SR-A100292 · Issue 270065
Select Values from join properly displayed on chart
Resolved in Pega Version 7.3
In charts of report definitions using a join, properties with prompt select values were displaying the actual data rather than the prompt values. This was due to a handling difference for properties from joins: before rendering the chart, report data was copied to a page that did not have the correct pxObjClass, creating the assumption that the property applied to @baseclass. To resolve this, the class will be set on the page that contains the target property.
SR-A102969 · Issue 273954
XSS security update for error.jsp
Resolved in Pega Version 7.3
The error.jsp file has been updated for better XSS security with WebSphere and Firefox.
SR-A103079 · Issue 273545
Check added for RD date time values
Resolved in Pega Version 7.3
An exception was generated when running RD by choosing the relationship for a datetime property as "Is not null" in filter conditions before displaying the data. This has been fixed with the addition of a check for the date time value.
SR-A96514 · Issue 275326
Updated encryption logic for URL obfuscation
Resolved in Pega Version 7.3
If URL obfuscation was enabled and the incoming URL had non-ASCII characters (or UNICODE) characters in it, the encryption process was failing due to the incorrect length of byte array formation in padding logic. This logic error has been corrected.
SR-A97323 · Issue 266550
XSS filtering added to pzDisplayModalDialog
Resolved in Pega Version 7.3
XSS filtering has been added to the pzDisplayModalDialog to improve security.
SR-B10697 · Issue 282917
XSS handling added for pyCategory in Rule-Obj-Listview.ListViewHeader
Resolved in Pega Version 7.3
Cross-site scripting handling has been added for the pyCategory parameter in ListViewHeader to improve security.
SR-B10697 · Issue 280753
XSS handling added for pyCategory in Rule-Obj-Listview.ListViewHeader
Resolved in Pega Version 7.3
Cross-site scripting handling has been added for the pyCategory parameter in ListViewHeader to improve security.
SR-B10828 · Issue 282620
Surrounding spaces trimmed from property labels to ensure localization
Resolved in Pega Version 7.3
Property labels in the add reports screen were not localized because the value was given as "Contact Channel " with a trailing space. To resolve this, the pzReportExplorerNode control has been updated to trim leading and trailing spaces before performing localization.
SR-B10947 · Issue 280020
pzSUS Param properly URLEncoded
Resolved in Pega Version 7.3
The Tomcat 8+ server was rejecting DWA URLs due to characters such as {,} that it considered to be unsafe. These characters were introduced by pzSus key in the URL, and these values will now be encoded for the browser to resolve these issues.
SR-B11243 · Issue 284444
XSS handling added for ShowSelectedPortal in RedirectRun
Resolved in Pega Version 7.3
XCC handling has been added to the RedirectRun activity using location parameter and ShowSelectedPortal to improve security.