Factory Report generations
Resolved in Pega Version 7.2
When generating Factory reports from SMA, an exception was generated if it included a very large Property Reference cache. An enhancement has been added to skip null values and speed processing in these cases.
SR-A2695 · Issue 206875
Resolved Property-Ref method conflict for external page properties
Resolved in Pega Version 7.2
A discrepancy was found in the runtime and design time behavior of the Property-Ref method in allowing a property reference to point to a page that it is contained in page-list which in turn is embedded under another top-level page. Because the activity assembler needs valid class definition of property that has been defined on the right side at save time whereas the java was treated as just valid java code at design time and at runtime. Since the clipboard page, exists it assigned the reference. To clear up this conflict, the type resolution logic employed by the expression parser has been updated to ensure consistent property references.
SR-A3011 · Issue 213185
Revised checksum to update imported rules
Resolved in Pega Version 7.2
When exporting updated rules after upgrade, a new rule in Data Transforms, Activities, and When was not being consistently used at runtime until the rule was resaved or the Virtual Rule Table Cache was regenerated. Beginning with Pega 7.1.8, a new property called pxSaveDateTime was added to rules. This new property is used in the checksum calculation to determine if a rule needs to be reassembled. However, when importing rules changed in pre-Pega 7.1.8 environments, the checksum calculation doesn't recognize the rule has changed. A change has been made to use pxUpdateDateTime as an alternative when pxSaveDateTime is not present in the rule.
SR-A2768 · Issue 207926
Security enhancement updates for Apache Struts
Resolved in Pega Version 7.2
Apache Struts 2.0.0 through 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism by predicting the token that is generated to prevent double submits. The system has now been updated to use higher versions to remove this vulnerability: asm-commons (3.3 updated to 5.0.2) xwork-core (2.3.16.3 updated to 2.3.20.1) asm-tree (3.3 updated to 5.0.2) asm (3.3 updated to 5.0.2) commons-lang3 (3.1 updated to 3.2)
SR-A6195 · Issue 213843
Security enhancement updates for Apache Struts
Resolved in Pega Version 7.2
Apache Struts 2.0.0 through 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism by predicting the token that is generated to prevent double submits. The system has now been updated to use higher versions to remove this vulnerability: asm-commons (3.3 updated to 5.0.2) xwork-core (2.3.16.3 updated to 2.3.20.1) asm-tree (3.3 updated to 5.0.2) asm (3.3 updated to 5.0.2) commons-lang3 (3.1 updated to 3.2)
SR-A2768 · Issue 194111
Security enhancement updates for Apache Struts
Resolved in Pega Version 7.2
Apache Struts 2.0.0 through 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism by predicting the token that is generated to prevent double submits. The system has now been updated to use higher versions to remove this vulnerability: asm-commons (3.3 updated to 5.0.2) xwork-core (2.3.16.3 updated to 2.3.20.1) asm-tree (3.3 updated to 5.0.2) asm (3.3 updated to 5.0.2) commons-lang3 (3.1 updated to 3.2)
SR-A7433 · Issue 216781
Updated BIX Manifest pxTotalInsertsCount to handle XML extraction failures
Resolved in Pega Version 7.2
The BIX Manifest pxTotalInsertsCount was incorrect when the extract type was XML and extraction has failed for few work-objects. This was caused by missing decremention, and the code has been updated to ensure the manifest matches the record counts from the ingestion of the XML data.
SR-A4883 · Issue 216593
Updating caching to ensure proper rule resolution
Resolved in Pega Version 7.2
For performance reasons, a Requestor level is used to hold data page definitions. However, two data pages with the same name but in different rulesets caused Rule Resolution to not pick the datapage from correct RS Version consistently. This has been corrected by appending a personal ruleset hash name with data page name before putting the definition in cache.